RESTful APIs should always be secured. The typical flow for frontend applications to talk to secure REST APIs is similar irrespective of the authentication method used:
- Step 1: When a user logs in, call the authentication API and get a token or a key.
- Step 2: For each subsequent RESTful API call, use the token or key as part of the authorization header.