RESTful APIs should always be secured. The typical flow for frontend applications to talk to secure REST APIs is similar irrespective of the authentication method used:

• Step 1: When a user logs in, call the authentication API and get a token or a key.
• Step 2: For each subsequent RESTful API call, use the token or key as part of the authorization header.