Security concerns

3.1 Security
3.2 Authentication and Representation
The REST API MUST use OAuth2 implementation for user authentication and authorization, exclusively
3.6.8 Safe and Non-Safe Methods
External APIs must always use TLS so only direct clients or trusted intermediaries who have our certificates (CDNs, typically) will be able to view the content