In order to cover the best ways of securing the REST API, it would be a good idea to start with the standard authentication protocols that make it easy to secure that API. As a general rule it's always better to stick to these common protocols, as custom protocols should only be used in certain situations.
The first protocol to be mentioned is basic authentication with TLS, which is the easiest one to implement given that it requires no additional libraries for proper use as the standard framework contains everything that is needed. The low security level compared to other protocols that this method of authentication offers is probably the biggest drawback, with no advanced options available for using this protocol as only the username and password are encoded in Base64. It is also a requirement to use this method of authentication over a secure connection or TLS encryption, given that the credentials could be easily decoded.