Angela wants to help her organization use APIs more securely and needs to select three API security best practices. Which of the following options is NOT a common API security best practice?

It is critical to authenticate API users and then to authorize them to take actions. If you authorized first and then authenticated, users could take action before you knew who they were! Encrypting throughout the use of the API keeps data and queries secure, validating input and filtering out dangerous strings is important to prevent injection and other attacks, and auditing and logging allows you to troubleshoot and respond to issues and attacks.