Why authentication and limiting requests?
If I told you that there is a Web API exposed from a particular country's government that you can use to get all the details of its citizens, then the first thing you would ask me is whether you can extract data from the API or not. That is exactly what we will be discussing.
So, if you take the previous example, the data that comes back from that API would have the citizens' sensitive data, such as name, address, phone number, country, and social security number. The government should never allow everyone to access this data. Only authenticated sources are allowed, generally. What that means is when you call one API, you need to send your identity and ask to it to allow you to operate on the data. If the identity is wrong or not in the list of allowed sources, it will be rejected by the API. Imagine terrorists trying to access the API, you would definitely deny access by detecting their identity.
Now imagine another scenario, where a university has...
