Explain how you would secure API endpoints in AWS.

API security measures: 1) Use API Gateway with authentication (Cognito, IAM), 2) Implement rate limiting and throttling, 3) Use WAF for protection against common attacks, 4) Enable CORS properly, 5) Use HTTPS with SSL certificates, 6) Implement request/response validation, 7) Monitor with CloudWatch and CloudTrail, 8) Use VPC endpoints for private APIs.