- Decide what end points should be exposed through the API. - Implement authentication through the API.
