To secure the api server - Authentication: jwt bearer token (and more auth methods should be allowed in the future) - Authorization on endpoints access - Managing broker endpoints.
To secure the api server