This article is focused on providing guidance for securing web services and preventing web services related attacks. All communication with and between web services containing sensitive features, an authenticated session, or transfer of sensitive data must be encrypted using well-configured TLS. This is recommended even if the messages themselves are encrypted because it provides numerous benefits beyond traffic confidentiality including integrity protection, replay defenses, and server authentication. This cheat sheet is kept at a high level due to the difference in implementation between different frameworks, this cheat sheet keeps it at a low level.”]
Source: https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html