Can you explain how you would approach the design of a secure API for a new application? What considerations regarding authentication, data encryption, and error handling would you take into account?

``` Start with defining the API endpoints and the types of requests (GET, POST, etc.) it will handle. Consider using OAuth 2.0 or JWT for authentication to ensure that only authorized users can access the API. Focus on using HTTPS for secure data transmission and discuss the importance of encrypting sensitive data at rest and in transit. Explain the importance of validating inputs to avoid injection attacks and the need for proper error handling to avoid exposing sensitive information. ```