Must-Know Cross-Cutting Concerns in API Development

What do authentication, logging, rate limiting, and input validation have in common?