Hello Nicolas
REST has no built-in security features, however, there are several ways you can secure it. One way is to use token-based authentication, as seen in the lesson. However, this is not the only method. You could use HTTPS with TLS encryption as an option as well.
Typically, tokens are valid for a particular period of time. After this time expires, they are considered invalid and require a refresh token. This is a new access token that replaces the old one. How often this is done depends on the configuration. More info on refresh tokens and expiry durations can be found in this Cisco documentation:
In this setup, H1 is the client, and R1 is the server. So the IP of the server is the IP of the Gi/2 interface on the router, which is 172.16.1.100. The IP address in the default route is that of H1. This is set up like this only for the purpose of the lab. You wouldn’t see such a default route pointing to a host in a production network.
I hope this has been helpful!
Laz
PS, thanks for pointing out the typo, I’ll let Rene know!