REST APIs are the backbone of data communication in the Internet of Things (IoT)-based edge computing ecosystem because they are lightweight and flexible. However, the REST architecture's openness and the edge devices' limited resources give rise to security challenges such as MITM, spoofing, and replay attacks. This study aims to identify the key challenges of REST API security in IoT edge environments, evaluate the limitations of conventional solutions such as TLS and RSA/ECDSA algorithms, and explore the potential of Post-Quantum Signature-based digital authentication approaches (PQS). Through a comprehensive narrative literature review of 43 peer-reviewed publications (2020-2025), this research reveals two key findings: the results show that TLS generates significant overhead in memory and energy, while classical algorithms do not resist quantum threats. PQS schemes such as Falcon and Dilithium have proven more efficient and secure in limited devices. The study concludes that PQS-based lightweight authentication approaches have strong prospects for implementation in future REST API gateway architectures, particularly in supporting electronic-based governance systems (SPBEs).

OWASP Foundation, “OWASP API Security Top 10 (2023),” OWASP, 2023, [Online]. Available: https://owasp.org/www-project-api-security/2023

I. S. Team, “API Security Statistics 2024,” Indusface Blog, 2024, [Online]. Available: https://www.indusface.com/blog/key-cybersecurity-statistics/

R. A. Nofal, N. Tran, B. Dezfouli, and Y. Liu, “A framework for managing device association and offloading the transport layer’s security overhead of WiFi device to access points,” Sensors, vol. 21, no. 19, Oct. 2021, doi: 10.3390/s21196433.

L. Moraes and C. Oliveira, “Low-Power IoT Communication Security: DTLS vs TLS 1.3,” arXiv preprint arXiv:2011.12035, 2020, [Online]. Available: https://arxiv.org/abs/2011.12035

S. Sarıbaş and S. Tonyalı, “Performance Evaluation of TLS 1.3 Handshake on Resource-Constrained Devices Using NIST’s Third Round Post-Quantum Key Encapsulation Mechanisms and Digital Signatures,” in 2022 7th International Conference on Computer Science and Engineering (UBMK), 2022, pp. 294–299. doi: 10.1109/UBMK55850.2022.9919545.

G. Inc., “API Deception and Traffic Control System,” 2022. [Online]. Available: https://patents.google.com/patent/US20220045990A1/en

lifeware Tech for Humans, “Why Your Data Is Safe From Quantum Hacking for Now, jan-2023,” New York, Jan. 2023. Accessed: Jun. 15, 2025. [Online]. Available: https://www.lifewire.com/why-your-data-is-safe-from-quantum-hacking-for-now-7100587

M. J. Kannwischer, M. Krausz, R. Petri, and S.-Y. Yang, “pqm4: Benchmarking NIST Additional Post-Quantum Signature Schemes on Microcontrollers,” 2024. [Online]. Available: https://github.com/mupq/pqriscv

G. Alsuhli, H. Saleh, M. Al-Qutayri, B. Mohammad, and T. Stouraitis, “Area and Power Efficient FFT/IFFT Processor for FALCON Post-Quantum Cryptography,” Jan. 2024, [Online]. Available: http://arxiv.org/abs/2401.10591

D. Marchsreiter, “Towards Quantum-Safe Blockchain: Exploration of PQC and Public-key Recovery on Embedded Systems,” 2024.

J. Qiu and A. Aysu, “SHIFT SNARE: Uncovering Secret Keys in FALCON via Single-Trace Analysis,” Mar. 2025, [Online]. Available: http://arxiv.org/abs/2504.00320

P. N. Bideh, J. Sönnerup, and M. Hell, “Energy consumption for securing lightweight IoT protocols,” in Proceedings of the 10th International Conference on the Internet of Things, in IoT ’20. New York, NY, USA: Association for Computing Machinery, 2020. doi: 10.1145/3410992.3411008.

L. H. Newman, “5G Carrier API Flaws Expose IoT Data,” Wired Magazine, 2022, [Online]. Available: https://www.wired.com/story/5g-api-flaws

D. Lee and W. Zhang, “Large-Scale Security Analysis of IoT Back Ends,” arXiv preprint arXiv:2405.09662, 2024, [Online]. Available: https://arxiv.org/abs/2405.09662

K. Suzuki and H. Nakamura, “ReplIoT: Assessing Replay Attack Vulnerabilities in RPL-based IoT,” arXiv preprint arXiv:2401.12184, 2024, [Online]. Available: https://arxiv.org/abs/2401.12184

I. et al. Yaqoob, “Replay Attacks in RPL-Based Internet of Things: Survey and Empirical Comparative Study,” ResearchGate Preprint, 2023, [Online]. Available: https://www.researchgate.net/publication/376231368

S. Khan and I. Ullah, “IoT and Man in the Middle Attacks,” Security & Privacy (Wiley), 2025, [Online]. Available: https://dl.acm.org/doi/10.1002/spy2.70016

E. Alkim and Others, “Performance Evaluation of PQ TLS 1.3 on Cortex-M4,” IACR ePrint Archive 2021/1553, 2022, [Online]. Available: https://eprint.iacr.org/2021/1553

P. Schwabe and A. Hülsing, “KEMTLS vs TLS 1.3 in Embedded Setting,” in SPACE 2022 Proceedings, 2022. [Online]. Available: https://kemtls.org/publication/kemtls-embedded/

H. Iftikhar and U. Rehman, “rTLS: Secure and Efficient TLS Resumption for IoT,” MDPI Sensors, 2021, [Online]. Available: https://www.mdpi.com/1424-8220/21/19/6524

E. Rescorla and W. Beullens, “Energy-Efficient Post-Quantum TLS 1.3 on Embedded,” ACM Computing Frontiers, 2023, [Online]. Available: https://dl.acm.org/doi/10.1145/3587135.3592821

M. Farooq and N. Jan, “Comparison of IoT Communication Protocols: Energy and TLS,” MDPI Processes, 2022, [Online]. Available: https://www.mdpi.com/2227-9717/10/10/1952

A. Amin and H. Hussain, “Faster Kyber & Dilithium on Cortex-M4,” IACR ePrint Archive 2022/112, 2022, [Online]. Available: https://eprint.iacr.org/2022/112

I. Dimitrov and H. Lee, “Scalable HW Accelerator for Multiple PQC Schemes,” MDPI Electronics, 2024, [Online]. Available: https://www.mdpi.com/2079-9292/13/17/3360

C. Chen and Others, “Side-Channel-Resistant SPHINCS+ Signature Implementations,” IACR ePrint Archive 2024/500, 2024, [Online]. Available: https://eprint.iacr.org/2024/500

C. Rodriguez and N. Tiwari, “PQC Signatures in Resource-Constrained Environments,” MDPI Algorithms, 2023, [Online]. Available: https://www.mdpi.com/1999-4893/16/11/518

S. Ahmed and Others, “Device Authentication and Secure Communication using PQC for AIoT,” MDPI Electronics, 2024, [Online]. Available: https://www.mdpi.com/2079-9292/13/8/1575

P. Schneeweiß and A. Hülsing, “Fast Falcon Sign/Verify on ARMv8,” AFRICACRYPT 2023, 2023, [Online]. Available: https://dl.acm.org/doi/10.1007/978-3-031-37679-5_18

A. Kalamkas and T. Pöppelmann, “Lightweight HW Accelerator for Dilithium,” IACR ePrint Archive 2022/496, 2022, [Online]. Available: https://eprint.iacr.org/2022/496

S. Kim and J. Lee, “Barrett Multiplication for Dilithium on Embedded,” IACR ePrint Archive 2023/1955, 2023, [Online]. Available: https://eprint.iacr.org/2023/1955