The document discusses different approaches to protecting REST APIs with OAuth, including adding validation in every service, using an API gateway to decouple validation, and using ApiFest which is an open source API gateway that supports OAuth out of the box. It also discusses ways to take protection further such as adding information to tokens, reformatting communication, and unifying multiple services.