The storefront integrates with a REST based Address verification service (AVS) that uses token based security. The sequence of calls in the API documentation for this AVS looks like the following

1. Client authentication call, which contains the merchantId and secret in a GET request and returns a token in the response.

2. Address verification call, which contains the token and the address to verify in a POST request.

Once the token is obtained, it is valid for hours and it is not needed to request a new one for subsequent address verification calls, the AVS charges for every request made no matter if it is client authentication call or address verificationcall.

Which three strategies could be applied to allow for efficient use of the service without compromising security? Choose 3 answers