REST services

what are the security features for REST services other than HTTPS?

In case if we have exposed a GET rest service to the client that has inputs x, y, and z, how will the client know what inputs to pass inorder to execute the service?

Answering to your second question, If you are on WM version 9.12 or above then you can create REST API descriptor on any REST resource.