This article discusses the key points of developing a secure RESTful web service API for keeping a student achievement journal. The relevance of using web services has been analyzed. The classification of web applications is given. The features of the Single Page Application architecture were considered. Comparative characteristics of architectural styles of application programming interfaces are given. Requirements to be met by RESTful API services are considered. The basic principles of API security were analyzed. A list of the main vulnerabilities that may appear during the development of the REST API is given. An overview of popular authentication schemes (methods) is given. Comparative characteristics of web frameworks of the Python programming language are given. The main tools used in the development of web API applications are listed. The process of creating a secure prototype of a RESTful web service API in Python using the Flask microframework and a tool for describing the Swagger specifications is presented. The process of configuring the application was examined in detail. The main recommendations for securing a web application, database and web server settings are listed. The key points of ensuring the protection of the developed web application are considered. The results obtained were analyzed.