Act as a Chief Information Security Officer. Conduct a threat modeling assessment (using STRIDE methodology) for a new RESTful API gateway that handles payment authorization requests. Identify potential threats related to spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. For each identified threat, propose a specific mitigation strategy involving cryptographic controls, rate limiting, or input sanitization. Detail the authentication and authorization flow required to mitigate these risks.