I’ve included the OWASP category for each issue and also added some examples to illustrate how you could test for them.

1. Sensitive Data Exposure (A3)
This is one of the most common problems with web applications, so it’s no surprise that APIs are affected as well. The main concern here is that your API exposes data in an insecure way or doesn’t protect sensitive information properly when sending it over the network. This can happen through unencrypted connections, weak encryption algorithms like MD5 or SHA-1, unprotected cookies containing user credentials, and other similar issues
https://t.co/eEm5MKbxvU