SAST tools are not designed for API-centric applications API security is a different ball game to web application security The OWASP Top 10 list of vulnerabilities for APIs includes:  Cross Site Request Forgery (CSRF) Broken Authentication and Session Management Insecure Direct Object References Sensitive Data Exposure Exposed Debug Information Security Misconfiguration Unvalidated Redirects and Forwards Using Components with Known Vulnerabilities Insufficient Transport Layer Protection.
Discription

These are all very similar to the OWASP Top 10 list of vulnerabilities for web applications, but there are some notable differences
https://t.co/FKRC0FUNpg

Back to Main