#3: APIs Using Non-Random Tokens
Another common issue with auth tokens is the use of non-random values for them, such as sequential numbers or dates that are easy to guess. This is a problem because it makes it easier for attackers to brute force their way into the system by trying all possible combinations until they find one that works. It also makes it easier for attackers who have already compromised some other part of your environment and obtained valid credentials (such as user IDs) to try those same credentials against any unauthenticated APIs exposed on your network, since they can easily generate a list of valid token values from what they already know about your systems and users
https://t.co/QfUzgnBC6V