Use access tokens to authenticate users.

If you’re using access tokens, make sure they are generated and invalidated properly, and that the token is not leaked via another vulnerability.

API #3: Excessive Data Exposure

The third vulnerability in the API top ten is excessive data exposure. This happens when an API exposes too much information about a user or resource without proper authorization. Attackers can use this information to conduct further attacks such as identity theft, account hijacking, social engineering scams, etc. For example: if an API returns all of a user’s personal details (name, address) with their profile ID (e.g

Back to Main