If youre using access tokens, make sure they are generated and invalidated properly, and that the token is not leaked via another vulnerability.
API #3: Excessive Data Exposure
The third vulnerability in the API top ten is excessive data exposure. This happens when an API exposes too much information about a user or resource without proper authorization. Attackers can use this information to conduct further attacks such as identity theft, account hijacking, social engineering scams, etc. For example: if an API returns all of a users personal details (name, address) with their profile ID (e.g
https://t.co/Z325IQJ7NI