Site icon API Security Blog

Use access tokens to authenticate users.

If you’re using access tokens, make sure they are generated and invalidated properly, and that the token is not leaked via another vulnerability.

API #3: Excessive Data Exposure

The third vulnerability in the API top ten is excessive data exposure. This happens when an API exposes too much information about a user or resource without proper authorization. Attackers can use this information to conduct further attacks such as identity theft, account hijacking, social engineering scams, etc. For example: if an API returns all of a user’s personal details (name, address) with their profile ID (e.g
https://t.co/Z325IQJ7NI

Exit mobile version