Check for exposed secrets

The authentication mechanism is used to identify the user and ensure that they are authorized to access the API. The authentication mechanism is usually a username and password, but it can also be a token or a certificate. It also gives clues to potential vulnerabilities in the API. If the authentication mechanism is weak, then the API is more vulnerable to attack.

Resources

• API Security Top 10