In over 11 years of my experience I have seen so many API’s that have major security flaw. They either lack a proper setup.