Now that you’ve discovered a few APIs, it’s time to begin using and testing the endpoints you’ve found. This chapter will cover interacting with endpoints, testing them for vulnerabilities, and maybe even scoring some early wins.

By “early wins,” I mean critical vulnerabilities or data leaks sometimes present during this stage of testing. APIs are a special sort of target because you may not need advanced skills to bypass firewalls and endpoint security; instead, you may just need to know how to use an endpoint as it was designed.

We’ll begin by learning how to discover the format of an API’s numerous requests from its ...