In over 11 years of my experience I have seen so many API’s that have major security flaw. They either lack a proper setup of Authentication or Authorisation or both. The developers might feel okay since these endpoints are usually not public. But it is a huge security loop hole which anyone can easily target. To better understand security for API’s let’s create a demo project for FBI. There will be an Admin who can enrol FBI Agents and change their clearance levels. Secondly