Before you can attack a target’s APIs, you must locate those APIs and validate whether they are operational. In the process, you’ll also want to find credential information (such as keys, secrets, usernames, and passwords), version information, API documentation, and information about the API’s business purpose. The more information you gather about a target, the better your odds of discovering and exploiting API-related vulnerabilities. This chapter describes passive and active reconnaissance processes and the tools to get the job done.

When it comes to recognizing an API in the first place, it helps to consider its purpose. ...