In this chapter, we'll deal with different methodologies for testing security of APIs. This chapter needs concepts of OAuth, which have been covered in the previous chapter, so a good understanding of OAuth 2.0 is necessary. We will use access tokens heavily and make requests to API endpoints while testing them.
Web APIs have recently gained a lot of popularity among developers because they easily allow third-party programs to interact with the website in a more efficient and easy way.
The chapter will gradually start off with some basic concepts and then later cover actual testing. So let's begin.