/rest-api-security-best-practices/
https://alex-labs.com/understanding-and-mitigating-risks-with-owasp-top-10-api/