What is OAuth 2.0?

As I was progressing along my API hacking learning path, OAuth 2.0 kept coming back as something I would have to get my head around at some point. Recently, I was testing an API in the scope of a Vulnerability Disclosure Program on Bugcrowd and OAuth was the authorization mechanism the API was using....

Proxy Postman into Burp Suite

Here is a quick and easy tip on how to get the two most useful API hacking tools to work together: Postman and Burp Suite. Suppose you have a list of API endpoints stored in a collection in Postman. Each of these endpoints has an http method, a URL, a list of request headers...

What is a JWT – JSON Web Token?

A JSON Web Token is an encoded string of characters that allows users to identify themselves when interacting with an API. Why do you need a token? Because APIs manage their connections in a different way than regular web applications do. A web app typically relies on stateful connections. This means that when a...

Scroll to top