API Security Testing Checklist

 API should be checked for the following from a Security perspective:

1. Denial of Service Attack https://owasp.org/www-community/attacks/Denial_of_Service

2. OWASP A6- Security Misconfiguration https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html 

2. IP Access Control https://owasp-top-10-proactive-controls-2018.readthedocs.io/en/latest/c7-enforce-access-controls.html

3. MITRE CWE 250 Unnecessary Privileges - Basic Authentication

4. Ensure no direct access to database.

5. Access token authentication - e.g. OAuth* 2 with JWT for user authentication and authorization. 

5. API Key Generation & Validation - API providers should expose secure methods to provide authorization code or access tokens on demand.