https://www.bugbountyhunter.com/hackevents/report?id=12

https://github.com/chrislockard/api_wordlist

https://hackerone.com/reports/196655

https://hackerone.com/reports/983331

https://www.bugbountyhunter.com/hackevents/report?id=183

https://blog.bugbountyhunter.com/xss-on-apple/

https://github.com/streaak/keyhacks

https://www.bugbountyhunter.com/articles/?on=mass-assignment-and-learning-new-things

https://security.stackexchange.com/questions/248528/does-api-access-token-that-only-have-access-to-public-information-need-to-be-kep

https://github.com/pichik/pcon

https://blog.assetnote.io/2021/04/05/contextual-content-discovery/

https://beeceptor.com

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/web-api-pentesting