https://www.bugbountyhunter.com/hackevents/report?id=12
https://github.com/chrislockard/api_wordlist
https://hackerone.com/reports/196655
https://hackerone.com/reports/983331
https://www.bugbountyhunter.com/hackevents/report?id=183
https://blog.bugbountyhunter.com/xss-on-apple/
https://github.com/streaak/keyhacks
https://www.bugbountyhunter.com/articles/?on=mass-assignment-and-learning-new-things
https://security.stackexchange.com/questions/248528/does-api-access-token-that-only-have-access-to-public-information-need-to-be-kep
https://github.com/pichik/pcon
https://blog.assetnote.io/2021/04/05/contextual-content-discovery/
https://beeceptor.com
https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/web-api-pentesting