In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs. API security testing often falls through the cracks or is performed without a sufficient understanding of the risks involved. Many of the unique weaknesses that APIs may introduce are well known to hackers, who have developed different methods to attack your APIs in order to access the underlying data and functionality. The type of bugs that lead to attacks at the business logic or business process level is particularly challenging to identify as a defender. Testing APIs can be manually intensive and is not scalable when you have hundreds of them.
Source: https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html