A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions. 83 percent of all traffic on the web today are API calls (JSON / XML) Attackers (and researchers) have made strides to find ways to find out these shared secrets or hardcoded values, and it s sometimes by accidental exposure on the part of developers. Attackers are often protected by basic defenses, such as cloud environment ACLs (Access Control Lists), simple API Keys, or performance dragging private tunnels.
Source: https://threatpost.com/fighting-fire-with-fire-api-automation-risks/141163/