Application Programming Interface (API) usage has exploded, and cybercriminals are increasingly taking advantage of API security flaws to commit fraud and steal data. Security professionals struggle with the challenge that often reveal that API requests often reveal the data-store requests they often reveal. Many organizations tend to store data that can be accessed directly into the user data can t be directly accessed directly by API requests. The Fix: To make the discovery of your APIs more difficult, ensure API documentation is gated and controlled with entitlements that only allow access to valid users.
Source: https://threatpost.com/apis-next-frontier-cybercrime/158536/