MAN IN THE MIDDLE
VIOLENCE OF SAFETY
CHANGE OF IDENTITY
CREATION OF FALSE ACCOUNT
"By 2022, API abuse will be the vector of more frequent attack, which will result in leaks enterprise web application data. "
Source Gartner: How to Build an Effective API Security Strategy
Your app is used to set up a temporary account, then reverse engineered to extract API keys and other secrets while watching and manipulating APIU calls over your HTTPS/TLS protected channels
The attacker assembles a botnet and tests the API for weaknesses by trying to steal or generate user credentials and run through your system, adjusting rates and perceived locations in hopes of not being detected.
Cracks in your defenses can bring down your systems, seize or sell customer accounts, credit, or private data, and serve as seed for attacking other systems