Early 2019 we, at Char49, were challenged to research the most common API security issues. At that time API security was not exactly on the news, but APIs were becoming a fast-paced critical piece of modern applications architecture. We followed this technological change since its early days either due to our penetration testing services or responsible disclosure programs. That had given us a great understanding and experience on the API security scene, but we’ve dug deeper into API-related publicly available security incidents data. Our contribution was released later that year as part of the OWASP API Security Top 10 2019.