# Common API Security Problems

Common API security problems include:

* **Broken Authentication**: Weaknesses in the authentication mechanisms that allow attackers to compromise passwords, keys, or session tokens.
* **Excessive Data Exposure**: APIs that expose more data than necessary, potentially leaking sensitive information.
* **Lack of Resources & Rate Limiting**: APIs that do not implement proper rate limiting, making them vulnerable to denial-of-service (DoS) attacks.
* **Broken Function Level Authorization**: Similar to BOLA, but at the function level, where attackers can access functions they shouldn't.
* **Unsafe Consumption of APIs**: APIs that are not properly secured can be misused by clients, leading to various security issues.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.