concept security breach in category api
This is an excerpt from Manning's book The Design of Web APIs.
9.1.5 Avoiding security breaches and breaking changes
Modifying an API can introduce breaking changes that affect security and open up the risk of security breaches; therefore, all API modifications must be made with security in mind. Basically, you must apply everything you learned in chapter 8 when modifying an API in any way. For example, for any data added to existing goals' responses, you must ensure that this data will not be provided to consumers that are not supposed to get it.
You must also be careful when modifying scopes. Some modifications could lead to security breaches or breaking changes, as shown in figure 9.8.
Figure 9.8 Introducing security breaches and breaking changes when modifying scopes
