Warning: This API is intentionally vulnerable for educational purposes. Use it responsibly!
OWASP Top 10 API Security Risks – 2023: This vulnerable API showcases multiple issues from the OWASP Top 10 API Security Risks – 2023. It's designed to demonstrate common API security vulnerabilities.
Authentication: To authenticate with this API, use the following credentials and Bearer tokens:
Username |
Password |
Bearer Token |
user1 |
password1 |
one |
user2 |
password2 |
two |
admin |
adminpassword |
three |
Example HTTP Request:
GET /api/users/1 HTTP/1.1
Authorization: Bearer one
Host: vulnapi.testinvicti.com
This example demonstrates how to use the static bearer token to authenticate a request.
API Documentation
Download Swagger JSON file
View Security Issues