| API Feature | OWASP Top 10 2017 Mapping |
|---|---|
| Register User | |
| Authentication and get access token | A6:2017-Security Misconfiguration |
| Get token info | |
| Update user | A5:2017-Broken Access Control |
| Import user | |
| Delete user | A5:2017-Broken Access Control |
| SSO authentication to get access token | A2:2017-Broken Authentication |
| Password reset | A2:2017-Broken Authentication |
| List products | |
| Create products | |
| Export products | |
| Search Product | A1:2017 Injection |
| Generic import entities | A8:2017-Insecure Deserialization |