Independent consultant, developer, content creator, mentor with 10+ years experience in making things happen.
Check out my coding channel: https://www.youtube.com/@rytis-codes
I don't think API endpoints themselves are a huge secret. But if we require a valid token first, then it will be easy to see which user is trying to scan the API. Due to the nature of our business, the users are linked to real identities, so it would be easy to track which real person is doing the scanning (or who's account was compromised).
I think I kinda answered my own question here. Thank you for formulating the right questions for me to ask.
I don't think API endpoints themselves are a huge secret. But if we require a valid token first, then it will be easy to see which user is trying to scan the API. Due to the nature of our business, the users are linked to real identities, so it would be easy to track which real person is doing the scanning (or who's account was compromised).
I think I kinda answered my own question here. Thank you for formulating the right questions for me to ask.
My pleasure! Keep it up!