GitHub - RhinoSecurityLabs/Swagger-EZ: A tool geared towards pentesting APIs using OpenAPI definitions.

arainho/awesome-api-security

Beginner's Guide to API Hacking

Contextual Content Discovery: You've forgotten about the API endpoints

microsoft/restler-fuzzer

API Tokens: A Tedious Survey

API security design best practices for enterprise and public cloud