A list of checks/test cases you can run on API endpoints to discover security weaknesses. Talk presented at null Bangalore January 2020.