the focus also should be on layered security design (with the security of data not just to be managed at the API level but across all levels), on how to minimize the impact of data exposure (with the least common and least privilege security principles ), when an API is compromised.
Devhub Content Issue
API with security by design is briefly mentioned, OWASP security principles can be a good reference for that. https://github.com/OWASP/DevGuide/blob/master/02-Design/01-Principles%20of%20Security%20Engineering.md
the focus also should be on layered security design (with the security of data not just to be managed at the API level but across all levels), on how to minimize the impact of data exposure (with the least common and least privilege security principles ), when an API is compromised.