Without any form of session management then anyone with cURL (or similar) can send a DELETE request to the right url and mess with our database. I've never tackled this before, but this would be a good place to start: https://www.owasp.org/index.php/REST_Security_Cheat_Sheet.
Without any form of session management then anyone with cURL (or similar) can send a DELETE request to the right url and mess with our database. I've never tackled this before, but this would be a good place to start: https://www.owasp.org/index.php/REST_Security_Cheat_Sheet.