OWASP API Security Top 10 2019 Checklist

general > broken-user-authentication-authenticate-api

Guidance

Know all the possible flows to authenticate to the API (mobile/ web/deep links that implement
one-click authentication/etc.). Security scheme must be applied at global or operation level.

Applies to Operation

Constraint

Type: Declarative Validation