🚪 The forgotten endpoint

Broken user authentication

Your developer proudly shows you the new admin dashboard they built over the weekend with real-time revenue reports.

Monday morning, a customer emails asking why they can see your company's financial data when they visit a random URL they found.

You test the URL: /api/admin/reports and your stomach drops - it returns detailed revenue, customer counts, and profit margins.

No login required. No API key needed. Anyone with the URL can see your most sensitive business metrics.

Technical Issue: The new API endpoint was created without implementing authentication middleware. While the frontend requires login, the API endpoint itself can be accessed directly by anyone who discovers the URL.

What's your immediate first move?

← Select different scenario