TL;DR: Static tokens — where they live, how they leak, what they typically over-authorise.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/api-keys.html