API threat modeling TL;DR: Pre-engagement step: enumerate trust boundaries, identify excessive-data sinks, plan auth/AuthZ test matrix. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO