API4:2023 — Unrestricted Resource Consumption

Q: What is Unrestricted Resource Consumption in APIs?

API4:2023 covers APIs without rate limiting, pagination, or payload size controls. Enables DoS, cost inflation, and mass data exfiltration.

Verified by Precogs Threat Research

OWASP API 2023Rank #4

What is Unrestricted Resource Consumption in APIs?

APIs that don't limit the number of requests, payload sizes, or resources consumed per client. Missing rate limiting, no pagination limits, uncapped file uploads, and unbounded batch operations.

Impact

Enables denial of service, cost inflation on pay-per-use APIs, and data exfiltration through overly large response payloads.

Related CWEs

CWE-770 — View in Precogs Hub
CWE-400 — View in Precogs Hub
CWE-799 ↗

How Precogs AI Addresses API4

Precogs AI identifies missing rate limiting, unbounded query parameters, and missing pagination in API implementations during code analysis and runtime testing.

Scan for API4 Risks Book a demo

API4:2023 — Unrestricted Resource Consumption

What is Unrestricted Resource Consumption in APIs?

Impact

Related CWEs

Risk Overview

Quick Links

Protect Against API4

How Precogs AI Addresses API4

API4:2023 — Unrestricted Resource Consumption

What is Unrestricted Resource Consumption in APIs?

Impact

Related CWEs

Related Resources

🔍 Related CWE Entries

🛡️ Notable Vulnerabilities

🔗 External References

Risk Overview

Quick Links

Protect Against API4

How Precogs AI Addresses API4