It’s #1 attack technique used by hackers against the APIs. APIs often use object identifiers to access resources. This opens the application to attack by changing the object identifiers in the request to gain unauthorized access to resources. For example, a finance application is vulnerable to BOLA if a user can change the identifier and view another user’s data. Authorization checks must be done on every request to verify that the user requesting the resource has access to that resource.