This link was posted by xrayarx 5 hours ago on HN. It received 224 points and 37 comments.
A good write up of a discovery process. Someone online will be probing your private API looking for auth bypasses. You will learn something reading this post.
Note, I would not have gone so far myself; some of these actions could be considered unauthorized access and will generate commercial and state negative attention. Always get approval and authorization before attempting to probe systems for vulnerabilities.
reply