A public API, which can be requested by any authenticated or unauthenticated identities, can lead to unauthorized actions and information disclosures.