The biggest API security fails and how to fix them