The attack would be like: attacker has read/write access to the database but not...

		randomint64 18 days ago \| parent \| context \| favorite \| on: My adventure in designing API keys The attack would be like: attacker has read/write access to the database but not to the code of the backend service. Attacker swaps the hash of a targeted API key with the hash of their own API key. Attacker has now access to the resources of the targeted organization when using their own API key.