Besides the regular OWASP API 10 which is super useful, i think it's worth exploring some other issue types as well or simply how these issue types might manifest on an API in a real life scenario beyond the attack examples we gave before. Many of these issue types from top 10 cover a broad range of individual scenario's which i think we should not neglect.