()

Browser
API client


Protocol	HTTP
Authentication	Cookie



1. API orchestration security pattern [Threat Model]



			SP-TE-29: Web application attacks or code injection attack
			CAPEC-125: Flooding
			SP-TE-23: Adversary in the middle attack or network traffic modification