The team behind GitGuardian, a tool that helps developers to keep credentials and other secrets outside of the source code, shares their documentation for the API security best practices.
The cool bit about their documentation is that it covers both how to avoid the issues and how to solve them if they happened.