About
Blog
Tools53

Blog

Notes on APIs, automation, and security.

Technical posts on reverse-engineering, security research, automation patterns, and the day-to-day of solo engineering work.

← hometools →

ekofyi

Reverse-engineering APIs. Building automation. Shipping tools.

Site

About
Blog
Tools

Elsewhere

Twitter / X
LinkedIn
Email

© 2026 ekofyi · built with ☕

⌕

Sort:

All API Reverse Engineering Automation Patterns Security Research Indie Workflow· 4 posts

4 results

Security ResearchMay 18, 20269 min read
Common auth mistakes I find when reverse-engineering APIs
After years of poking at APIs that weren't meant to be poked at, these are the auth patterns that break most often — and why.
API Reverse EngineeringMay 18, 20268 min read
What your JWT tokens reveal about your backend
JWTs are meant to be opaque to users. They're not. Here's what I learn about your architecture just by decoding one.
API Reverse EngineeringApr 22, 202612 min read
How I reverse-engineered an HR attendance API in 3 days
A practical walkthrough of the methodology I use when there's no documentation: capturing traffic, mapping endpoints, and validating assumptions before writing a single line of automation.
API Reverse EngineeringApr 8, 20268 min read
Reading the network tab without losing your mind
DevTools shows you everything, which is the problem. Here's how I filter signal from noise when reverse-engineering a web application's API.