Hitting 401/403 on a PUT request? Swap the HTTP method.
Always test GET ➔ POST ➔ PUT ➔ PATCH ➔ DELETE. Lazy auth configurations often block specific verbs but leave the underlying endpoint logic exposed to others.
#BugBounty#APISecurity#InfoSec#Hackerone