{"message":"Corellium Cafe API - Vulnerable by Design","version":"1.0.0","endpoints":{"orders":"/api/orders","orderDetails":"/api/orders/:orderId","orderDetailsVerbose":"/api/orders/:orderId/details","rewards":"/api/rewards/:userId","rewardsCTF":"/api/rewards?userId=<id>","reviews":"/api/reviews","paymentMethods":"/api/payment-methods/:userId","staffLogin":"/api/staff/login","staffVerify":"/api/staff/verify","supplierInventory":"/api/supplier/inventory"},"challenges":["IDOR - Insecure Direct Object Reference","Broken Authentication","Stored XSS","Mass Assignment","Information Disclosure","Rewards Program - IDOR (Broken Authorization)","JWT Algorithm Confusion (CVE-2016-10555)","Hidden API Communication"]}