Frans Rosén Keynote at BSides Ahmedabad
Rosén discusses the methodology of fuzzing and info disclosure: discovering API vulnerabilities through fuzzing, discovering endpoints or hidden backend microservices, bypassing internal mechanisms, getting info from errors, forging JWT, and so forth.

Not the best camerawork, but good content and excellent speaker, so still good to check out. (Thanks Dmitry Sotnikov)

BSidesATL 2020 - Detect: Automated Web Application & API Discovery & Other Things That Sound Simple

Brooks and Lane talk about their experiences in locating shadow APIs in their network:

Using DNS enumeration Web host discovery API discovery Risk factor identification