OAuth 1.0a Rest API OWASP SCAN

[John Herald]

Hi All,

I am trying to figure out a way to scan APIs build on/with OAuth1.0a like https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/ but not able to understand best way to do so ? Can someone guide me how to scan something that is built in way to prevent replay of APIs.

the current theoretical way i have is to generate token with hash , sig etc. for each request and then append it through scripts ( like on the fly ).

Is this the only way or do we have something already built ?

Regards
John