Skip to content
← Back to Glossary
API Security Checked by Vezraa

Broken Object Level Authorization (BOLA)

API vulnerability where object-level access controls are missing or broken.

BOLA is the API equivalent of IDOR — attackers access objects they shouldn't by guessing or enumerating IDs. It's #1 on the OWASP API Security Top 10. Fix by validating the requesting user has permission to access the specific object.

Related Terms

See if your app is vulnerable

Vezraa checks for this security issues. Scan in 25 seconds.

Broken Object Level Authorization (BOLA) — Security Glossary | Vezraa