API Threat Hunting: Anatomy of an API Attack