We are facing an issue with a malicious user who has details about how our website works. Using the developer tools in the browser, the login and subsequent APIs are studied and a mobile app is built which internally hits our APIs.