I'd personally be worried publishing this due to potentially also being classified as gaining unauthorized access to a computer system. It may temporarily be a publically accessible and poorly secured API, but that doesn't mean it's intended for public consumption when you have poked around the app to work out the API and then bypassing payment mechanisms.
No comments yet.