How to Reverse Engineer an API

I've had that experience with the CRF CSRF tokens where that can be a thing is that's often in the HTML. So you have to fetch the HTML file, then you've got to grab or whatever to find where the token is in the HTML file. Or I've noticed it's a ton with recent versions of react and Angular sites where the token has double or triple escape strings. A lot of times I like to click around and see what happens and watch those logs because it's often easier to read than the documentation. The documentation does often nested 10 layers key. And then the documentation doesn't expose the same things that are exposed. If you look at the API, now