How I Discovered an API Security Issue: My First Bug Bounty Blog