While much attention has been on human-to-machine access in Zero Trust, recent findings reveal that over 80% of web traffic occurs via APIs. This surge in API usage is accompanied by a significant rise in attacks against them. Credential stuffing attacks, in particular, have shifted focus to target API credentials, posing a growing threat. Once stolen, these credentials are susceptible to compromise, leading to potential misuse in redirecting traffic or spoofing machine clients.