API security has emerged as a critical component of the overall application security landscape. In this Hackernoon long read, we will delve into the world of API security testing, with a focus on Swagger. We will first discuss stateful and stateless architectures and their relevance to API security. We then highlight some of the key drawbacks of testing with Swagger and provide code examples to illustrate the points discussed.