Unintended Use of CIBC's API
CIBC has an almost public API. After banking with them for a couple years, I decided to poke around their web requests a little bit. I found that they use an API based on persistent cookies and an X-auth-token. Using pythons’ requests, I was able to write a client wrapper around the API for developer use, I used it with plotly to make an interactive budget report. CIBC has built an API for internal use and verification on their website and app but has no documentation publicly released for it. In other words, while it's supposed to be used internally, it can be hijacked for other purposes.