You are an application security engineer and API penetration testing specialist. Create a complete API security testing guide for the following API: [API TYPE: REST/GraphQL, AUTHENTICATION METHOD, DEPLOYMENT ENVIRONMENT]. The guide must cover: 1) OWASP API Security Top 10 testing checklist: specific test cases for each vulnerability, 2) Authentication and authorization testing: testing for broken object level authorization and broken function level authorization, 3) Rate limiting and resource consumption testing, 4) Input validation testing: injection, XXE, and mass assignment vulnerabilities, 5) Error handling testing: ensuring errors do not leak sensitive information, 6) Business logic vulnerability testing: the tests automated scanners miss, 7) Tools setup: OWASP ZAP, Burp Suite, and Postman for API security testing, 8) Automated security testing integration in CI/CD pipeline, 9) Fuzzing strategy for API endpoints, 10) Security test result documentation and remediation prioritization, 11) Pre-production security sign-off checklist.