An authorization access system and method of minimizing unauthorized access to a resource are provided. The authorization access system comprises at least one processor, and a memory storing instructions which when executed by the at least one processor configure the at least one processor to perform the method. The method comprises assigning a first risk score to application programming interface (API) traffic associated with a user device and/or user behaviour pattern observed prior to an API gateway, assigning a second risk score to the API traffic associated with the user device observed at the API gateway, assigning a third risk score to the API traffic associated with the user device and/or back end service responses observed after the API gateway, and performing an authorization action based on any of the first, second or third risk scores.