RESTful APIs have been adopted as the standard way of developing web services, allowing for smooth communication between clients and servers. Their simplicity, scalability, and compatibility have made them crucial to modern web environments. However, the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability, confidentiality, and integrity of web services. This survey focuses exclusively on RESTful APIs, providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP. We highlight concrete threats—such as injection attacks and insecure direct object references (IDOR)—to illustrate the evolving risk landscape. Our work systematically reviews state-of-the-art detection methods, including static code analysis and penetration testing, and proposes a novel taxonomy that categorizes vulnerabilities such as authentication and authorization issues. Unlike existing taxonomies focused on general web or network-level threats, our taxonomy emphasizes API-specific design flaws and operational dependencies, offering a more granular and actionable framework for RESTful API security. By critically assessing current detection methodologies and identifying key research gaps, we offer a structured framework that advances the understanding and mitigation of RESTful API vulnerabilities. Ultimately, this work aims to drive significant advancements in API security, thereby enhancing the resilience of web services against evolving cyber threats.