How do you approach threat modeling for a new product feature at Systems Application & Technologies that integrates with third-party APIs?