Learn the foundations of web application assessments. Exploit common web vulnerabilities, learn how to exfiltrate sensitive data from target web applications, and earn your OffSec Web Assessor (OSWA) certification.
Haven’t done the course for this one, just jumped to the 300 level stuff after my OSCP, but I have unlimited and have looked at the syllabus and stuff. If work is paying, go for it. If you’re self paying I’d personally just do the free PortSwigger Academy stuff then pay for the OSWE/WEB-300 course.
Just heard about API Security Certified Professional (ASCP) - which is supposed to be OSCP-like but for API's.
A friend in the industry was excited about it, I have yet to dig into it, but it sounds like its hands on like the Offensive Security certs.