A golden oldie (traditionally) online target has gone open source so we can add it to Dojo if we want:
It simulates a real app (as opposed to CTF/tutorial style "targets" such as DVWA) so it makes a good practice to simulate a full assessment and write-up lab.
https://github.com/AppSecDev/AltoroJ/
It may even have API interface now:
http://demo.testfire.net/swagger/properties.json
Which will allow API testing labs (e.g. using Burp API extension)