Domain api-sandbox.epsifund.com
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-10 00:30
Last seen 2026-01-11 13:20
Open for 62 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6011c39731c225ca0c13f4e03fee36e622043a0091Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /api/v1/clients/{clientId}/bankaccount/{bankAccountId} DELETE /api/v1/clients/{clientId}/credentials/plaid/{tokenId} DELETE /api/v1/clients/{clientId}/credentials/shopifypartners/{organisationId} GET /api/v1 GET /api/v1/clients GET /api/v1/clients/loans GET /api/v1/clients/loans/search GET /api/v1/clients/loans/{loanId} GET /api/v1/clients/loans/{loanId}/estimatedamounts GET /api/v1/clients/search GET /api/v1/clients/stripe/connect/oauth/redirect GET /api/v1/clients/{clientId} GET /api/v1/clients/{clientId}/bankaccount GET /api/v1/clients/{clientId}/connections/shopifypartners/revenue GET /api/v1/clients/{clientId}/credentials/nordigen GET /api/v1/clients/{clientId}/credentials/shopifypartners GET /api/v1/clients/{clientId}/credentials/stripe GET /api/v1/clients/{clientId}/estimatedrevenue GET /api/v1/clients/{clientId}/stripe/{stripeAccountId}/connect/link/refresh GET /api/v1/clients/{clientId}/verifieddata GET /api/v1/deferredoperations GET /api/v1/deferredoperations/status GET /api/v1/nordigen/countries GET /api/v1/nordigen/institutions GET /api/v1/nordigen/requisitions/{requisitionId} GET /api/v1/services GET /api/v1/services/claims GET /api/v1/services/{serviceId} GET /api/v1/services/{serviceId}/apikeys GET /api/v1/services/{serviceId}/claims GET /api/v1/webhooks/client/{clientId}/nordigen/approve GET /api/v1/webhooks/mantle/callback GET /api/v1/webhooks/shopifystore/events/connect PATCH /api/v1/clients/loans/{loanId}/invoices/{invoiceId} PATCH /api/v1/clients/loans/{loanId}/tranche/{trancheId} PATCH /api/v1/clients/{clientId}/credentials/nordigen/{credentialsId} PATCH /api/v1/clients/{clientId}/credentials/stripe/{credentialsId} PATCH /api/v1/deferredoperations/{operationId} POST /api/v1/clients/connections/shopifypartners/applications POST /api/v1/clients/loans/{loanId}/invoices POST /api/v1/clients/loans/{loanId}/invoices/{invoiceId}/email/{email} POST /api/v1/clients/loans/{loanId}/tranche POST /api/v1/clients/shopifypartners/payoutadvance POST /api/v1/clients/wise/recipient POST /api/v1/clients/wise/transfer POST /api/v1/clients/{clientId}/connections/mantle/applications POST /api/v1/clients/{clientId}/connections/mantle/metrics POST /api/v1/clients/{clientId}/connections/mantle/metrics/byapps POST /api/v1/clients/{clientId}/connections/nordigen/report POST /api/v1/clients/{clientId}/connections/shopifypartners/applications POST /api/v1/clients/{clientId}/connections/shopifypartners/payoutadvance POST /api/v1/clients/{clientId}/connections/shopifypartners/report/cohort POST /api/v1/clients/{clientId}/connections/stripe/report/cohort POST /api/v1/clients/{clientId}/connections/stripe/revenue POST /api/v1/clients/{clientId}/credentials/plaid POST /api/v1/clients/{clientId}/gocardless/mandate/link POST /api/v1/clients/{clientId}/gocardless/payment POST /api/v1/clients/{clientId}/gocardless/payments POST /api/v1/clients/{clientId}/loans/{loanId}/agreement/{offerId} POST /api/v1/clients/{clientId}/loans/{loanId}/document/payotadvance POST /api/v1/clients/{clientId}/loans/{loanId}/document/payoutadvancebycredentials POST /api/v1/clients/{clientId}/loans/{loanId}/invoices/{invoiceId}/document POST /api/v1/clients/{clientId}/loans/{loanId}/wise/transfer POST /api/v1/clients/{clientId}/loans/{loanId}/wise/transfer/credentials POST /api/v1/clients/{clientId}/mantle/connect/oauth/link POST /api/v1/clients/{clientId}/mantle/metrics POST /api/v1/clients/{clientId}/plaid/metrics POST /api/v1/clients/{clientId}/plaid/report POST /api/v1/clients/{clientId}/risk-rating POST /api/v1/clients/{clientId}/shopifystore/connect/oauth/link POST /api/v1/clients/{clientId}/shopifystore/{shopifyStoreId}/metrics POST /api/v1/clients/{clientId}/stripe/connect/link POST /api/v1/clients/{clientId}/stripe/connect/oauth/link POST /api/v1/clients/{clientId}/stripe/identity/verification/link POST /api/v1/clients/{clientId}/wise/recipient POST /api/v1/clients/{clientId}/wise/transfer POST /api/v1/funding/shopifypartners POST /api/v1/funding/shopifypartners/byapps POST /api/v1/funding/shopifypartners/retentions POST /api/v1/funding/shopifypartners/risk-category POST /api/v1/nordigen/clients/{clientId}/report POST /api/v1/nordigen/link POST /api/v1/plaid/metrics POST /api/v1/plaid/report POST /api/v1/test/shopifypartners/mrrs POST /api/v1/valuation/multipliers POST /api/v1/valuation/multipliers/csv POST /api/v1/valuation/multipliers/shopifypartners POST /api/v1/webhooks/gocardles/events POST /api/v1/webhooks/stripe/events/account POST /api/v1/webhooks/stripe/events/connect PUT /api/v1/clients/{clientId}/billingaddress PUT /api/v1/clients/{clientId}/businessdetails PUT /api/v1/clients/{clientId}/credentials/mantleinfo PUT /api/v1/clients/{clientId}/gocardlessinfo PUT /api/v1/services/{serviceId}/apikeys/{apiKeyId}Found on 2026-01-11 13:20
-
-
Open service 2001:4860:4802:34::15:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: bc09aaa4d20ba8cfd6091ed52358406b date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:36::15:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 15945d08a479c8406216f01198af41b3 date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.32.21:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: c25ee635753e72e8a1c3d9c08819d7cc date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.36.21:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 67f2784ba367743b1192eb37c05aae2b date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.34.21:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: f2a0e39451e2f8e84c851fbe69f7c847 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.38.21:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: f78568aae371b3e267f71771938ed34a date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.32.21:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: e89c524a26c4510027620a3816559d08 date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:38::15:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 224bc1369f7775f7e4185e6ca7e329e9 date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:38::15:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 52a92c2f640b877635d8bfbbf387e397 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.36.21:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 2e812ef97d626da1484ee69a79fdc235 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.34.21:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 14576ce8557cabb549d088bfbf0d33a2 date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:32::15:443 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 335363aaa98974af4d6d2172479d9330 date: Sun, 11 Jan 2026 13:20:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:32::15:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: e09b1f2b4e6037a4db2e9a44242d2526 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:36::15:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 2d35747b702b02d08bb52ee193fb21c8 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.38.21:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 7b079d173bfe0b72ced287af61c9b5a1;o=1 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 2001:4860:4802:34::15:80 · api-sandbox.epsifund.com
2026-01-11 13:20
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 7aab34f8c18a6e2d4041be25219edf36 date: Sun, 11 Jan 2026 13:21:52 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 17 hours ago by HttpPluginCreate report
-
Open service 216.239.34.21:443 · api-sandbox.epsifund.com
2026-01-09 11:47
HTTP/1.1 401 Unauthorized x-cloud-trace-context: aed07a4cd659306edd5af286f8a76adb date: Fri, 09 Jan 2026 11:47:33 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 3 days ago by HttpPluginCreate report
-
Open service 216.239.34.21:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: e8621bf4572a944b0b6c92bcab1956ee date: Sat, 03 Jan 2026 11:10:14 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:32::15:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 0230c2e28ecb731782c6db745314d83b date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:34::15:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: aaa019f09aca59338c7593e46389f42e date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:34::15:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: d277aa8049cc9049fd8118d80577d0e7 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.36.21:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: ecc0f9bb94bdb6174a2661dd73776307 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:32::15:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 14dd4b4e23bedcd637925b88490da69f date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:38::15:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: cb7b13e8628832428def62c4e258b57a date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:38::15:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: ee516546ff2e995a71644d5d72880730 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:36::15:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: f024ddece36a8d695edd8bd6d3adc14e date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.32.21:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: a013ad4ea89fbf9faeae6f79d0bd8de1 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2001:4860:4802:36::15:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: af275c99f49671926c2a21e631eca0f9 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.36.21:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: 9748f0335906e9816331b6e10060c80f date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.38.21:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: b649c11d516f416883c8abbedc8f9956 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.38.21:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 512ea49442623ef58f25e4b6899d790d date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.32.21:80 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 302 Found location: https://api-sandbox.epsifund.com/ x-cloud-trace-context: e2938c72be7a874d02f8a3e519325f80 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.34.21:443 · api-sandbox.epsifund.com
2026-01-03 11:10
HTTP/1.1 401 Unauthorized x-cloud-trace-context: ded90723f322c81fa0d5293292730862 date: Sat, 03 Jan 2026 11:10:12 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 216.239.34.21:443 · api-sandbox.epsifund.com
2026-01-02 07:46
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 780c00c3658992e9a73193de08b594e5 date: Fri, 02 Jan 2026 07:46:16 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-02 by HttpPluginCreate report
-
Open service 216.239.34.21:443 · api-sandbox.epsifund.com
2025-12-23 05:39
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 2846952c6151a4dba18998f02ebadd97 date: Tue, 23 Dec 2025 05:39:55 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-23 by HttpPluginCreate report
-
Open service 216.239.34.21:443 · api-sandbox.epsifund.com
2025-12-20 14:03
HTTP/1.1 401 Unauthorized x-cloud-trace-context: 84e9e041639961fc36a6746c44de32ec date: Sat, 20 Dec 2025 14:03:49 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-20 by HttpPluginCreate report