LeakIX - Host api.acolyteapp.com

Domain api.acolyteapp.com

United States

GOOGLE

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.217.208.121
Domain: api.acolyteapp.com
Port: 443
URL: https://api.acolyteapp.com

First seen 2025-12-06 15:29
Last seen 2026-01-09 12:04
Open for 33 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 12:04
Create report

Open service 172.217.208.121:443 · api.acolyteapp.com

2026-01-09 12:04

HTTP/1.1 404 Not Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
etag: W/"71d-waYEh+6dy2tyXL45OlShI0Xcfxw"
x-cloud-trace-context: d4a8fa7ac627710568c330badb90cd44
date: Fri, 09 Jan 2026 12:04:38 GMT
server: Google Frontend
Content-Length: 1821
Connection: close


{"error":"Route not found","method":"GET","path":"/","originalUrl":"/","availableRoutes":["GET /health (legacy)","GET /v1/health","GET /v1/app/config","GET /v1/references/honorifics","GET /v1/references/content-types","GET /v1/search","POST /v1/utilities/populate","POST /v1/utilities/rebuild-indexes","GET /v1/parishes/search","GET /v1/parishes/search-by-zipcode","GET /v1/parishes/search-nearby","GET /v1/parishes/active","GET /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id/profile-picture","PATCH /v1/parishes/:parish_id/active","PATCH /v1/priests/:priest_id","PATCH /v1/priests/:priest_id/profile-picture","POST /v1/parishes/:parish_id/activate","GET /v1/parishes/:parish_id/posts","GET /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts","PATCH /v1/parishes/:parish_id/posts/:post_id","DELETE /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts/subscribe","POST /v1/parishes/:parish_id/posts/unsubscribe","GET /v1/priests/search","GET /v1/priests/:priest_id","POST /v1/users","GET /v1/users/me","GET /v1/users/:acid","PATCH /v1/users/:acid","DELETE /v1/users/:acid","POST /v1/users/:acid/follow/:entity_type/:entity_id","DELETE /v1/users/:acid/follow/:entity_type/:entity_id","GET /v1/users/:acid/followed","GET /v1/users/:acid/feed","GET /v1/users/:acid/feed/curated","GET /v1/users/:acid/feed/followed","GET /v1/users/:acid/feed/stats","GET /v1/users/:acid/feed/ids","POST /v1/users/:acid/feed/posts","POST /v1/admin/curation/promote","POST /v1/admin/curation/unpromote","POST /v1/admin/curation/posts","GET /v1/admin/curation/posts","PATCH /v1/admin/curation/posts/:post_id","POST /v1/admin/curation/rebuild-index","POST /v1/donations/create-payment-intent","POST /v1/webhooks/stripe","GET /api-docs","GET /api-docs.json"]}

Found 2026-01-09 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.acolyteapp.com

2026-01-02 02:48

HTTP/1.1 404 Not Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
etag: W/"71d-waYEh+6dy2tyXL45OlShI0Xcfxw"
x-cloud-trace-context: a7393dcef967a60ea3af6b15020a89b2
date: Fri, 02 Jan 2026 02:48:26 GMT
server: Google Frontend
Content-Length: 1821
Connection: close


{"error":"Route not found","method":"GET","path":"/","originalUrl":"/","availableRoutes":["GET /health (legacy)","GET /v1/health","GET /v1/app/config","GET /v1/references/honorifics","GET /v1/references/content-types","GET /v1/search","POST /v1/utilities/populate","POST /v1/utilities/rebuild-indexes","GET /v1/parishes/search","GET /v1/parishes/search-by-zipcode","GET /v1/parishes/search-nearby","GET /v1/parishes/active","GET /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id/profile-picture","PATCH /v1/parishes/:parish_id/active","PATCH /v1/priests/:priest_id","PATCH /v1/priests/:priest_id/profile-picture","POST /v1/parishes/:parish_id/activate","GET /v1/parishes/:parish_id/posts","GET /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts","PATCH /v1/parishes/:parish_id/posts/:post_id","DELETE /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts/subscribe","POST /v1/parishes/:parish_id/posts/unsubscribe","GET /v1/priests/search","GET /v1/priests/:priest_id","POST /v1/users","GET /v1/users/me","GET /v1/users/:acid","PATCH /v1/users/:acid","DELETE /v1/users/:acid","POST /v1/users/:acid/follow/:entity_type/:entity_id","DELETE /v1/users/:acid/follow/:entity_type/:entity_id","GET /v1/users/:acid/followed","GET /v1/users/:acid/feed","GET /v1/users/:acid/feed/curated","GET /v1/users/:acid/feed/followed","GET /v1/users/:acid/feed/stats","GET /v1/users/:acid/feed/ids","POST /v1/users/:acid/feed/posts","POST /v1/admin/curation/promote","POST /v1/admin/curation/unpromote","POST /v1/admin/curation/posts","GET /v1/admin/curation/posts","PATCH /v1/admin/curation/posts/:post_id","POST /v1/admin/curation/rebuild-index","POST /v1/donations/create-payment-intent","POST /v1/webhooks/stripe","GET /api-docs","GET /api-docs.json"]}

Found 2026-01-02 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.acolyteapp.com

2025-12-30 14:44

HTTP/1.1 404 Not Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
etag: W/"71d-waYEh+6dy2tyXL45OlShI0Xcfxw"
x-cloud-trace-context: 0862eeb17e2c9a3b4b3200ea41488cce
date: Tue, 30 Dec 2025 14:44:18 GMT
server: Google Frontend
Content-Length: 1821
Connection: close


{"error":"Route not found","method":"GET","path":"/","originalUrl":"/","availableRoutes":["GET /health (legacy)","GET /v1/health","GET /v1/app/config","GET /v1/references/honorifics","GET /v1/references/content-types","GET /v1/search","POST /v1/utilities/populate","POST /v1/utilities/rebuild-indexes","GET /v1/parishes/search","GET /v1/parishes/search-by-zipcode","GET /v1/parishes/search-nearby","GET /v1/parishes/active","GET /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id/profile-picture","PATCH /v1/parishes/:parish_id/active","PATCH /v1/priests/:priest_id","PATCH /v1/priests/:priest_id/profile-picture","POST /v1/parishes/:parish_id/activate","GET /v1/parishes/:parish_id/posts","GET /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts","PATCH /v1/parishes/:parish_id/posts/:post_id","DELETE /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts/subscribe","POST /v1/parishes/:parish_id/posts/unsubscribe","GET /v1/priests/search","GET /v1/priests/:priest_id","POST /v1/users","GET /v1/users/me","GET /v1/users/:acid","PATCH /v1/users/:acid","DELETE /v1/users/:acid","POST /v1/users/:acid/follow/:entity_type/:entity_id","DELETE /v1/users/:acid/follow/:entity_type/:entity_id","GET /v1/users/:acid/followed","GET /v1/users/:acid/feed","GET /v1/users/:acid/feed/curated","GET /v1/users/:acid/feed/followed","GET /v1/users/:acid/feed/stats","GET /v1/users/:acid/feed/ids","POST /v1/users/:acid/feed/posts","POST /v1/admin/curation/promote","POST /v1/admin/curation/unpromote","POST /v1/admin/curation/posts","GET /v1/admin/curation/posts","PATCH /v1/admin/curation/posts/:post_id","POST /v1/admin/curation/rebuild-index","POST /v1/donations/create-payment-intent","POST /v1/webhooks/stripe","GET /api-docs","GET /api-docs.json"]}

Found 2025-12-30 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.acolyteapp.com

2025-12-22 10:14

HTTP/1.1 404 Not Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
etag: W/"6ee-u8jBj/AvnSbCDe8HGwTwjEFUdSY"
x-cloud-trace-context: dd17677e6e1912daf6f24a70bd68d946
date: Mon, 22 Dec 2025 10:14:49 GMT
server: Google Frontend
Content-Length: 1774
Connection: close


{"error":"Route not found","method":"GET","path":"/","originalUrl":"/","availableRoutes":["GET /health (legacy)","GET /v1/health","GET /v1/app/config","GET /v1/references/honorifics","GET /v1/references/content-types","GET /v1/search","POST /v1/populate","GET /v1/parishes/search","GET /v1/parishes/search-by-zipcode","GET /v1/parishes/search-nearby","GET /v1/parishes/active","GET /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id/profile-picture","PATCH /v1/parishes/:parish_id/active","PATCH /v1/priests/:priest_id","PATCH /v1/priests/:priest_id/profile-picture","POST /v1/parishes/:parish_id/activate","GET /v1/parishes/:parish_id/posts","GET /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts","PATCH /v1/parishes/:parish_id/posts/:post_id","DELETE /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts/subscribe","POST /v1/parishes/:parish_id/posts/unsubscribe","GET /v1/priests/search","GET /v1/priests/:priest_id","POST /v1/users","GET /v1/users/me","GET /v1/users/:acid","PATCH /v1/users/:acid","DELETE /v1/users/:acid","POST /v1/users/:acid/follow/:entity_type/:entity_id","DELETE /v1/users/:acid/follow/:entity_type/:entity_id","GET /v1/users/:acid/followed","GET /v1/users/:acid/feed","GET /v1/users/:acid/feed/curated","GET /v1/users/:acid/feed/followed","GET /v1/users/:acid/feed/stats","GET /v1/users/:acid/feed/ids","POST /v1/users/:acid/feed/posts","POST /v1/admin/curation/promote","POST /v1/admin/curation/unpromote","POST /v1/admin/curation/posts","GET /v1/admin/curation/posts","PATCH /v1/admin/curation/posts/:post_id","POST /v1/admin/curation/rebuild-index","POST /v1/donations/create-payment-intent","POST /v1/webhooks/stripe","GET /api-docs","GET /api-docs.json"]}

Found 2025-12-22 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.acolyteapp.com

2025-12-20 07:04

HTTP/1.1 404 Not Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
etag: W/"6cb-DL82N2LY1SBNeLGVW5FGX8naH4s"
x-cloud-trace-context: e927f7531cc42248303485d0b746cfd7
date: Sat, 20 Dec 2025 07:04:10 GMT
server: Google Frontend
Content-Length: 1739
Connection: close


{"error":"Route not found","method":"GET","path":"/","originalUrl":"/","availableRoutes":["GET /health (legacy)","GET /v1/health","GET /v1/app/config","GET /v1/references/honorifics","GET /v1/search","POST /v1/populate","GET /v1/parishes/search","GET /v1/parishes/search-by-zipcode","GET /v1/parishes/search-nearby","GET /v1/parishes/active","GET /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id","PATCH /v1/parishes/:parish_id/profile-picture","PATCH /v1/parishes/:parish_id/active","PATCH /v1/priests/:priest_id","PATCH /v1/priests/:priest_id/profile-picture","POST /v1/parishes/:parish_id/activate","GET /v1/parishes/:parish_id/posts","GET /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts","PATCH /v1/parishes/:parish_id/posts/:post_id","DELETE /v1/parishes/:parish_id/posts/:post_id","POST /v1/parishes/:parish_id/posts/subscribe","POST /v1/parishes/:parish_id/posts/unsubscribe","GET /v1/priests/search","GET /v1/priests/:priest_id","POST /v1/users","GET /v1/users/me","GET /v1/users/:acid","PATCH /v1/users/:acid","DELETE /v1/users/:acid","POST /v1/users/:acid/follow/:entity_type/:entity_id","DELETE /v1/users/:acid/follow/:entity_type/:entity_id","GET /v1/users/:acid/followed","GET /v1/users/:acid/feed","GET /v1/users/:acid/feed/curated","GET /v1/users/:acid/feed/followed","GET /v1/users/:acid/feed/stats","GET /v1/users/:acid/feed/ids","POST /v1/users/:acid/feed/posts","POST /v1/admin/curation/promote","POST /v1/admin/curation/unpromote","POST /v1/admin/curation/posts","GET /v1/admin/curation/posts","PATCH /v1/admin/curation/posts/:post_id","POST /v1/admin/curation/rebuild-index","POST /v1/donations/create-payment-intent","POST /v1/webhooks/stripe","GET /api-docs","GET /api-docs.json"]}

Found 2025-12-20 by HttpPlugin

Create report

api.acolyteapp.com

Fingerprint:

f66d8c2f6ee45d909da08e0cf15b4dbaa5d65434615cfce0e5723a19876a3848

CN:

api.acolyteapp.com

Key:

RSA-2048

Issuer:

WR3

Not before:

2025-12-03 19:21

Not after:

2026-03-03 20:11

Domain summary

api.acolyteapp.com 5

1 recorded

IP summary

172.217.208.121 2

1 recorded

Domain api.acolyteapp.com

United States

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

api.acolyteapp.com

Domain summary

IP summary