Domain api.awin.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-14 07:31
Last seen 2026-01-09 15:46
Open for 87 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec8a8b7657c7207b55c54cd62a3933b1bc778c43c4Public Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /accounts GET /advertisers/{advertiserId}/publishers GET /advertisers/{advertiserId}/reports/campaign GET /advertisers/{advertiserId}/reports/creative GET /advertisers/{advertiserId}/reports/publisher GET /advertisers/{advertiserId}/transactions GET /advertisers/{advertiserId}/transactions/ GET /advertisers/{advertiserId}/transactions/jobs GET /advertisers/{advertiserId}/transactions/jobs/{jobId} GET /publisher/{publisherId}/product/{canonicalProductId} GET /publisher/{publisherId}/transactionqueries GET /publishers/{publisherId}/awinfeeds/download/{advertiserId}-{vertical}-{locale}.jsonl GET /publishers/{publisherId}/awinfeeds/feeds GET /publishers/{publisherId}/commissiongroups GET /publishers/{publisherId}/commissionsharingrules GET /publishers/{publisherId}/linkbuilder/quota GET /publishers/{publisherId}/programmedetails GET /publishers/{publisherId}/programmes GET /publishers/{publisherId}/reports/advertiser GET /publishers/{publisherId}/reports/campaign GET /publishers/{publisherId}/reports/creative GET /publishers/{publisherId}/transactions GET /publishers/{publisherId}/transactions/ GET /unique-product/{publisherId}/autocomplete POST /advertisers/{advertiserId}/awinfeeds/{vertical}/{locale}/products POST /advertisers/{advertiserId}/transactions/batch POST /oauth2/token POST /promotion/advertiser/{advertiserId} POST /publisher/{publisherId}/productAvailability POST /publisher/{publisherId}/promotions POST /publishers/{publisherId}/linkbuilder/generate POST /publishers/{publisherId}/linkbuilder/generate-batch POST /unique-product/{publisherId}Found on 2026-01-09 15:46
-
-
Open service 2.16.204.72:80 · api.awin.com
2026-01-09 15:46
HTTP/1.1 401 Unauthorized Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: default-src 'self' Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: DENY WWW-Authenticate: Bearer realm="oauth", error="unauthorized", error_description="Full authentication is required to access this resource" Content-Type: application/json Content-Length: 96 Expires: Fri, 09 Jan 2026 15:46:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 15:46:59 GMT Connection: close {"error":"unauthorized","description":"Full authentication is required to access this resource"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 2.16.204.72:80 · api.awin.com
2025-12-23 06:02
HTTP/1.1 401 Unauthorized Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: default-src 'self' Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: DENY WWW-Authenticate: Bearer realm="oauth", error="unauthorized", error_description="Full authentication is required to access this resource" Content-Type: application/json Content-Length: 96 Expires: Tue, 23 Dec 2025 06:02:51 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Dec 2025 06:02:51 GMT Connection: close {"error":"unauthorized","description":"Full authentication is required to access this resource"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 2.16.204.72:80 · api.awin.com
2025-12-21 03:35
HTTP/1.1 401 Unauthorized Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: default-src 'self' Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: DENY WWW-Authenticate: Bearer realm="oauth", error="unauthorized", error_description="Full authentication is required to access this resource" Content-Type: application/json Content-Length: 96 Expires: Sun, 21 Dec 2025 03:35:46 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 21 Dec 2025 03:35:46 GMT Connection: close {"error":"unauthorized","description":"Full authentication is required to access this resource"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 2.16.204.72:80 · api.awin.com
2025-12-19 05:09
HTTP/1.1 401 Unauthorized Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: default-src 'self' Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: DENY WWW-Authenticate: Bearer realm="oauth", error="unauthorized", error_description="Full authentication is required to access this resource" Content-Type: application/json Content-Length: 96 Expires: Fri, 19 Dec 2025 05:09:50 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 19 Dec 2025 05:09:50 GMT Connection: close {"error":"unauthorized","description":"Full authentication is required to access this resource"}Found 2025-12-19 by HttpPluginCreate report