Domain api.competitiongolf.com
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-02 17:56
Last seen 2026-02-09 18:22
Open for 38 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6053ede1cfcbbc1ddfe77c03b13b65b4d0dedc31cdPublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /organisations/{organisationId}/users/{organisationUserId} GET /clubs/anonymous/{nameFilter} GET /clubs/courses/{courseId}/teetypes GET /clubs/{clubId}/courses GET /clubs/{nameFilter} GET /competitions/{competitionId} GET /competitions/{competitionId}/brackets GET /competitions/{competitionId}/brackets/create GET /competitions/{competitionId}/brackets/{bracketId} GET /competitions/{competitionId}/invitations GET /competitions/{competitionId}/matches/{competitionBracketMatchId} GET /competitions/{competitionId}/matches/{competitionBracketMatchId}/anonymous GET /competitions/{competitionId}/matches/{competitionBracketMatchId}/notes GET /competitions/{competitionId}/pairs GET /competitions/{competitionId}/pairs/canregister GET /competitions/{competitionId}/pairs/{competitionTeamId} GET /competitions/{competitionId}/pairs/{competitionTeamId}/opponent GET /competitions/{competitionId}/pairs/{competitionTeamId}/stripepaymentdetails GET /competitions/{competitionId}/players GET /competitions/{competitionId}/players/export GET /competitions/{competitionId}/players/{competitionPlayerId}/results GET /competitions/{competitionId}/players/{competitionTeamMemberId}/status GET /competitions/{competitionId}/registrationsettings GET /competitions/{competitionId}/rounds GET /competitions/{competitionId}/rounds/{competitionRoundId}/export GET /competitions/{competitionId}/{competitionPlayerId} GET /courses/{courseId}/TeeTypes GET /courses/{courseId}/scorecard GET /events/{eventId} GET /events/{eventId}/agendaitems GET /events/{eventId}/competitionholes GET /events/{eventId}/devices GET /events/{eventId}/groups GET /events/{eventId}/groups/results GET /events/{eventId}/groups/user GET /events/{eventId}/groups/{groupId} GET /events/{eventId}/images GET /events/{eventId}/notices GET /events/{eventId}/organisationplayers GET /events/{eventId}/players GET /events/{eventId}/players/export GET /events/{eventId}/players/results GET /events/{eventId}/players/{playerId} GET /events/{eventId}/players/{playerId}/scorecard GET /events/{eventId}/prices GET /events/{eventId}/prizes GET /events/{eventId}/sponsors GET /events/{eventId}/teams GET /groups/{groupId} GET /groups/{groupId}/events GET /lookups/all GET /lookups/anonymous/county GET /lookups/competitionholes GET /lookups/country GET /lookups/county GET /lookups/eventformattype GET /lookups/eventlength GET /lookups/eventscoringorder GET /lookups/eventtiebreaktype GET /lookups/groupsize/{formatTypeId} GET /lookups/handicapallowance GET /lookups/organisationmembertype/{organisationId} GET /lookups/organisationtype GET /lookups/scoringType/{groupSizeId}/{formatTypeId} GET /lookups/stablefordpointstype GET /lookups/yellowballrotationtype GET /organisations/{organisationId}/brackets/{viewBracketCode} GET /organisations/{organisationId}/calendar/competitions GET /organisations/{organisationId}/calendar/events GET /organisations/{organisationId}/charts/eventsthisyear GET /organisations/{organisationId}/checkpermissions GET /organisations/{organisationId}/club GET /organisations/{organisationId}/competitioninvitations/{inviteCode} GET /organisations/{organisationId}/competitions GET /organisations/{organisationId}/competitions/current GET /organisations/{organisationId}/competitions/past GET /organisations/{organisationId}/competitions/registrationopen GET /organisations/{organisationId}/competitions/{teamCode}/resumeregistration GET /organisations/{organisationId}/customer/{organisationCustomerId} GET /organisations/{organisationId}/customer/{organisationCustomerId}/events GET /organisations/{organisationId}/customers GET /organisations/{organisationId}/customers/{filterString} GET /organisations/{organisationId}/events GET /organisations/{organisationId}/events/canbook GET /organisations/{organisationId}/events/demo GET /organisations/{organisationId}/events/past GET /organisations/{organisationId}/events/past/user GET /organisations/{organisationId}/events/upcoming GET /organisations/{organisationId}/events/upcoming/user GET /organisations/{organisationId}/events/{daysAhead}/count GET /organisations/{organisationId}/events/{daysBack}/countprevious GET /organisations/{organisationId}/events/{eventCode}/details GET /organisations/{organisationId}/groups GET /organisations/{organisationId}/meetings GET /organisations/{organisationId}/meetings/past/user GET /organisations/{organisationId}/meetings/upcoming/user GET /organisations/{organisationId}/member/{organisationMemberId} GET /organisations/{organisationId}/member/{organisationMemberId}/bio GET /organisations/{organisationId}/member/{organisationMemberId}/events GET /organisations/{organisationId}/members GET /organisations/{organisationId}/members/count GET /organisations/{organisationId}/members/society GET /organisations/{organisationId}/members/{organisationMemberId}/events GET /organisations/{organisationId}/members/{organisationMemberId}/meetings GET /organisations/{organisationId}/players/{eventId} GET /organisations/{organisationId}/settings GET /organisations/{organisationId}/sponsors GET /organisations/{organisationId}/sponsors/list GET /organisations/{organisationId}/sponsors/{sponsorId} GET /organisations/{organisationId}/sponsors/{sponsorId}/events GET /organisations/{organisationId}/support GET /organisations/{organisationId}/users GET /organisations/{organisationId}/users/details GET /organisations/{organisationId}/users/registration/{accountCode} GET /organisations/{organisationId}/visitor/{organisationMemberId} GET /organisations/{organisationId}/visitors GET /scoreboard/device/{deviceId} GET /scoreboard/{eventCode}/details GET /scoreboard/{eventCode}/images GET /scoreboard/{eventCode}/players/{playerHash} GET /scoreboard/{eventCode}/strokes GET /scoreboard/{eventCode}/teetimes GET /scoreboard/{eventCode}/theme GET /user/details GET /user/registration/{accountCode} GET /user/{userId} GET /user/{userId}/events GET /user/{userId}/handicap GET /user/{userId}/socialprofile POST /competitions/{competitionId}/brackets/import POST /competitions/{competitionId}/importplayer POST /competitions/{competitionId}/importplayers POST /competitions/{competitionId}/players/{competitionTeamMemberId}/image POST /competitions/{competitionId}/rounds/{competitionRoundId}/importmatches POST /events/submitscore POST /events/{eventId}/devices/{deviceId}/return/{groupId} POST /events/{eventId}/email/confirmation POST /events/{eventId}/groups/bulk POST /events/{eventId}/notices/{noticeId}/image POST /events/{eventId}/players/{playerId}/image POST /organisations/{organisationId}/competitions/codecheckout POST /organisations/{organisationId}/competitions/paypalcheckout POST /organisations/{organisationId}/competitions/stripecheckout POST /organisations/{organisationId}/competitions/validatecode POST /organisations/{organisationId}/customer POST /organisations/{organisationId}/event/{eventId}/importplayers POST /organisations/{organisationId}/events/create POST /organisations/{organisationId}/events/{eventId}/clone POST /organisations/{organisationId}/member POST /organisations/{organisationId}/player/{eventId} POST /organisations/{organisationId}/player/{organisationMemberId}/image POST /organisations/{organisationId}/sponsors/{sponsorId}/image POST /organisations/{organisationId}/users/invite POST /organisations/{organisationId}/users/{userInviteId} POST /organisations/{organisationId}/visitor POST /scoreboard/{eventCode}/players/{playerId}/image POST /user POST /user/{userId}/changepassword PUT /competitions/{competitionId}/brackets/publish PUT /competitions/{competitionId}/matches/{competitionBracketMatchId}/deadline PUT /competitions/{competitionId}/matches/{competitionBracketMatchId}/reset PUT /competitions/{competitionId}/matches/{competitionBracketMatchId}/switchpositions PUT /competitions/{competitionId}/pairs/{competitionTeamId}/register PUT /competitions/{competitionId}/players/{competitionPlayerId} PUT /competitions/{competitionId}/players/{competitionPlayerId}/changeposition PUT /competitions/{competitionId}/players/{competitionPlayerId}/replace PUT /competitions/{competitionId}/results/{competitionMatchId} PUT /competitions/{competitionId}/sendaccountreminders PUT /events/{eventId}/agendaitems/{agendaItemId} PUT /events/{eventId}/competitionholes/{competitionHoleId} PUT /events/{eventId}/finalise PUT /events/{eventId}/finalise/force PUT /events/{eventId}/group/{groupId} PUT /events/{eventId}/notices/{eventNoticeId} PUT /events/{eventId}/players/{ghostPlayerId}/ghost PUT /events/{eventId}/players/{playerId}/register/{isRegistered} PUT /events/{eventId}/sponsors/{eventSponsorId} PUT /organisations/{organisationId}/events/{eventId} PUT /organisations/{organisationId}/visitors/{organisationMemberId}/converttomember PUT /organisations/{organisationId}/visitors/{organisationMemberId}/converttovisitor PUT /scoreboard/{eventCode}/players/{playerId} PUT /user/{userId}/emailaddress PUT /user/{userId}/imageFound on 2026-02-09 18:22
-
-
Open service 52.232.26.228:443 · api.competitiongolf.com
2026-01-23 13:05
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 13:06:03 GMT Server: ZX Spectrum 48k Location: index.html Set-Cookie: TiPMix=7.06012635831642; path=/; HttpOnly; Domain=api.competitiongolf.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=api.competitiongolf.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=a9f9761156205d30496df6f366e16e6ba26df4a27a15e946a932cdf71877fd3b;Path=/;HttpOnly;Secure;Domain=api.competitiongolf.com Set-Cookie: ARRAffinitySameSite=a9f9761156205d30496df6f366e16e6ba26df4a27a15e946a932cdf71877fd3b;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.competitiongolf.com Strict-Transport-Security: max-age=31536000 X-Powered-By: Hyperdine Systems 120A/2 X-XSS-Protection: 1 X-Content-Type-Options: nosniff
Found 2026-01-23 by HttpPluginCreate report
-
Open service 52.232.26.228:443 · api.competitiongolf.com
2026-01-10 20:14
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Sat, 10 Jan 2026 20:15:03 GMT Server: ZX Spectrum 48k Location: index.html Set-Cookie: TiPMix=98.25982954246328; path=/; HttpOnly; Domain=api.competitiongolf.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=api.competitiongolf.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=a9f9761156205d30496df6f366e16e6ba26df4a27a15e946a932cdf71877fd3b;Path=/;HttpOnly;Secure;Domain=api.competitiongolf.com Set-Cookie: ARRAffinitySameSite=a9f9761156205d30496df6f366e16e6ba26df4a27a15e946a932cdf71877fd3b;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.competitiongolf.com Strict-Transport-Security: max-age=31536000 X-Powered-By: Hyperdine Systems 120A/2 X-XSS-Protection: 1 X-Content-Type-Options: nosniff
Found 2026-01-10 by HttpPluginCreate report
-
Open service 52.232.26.228:80 · api.competitiongolf.com
2026-01-10 20:14
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Sat, 10 Jan 2026 20:15:04 GMT Location: https://api.competitiongolf.com/
Found 2026-01-10 by HttpPluginCreate report
-
Open service 52.232.26.228:443 · api.competitiongolf.com
2026-01-10 01:20
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Sat, 10 Jan 2026 01:21:26 GMT Server: ZX Spectrum 48k Location: index.html Set-Cookie: TiPMix=87.1852931435941; path=/; HttpOnly; Domain=api.competitiongolf.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=api.competitiongolf.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=a9f9761156205d30496df6f366e16e6ba26df4a27a15e946a932cdf71877fd3b;Path=/;HttpOnly;Secure;Domain=api.competitiongolf.com Set-Cookie: ARRAffinitySameSite=a9f9761156205d30496df6f366e16e6ba26df4a27a15e946a932cdf71877fd3b;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.competitiongolf.com Strict-Transport-Security: max-age=31536000 X-Powered-By: Hyperdine Systems 120A/2 X-XSS-Protection: 1 X-Content-Type-Options: nosniff
Found 2026-01-10 by HttpPluginCreate report