Domain api.data.uwaterloo.ca
Canada
Software information
Microsoft-IIS 10.0
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-30 05:39
Last seen 2026-02-09 15:33
Open for 41 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6031d5359d2207bad14a4da01f10c1006a81b6d3efPublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/v1/AcademicPlans/{code} GET /api/v1/AcademicPlans/{code}/{term} GET /api/v1/AcademicPlans/{term} GET /api/v1/Applications/{id} GET /api/v1/Applications/{id}/{term} GET /api/v1/ClassPersons/{term}/{classNumber} GET /api/v1/ClassPersons/{term}/{classNumber}/details GET /api/v1/ClassPersons/{term}/{courseId}/{offerNumber} GET /api/v1/ClassPersons/{term}/{courseId}/{offerNumber}/details GET /api/v1/ClassPersons/{term}/{courseId}/{session}/{section} GET /api/v1/ClassPersons/{term}/{courseId}/{session}/{section}/details GET /api/v1/ClassPersons/{term}/{subject}/{classNumber}/{section} GET /api/v1/ClassPersons/{term}/{subject}/{classNumber}/{section}/details GET /api/v1/ClassSchedules/{id}/{offerNumber} GET /api/v1/ClassSchedules/{id}/{term}/{offerNumber} GET /api/v1/ClassSchedules/{term}/bycourseid/{courseId} GET /api/v1/ClassSchedules/{term}/instructedby/{id} GET /api/v1/ClassSchedules/{term}/{classNumber} GET /api/v1/CourseEnrollments/{id} GET /api/v1/CourseEnrollments/{id}/current GET /api/v1/CourseEnrollments/{id}/{subject}/{code} GET /api/v1/CourseEnrollments/{id}/{term} GET /api/v1/Courses/{id} GET /api/v1/Courses/{id}/{term} GET /api/v1/Courses/{id}/{term}/{offerNumber} GET /api/v1/Courses/{term} GET /api/v1/Courses/{term}/group/{academicGroupCode} GET /api/v1/Courses/{term}/group/{academicGroupCode}/{level} GET /api/v1/Courses/{term}/org/{academicOrgCode} GET /api/v1/Courses/{term}/org/{academicOrgCode}/{level} GET /api/v1/Courses/{term}/search/{search} GET /api/v1/Courses/{term}/{subject} GET /api/v1/Courses/{term}/{subject}/{level} GET /api/v1/GraphPerson/{id} GET /api/v1/Indicators/{id} GET /api/v1/PersonClassWorkload/{classNumber}/{fromDate}/{todate} GET /api/v1/PersonClassWorkload/{planCode}/{academicLevel}/{fromDate}/{toDate} GET /api/v1/PersonClassWorkload/{term}/{classNumber} GET /api/v1/PersonClassWorkload/{term}/{planCode}/{academicLevel} GET /api/v1/PersonMilestones/{id} GET /api/v1/PersonMilestones/{id}/{date} GET /api/v1/PersonPhoto/{id} GET /api/v1/PersonPhoto/{id}/bytes GET /api/v1/Persons/@{id} GET /api/v1/Persons/{id} GET /api/v1/Persons/{id}/contacts GET /api/v1/Persons/{id}/contacts/email GET /api/v1/Persons/{id}/contacts/phone GET /api/v1/Persons/{id}/contacts/physical GET /api/v1/Persons/{id}/degrees GET /api/v1/Persons/{id}/extended GET /api/v1/Persons/{id}/private GET /api/v1/Persons/{id}/terms GET /api/v1/Persons/{id}/terms/current GET /api/v1/Persons/{id}/terms/{term} GET /api/v1/Status/Anonymous GET /api/v1/Status/Authorize GET /api/v1/Status/Error GET /api/v1/Status/Status GET /api/v1/TermStatistics/academicgroupenrollment/{term} GET /api/v1/Terms GET /api/v1/Terms/{term} GET /api/v1/Terms/{term}/registrations GET /api/v1/TutorConnectFlags/{id}/{subject}/{catalogNumber} GET /api/v1/WatiamPersons/indepartment/{id} GET /api/v1/WatiamPersons/newsince/{date} GET /api/v1/WatiamPersons/search/{id} GET /api/v1/WatiamPersons/{hrid} GET /api/v1/WatiamPersons/{id} GET /api/v1/WatiamPersons/{id}/extended POST /api/v1/WatiamPersons/validateFound on 2026-02-09 15:33
-
-
Open service 52.233.38.143:443 · api.data.uwaterloo.ca
2026-01-08 20:27
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Thu, 08 Jan 2026 20:28:29 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=b94576c2d163020e8817f221b76de4b33a22a5901de8abf953ffba7f6962ecc3;Path=/;HttpOnly;Secure;Domain=api.data.uwaterloo.ca Set-Cookie: ARRAffinitySameSite=b94576c2d163020e8817f221b76de4b33a22a5901de8abf953ffba7f6962ecc3;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.data.uwaterloo.ca Strict-Transport-Security: max-age=2592000 X-Powered-By: ASP.NET
Found 2026-01-08 by HttpPluginCreate report
-
Open service 52.233.38.143:443 · api.data.uwaterloo.ca
2026-01-01 22:52
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Thu, 01 Jan 2026 22:52:15 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=b94576c2d163020e8817f221b76de4b33a22a5901de8abf953ffba7f6962ecc3;Path=/;HttpOnly;Secure;Domain=api.data.uwaterloo.ca Set-Cookie: ARRAffinitySameSite=b94576c2d163020e8817f221b76de4b33a22a5901de8abf953ffba7f6962ecc3;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.data.uwaterloo.ca Strict-Transport-Security: max-age=2592000 X-Powered-By: ASP.NET
Found 2026-01-01 by HttpPluginCreate report