LeakIX - Host api.legisio.com

Domain api.legisio.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.legisio.com
Port: 443
URL: https://api.legisio.com

First seen 2025-11-23 00:41
Last seen 2026-01-09 03:55
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b316633d74429b0e9d30c2cd05e71aa5128d9e09c

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /documents/{id}/files/{fileId}
DELETE /folders/{id}/directories/{directoryId}/files/{fileId}
DELETE /folders/{id}/intervenors/{intervenorId}
GET /admin/clients/{id}/logo
GET /calls
GET /dashboard/calendar
GET /dashboard/counters
GET /documents
GET /documents/{id}/files
GET /events
GET /events/calendar
GET /folders
GET /folders/codes
GET /folders/{id}
GET /folders/{id}/directories
GET /folders/{id}/directories/{directoryId}/files
GET /folders/{id}/documents
GET /folders/{id}/events
GET /folders/{id}/historic
GET /folders/{id}/intervenors
GET /folders/{id}/invoices
GET /folders/{id}/tasks
GET /invoices
GET /invoices/{id}
GET /invoices/{id}/download
GET /jurisdictions
GET /letters
GET /tasks
GET /templates
GET /users
GET /users/{id}
GET /wopi/files/{name}
GET /wopi/files/{name}/contents
PATCH /calls/{id}/markAsPinned/{isPinned}
PATCH /documents/{id}/files/
PATCH /events/{id}/calendar
PATCH /events/{id}/markAsPinned/{isPinned}
PATCH /folders/{id}/directories/{directoryId}/files/
PATCH /invoices/{id}/markAsPaid
PATCH /letters/{id}/markAsExecuted/{isPinned}
PATCH /tasks/{id}/markAsExecuted/{isPinned}
POST /admin/clients
PUT /admin/clients/{id}
PUT /calls/{id}
PUT /documents/{id}
PUT /events/{id}
PUT /folders/{id}/archive
PUT /folders/{id}/directories/{directoryId}
PUT /letters/{id}
PUT /tasks/{id}

Found on 2026-01-09 03:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 15.197.253.240
Domain: api.legisio.com
Port: 80
URL: http://api.legisio.com

First seen 2025-11-23 00:41
Last seen 2026-01-08 23:31
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b316633d74429b0e9d30c2cd05e71aa5128d9e09c

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /documents/{id}/files/{fileId}
DELETE /folders/{id}/directories/{directoryId}/files/{fileId}
DELETE /folders/{id}/intervenors/{intervenorId}
GET /admin/clients/{id}/logo
GET /calls
GET /dashboard/calendar
GET /dashboard/counters
GET /documents
GET /documents/{id}/files
GET /events
GET /events/calendar
GET /folders
GET /folders/codes
GET /folders/{id}
GET /folders/{id}/directories
GET /folders/{id}/directories/{directoryId}/files
GET /folders/{id}/documents
GET /folders/{id}/events
GET /folders/{id}/historic
GET /folders/{id}/intervenors
GET /folders/{id}/invoices
GET /folders/{id}/tasks
GET /invoices
GET /invoices/{id}
GET /invoices/{id}/download
GET /jurisdictions
GET /letters
GET /tasks
GET /templates
GET /users
GET /users/{id}
GET /wopi/files/{name}
GET /wopi/files/{name}/contents
PATCH /calls/{id}/markAsPinned/{isPinned}
PATCH /documents/{id}/files/
PATCH /events/{id}/calendar
PATCH /events/{id}/markAsPinned/{isPinned}
PATCH /folders/{id}/directories/{directoryId}/files/
PATCH /invoices/{id}/markAsPaid
PATCH /letters/{id}/markAsExecuted/{isPinned}
PATCH /tasks/{id}/markAsExecuted/{isPinned}
POST /admin/clients
PUT /admin/clients/{id}
PUT /calls/{id}
PUT /documents/{id}
PUT /events/{id}
PUT /folders/{id}/archive
PUT /folders/{id}/directories/{directoryId}
PUT /letters/{id}
PUT /tasks/{id}

Found on 2026-01-08 23:31

Create report

Open service 99.83.185.157:443 · api.legisio.com

2026-01-09 03:55

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 09 Jan 2026 03:55:14 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2Bx6tjknzg5J90MLw%2BoBr2tCsIUTBU7SxFl9bn8Tx4kw%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767930914"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2Bx6tjknzg5J90MLw%2BoBr2tCsIUTBU7SxFl9bn8Tx4kw%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767930914"
Server: Heroku
Set-Cookie: JSESSIONID=62D7D31D7D5B21EEA0DD920C6B83D37F; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.legisio.com

2026-01-08 23:31

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Thu, 08 Jan 2026 23:32:20 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=EC%2Fodj%2FPPME9AR%2FKgtLWyvEWZig%2BMMX7kNsfmeYjuQc%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767915140"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=EC%2Fodj%2FPPME9AR%2FKgtLWyvEWZig%2BMMX7kNsfmeYjuQc%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767915140"
Server: Heroku
Set-Cookie: JSESSIONID=829BF8325C343726CB940286832D9E84; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-08 by HttpPlugin

Create report

Open service 99.83.185.157:443 · api.legisio.com

2026-01-02 09:04

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 02 Jan 2026 09:04:31 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Sh%2BoLj8OArWA9hQwcn95v9j%2FekPgFgdWkJv8ut0Rtu4%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767344671"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Sh%2BoLj8OArWA9hQwcn95v9j%2FekPgFgdWkJv8ut0Rtu4%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767344671"
Server: Heroku
Set-Cookie: JSESSIONID=9BBF3D7CD3B4E50EA3361E5B159BBAC6; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.legisio.com

2026-01-01 22:05

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Thu, 01 Jan 2026 22:05:24 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=aYfpyUCi%2BF%2FCnJYLcQEeOZwCe8pVesHHSfYYV1rWrzw%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767305124"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=aYfpyUCi%2BF%2FCnJYLcQEeOZwCe8pVesHHSfYYV1rWrzw%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767305124"
Server: Heroku
Set-Cookie: JSESSIONID=FD35A024D621F00ADA688F5ED01CD6E9; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-01 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.legisio.com

2025-12-30 06:26

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 30 Dec 2025 06:26:37 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=K1ExauJ7H2cKYdGxWEpeUonO8Ag6peaDMTPK9zcR83c%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767075997"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=K1ExauJ7H2cKYdGxWEpeUonO8Ag6peaDMTPK9zcR83c%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767075997"
Server: Heroku
Set-Cookie: JSESSIONID=AE9FCBEE5527259D5981EAE66FFFE665; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-30 by HttpPlugin

Create report

Open service 99.83.185.157:443 · api.legisio.com

2025-12-22 20:46

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Mon, 22 Dec 2025 20:46:20 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=db7%2FGC55ngXFuYf6N%2FlBmg73Mx%2Buu352EvCvQ6xbXVo%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766436380"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=db7%2FGC55ngXFuYf6N%2FlBmg73Mx%2Buu352EvCvQ6xbXVo%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766436380"
Server: Heroku
Set-Cookie: JSESSIONID=6F0A2910D43B6F0EFF24750F0556AAA9; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.legisio.com

2025-12-22 12:27

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Mon, 22 Dec 2025 12:27:44 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=v832EGe31u39Y1Y9D8orcDw223gHqLA4CdvQQDviykg%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766406465"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=v832EGe31u39Y1Y9D8orcDw223gHqLA4CdvQQDviykg%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766406465"
Server: Heroku
Set-Cookie: JSESSIONID=DBA0BD24FF8FE9C7FBA4A3D01CC9FAF2; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.185.157:443 · api.legisio.com

2025-12-21 00:49

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 21 Dec 2025 00:49:52 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=G6cV2GeyhUH8nFAouzJoBfhen8vt5T1Qi5w03RAMyqM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766278192"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=G6cV2GeyhUH8nFAouzJoBfhen8vt5T1Qi5w03RAMyqM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766278192"
Server: Heroku
Set-Cookie: JSESSIONID=FE1DC73F48EA4D209C255A7E532E87D8; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-21 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.legisio.com

2025-12-20 10:35

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sat, 20 Dec 2025 10:35:32 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=XjkX2aCKPQUqbzDKqVkdqIWyyZMF%2BFGkseXPHll%2B6FM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766226932"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=XjkX2aCKPQUqbzDKqVkdqIWyyZMF%2BFGkseXPHll%2B6FM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766226932"
Server: Heroku
Set-Cookie: JSESSIONID=85160C727E691ABA6E37CE16FD59383E; Path=/; HttpOnly
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 99.83.185.157:443 · api.legisio.com

2025-12-19 06:05

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 19 Dec 2025 06:05:10 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=kRamkSFBQ0BiT53oI017lRhlhKi7JAB6W%2BED06dk94I%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766124310"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=kRamkSFBQ0BiT53oI017lRhlhKi7JAB6W%2BED06dk94I%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766124310"
Server: Heroku
Set-Cookie: JSESSIONID=B366F54C55E306C6F6CFC9D4E049A8AC; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
Www-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-19 by HttpPlugin

Create report

api.legisio.com

Fingerprint:

b2d1f4cf121f59c49b836099c2ddfa8630f543c9b2167bd17dcc2cd7b3b456eb

CN:

api.legisio.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-22 23:42

Not after:

2026-02-20 23:42

Domain summary

api.legisio.com 11

1 recorded

IP summary

99.83.185.157 1 15.197.253.240 1

2 recorded