Domain api.moibook.in
India
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-31 14:42
Last seen 2025-11-10 14:51
Open for 10 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4390dd7c8be7af5181287c0201a84b95b194aae3b7Public Swagger UI/API detected at path: /swagger.json - sample paths: DELETE /auth/account/delete DELETE /entries/entry/private/delete/{data_uuid} DELETE /entries/moipaid/delete/{unique_id} DELETE /events/delete/{event_code} DELETE /reports/delete/{report_unique_id} GET /auth/account/deletion GET /auth/assets GET /auth/assets/images GET /auth/email/verify GET /auth/email/verify/status GET /auth/google-oauth2 GET /auth/me GET /auth/share/data/get GET /counter/event/info GET /counter/get/all/{event_code} GET /counter/get/credentials/{auth_code} GET /counter/ping GET /entries/dashboard/dashboard-stats GET /entries/dashboard/recent-moi-activity GET /entries/entry/event/{event_code} GET /entries/entry/get/id/{data_uuid} GET /entries/moipaid/get GET /entries/moipaid/get/{unique_id} GET /entries/recent-moi GET /entries/relations GET /events/add/contact/{event_code} GET /events/event-types GET /events/get/all GET /events/get/event/stats/{event_code} GET /events/get/list/all GET /events/get/recent GET /events/get/{event_code} GET /events/public/e/{event_code} GET /events/states-list GET /notifications/inapp/fetch GET /notifications/inapp/fetch/count GET /notifications/settings GET /payments/billing GET /payments/buy/credits/history GET /payments/client GET /payments/credit/invoice/{transaction_id} GET /payments/credits/get GET /reports/download/{report_unique_id} GET /reports/get/all GET /reports/status/{report_unique_id} GET /reports/test POST /auth/account/activate POST /auth/login POST /auth/logout POST /auth/refresh POST /auth/register POST /auth/resend-otp POST /auth/share/data/request POST /counter/create/{event_code} POST /counter/credentials/reissue/{auth_code} POST /counter/entry/create POST /counter/entry/delete/{data_uuid} POST /counter/entry/logs POST /counter/entry/update/{data_uuid} POST /counter/login POST /counter/logout POST /counter/refresh POST /counter/status/update/{auth_code} POST /entries/entry/private/status/{data_uuid} POST /entries/entry/private/update/{data_uuid} POST /entries/entry/private/{form_uuid} POST /entries/entry/public/status/{data_uuid} POST /entries/entry/public/{form_uuid} POST /entries/moi-paid/approve/{unique_id} POST /entries/moi-paid/reject/{unique_id} POST /entries/moipaid/create POST /events/create POST /events/generate-qr POST /events/meta/update/{event_code} POST /events/publish/{event_code} POST /events/unpublish/{event_code} POST /events/update/payment/{event_code} POST /events/upload/image/{event_code} POST /notifications/create-inapp-notification/report POST /notifications/inapp/update/status/{log_id} POST /notifications/settings/update POST /payments/billing/update POST /payments/buy/credit POST /payments/buy/credit/calculate POST /payments/buy/credit/verify POST /payments/client/verify POST /payments/webhook POST /reports/report PUT /auth/update PUT /auth/update/email PUT /auth/update/profile PUT /entries/moipaid/update/{unique_id} PUT /events/add/banner/{event_code} PUT /events/add/location/{event_code} PUT /events/update/{event_code}Found on 2025-11-10 14:51
-