Domain api.rightask.ai
United States
Software information
Vercel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-24 17:47
Last seen 2026-01-09 23:14
Open for 77 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff439601e1d463b28e5a2944b34a1960af8c530ba68ePublic Swagger UI/API detected at path: /swagger.json - sample paths: DELETE /api/assets/bulk-delete DELETE /api/assets/collections/{collectionId} DELETE /api/chatbot/chatbots/{id}/contacts/{email}/notes/{noteId} DELETE /api/chatbot/chatbots/{id}/contacts/{email}/tags/{tagId} DELETE /api/chatbot/chatbots/{id}/documents/{documentId} DELETE /api/chatbot/conversations/{conversationId}/notes/{noteId} GET /api/agent/config GET /api/agent/conversations GET /api/agent/conversations/search GET /api/agent/conversations/{conversationId} GET /api/agent/conversations/{conversationId}/export GET /api/agent/conversations/{conversationId}/messages GET /api/agent/models GET /api/agent/personas GET /api/agent/stats GET /api/assets GET /api/assets/analytics GET /api/assets/categories GET /api/assets/collections GET /api/assets/collections/{collectionName} GET /api/assets/profile-picture GET /api/assets/search GET /api/assets/stats GET /api/assets/{fileId} GET /api/assets/{fileId}/content GET /api/assets/{fileId}/metadata GET /api/chatbot/chatbots GET /api/chatbot/chatbots/examples GET /api/chatbot/chatbots/{id} GET /api/chatbot/chatbots/{id}/configuration GET /api/chatbot/chatbots/{id}/contacts GET /api/chatbot/chatbots/{id}/contacts/stats GET /api/chatbot/chatbots/{id}/contacts/{email} GET /api/chatbot/chatbots/{id}/contacts/{email}/insights GET /api/chatbot/chatbots/{id}/contacts/{email}/notes GET /api/chatbot/chatbots/{id}/contacts/{email}/tags GET /api/chatbot/chatbots/{id}/documents GET /api/chatbot/chatbots/{id}/embed-code GET /api/chatbot/chatbots/{id}/visitor-conversations GET /api/chatbot/chatbots/{id}/visitor-conversations/stats GET /api/chatbot/chatbots/{id}/visitor-conversations/{conversationId} GET /api/chatbot/chatbots/{id}/visitor-conversations/{conversationId}/messages GET /api/chatbot/conversations/{conversationId}/insights GET /api/chatbot/conversations/{conversationId}/notes GET /api/health/ai-agent GET /api/health/assets GET /api/health/system GET /api/health/user-management GET /api/public/chatbots/{embedToken}/config GET /api/public/conversations/{conversationId} GET /api/public/conversations/{conversationId}/messages GET /api/public/conversations/{conversationId}/suggestions GET /api/system GET /api/users/ GET /api/users/auth0/{auth0Id} GET /api/users/me GET /api/users/stats GET /api/users/{userId} GET /health PATCH /api/assets/bulk-update PATCH /api/chatbot/chatbots/{id}/visitor-conversations/{conversationId}/resolution-status PATCH /api/chatbot/chatbots/{id}/visitor-conversations/{conversationId}/tags POST /api/agent/chat POST /api/agent/conversations/import POST /api/agent/conversations/{conversationId}/archive POST /api/agent/messages/{messageId}/rate POST /api/agent/messages/{messageId}/regenerate POST /api/assets/collections/{collectionId}/add POST /api/assets/collections/{collectionId}/remove POST /api/assets/upload POST /api/assets/upload-multiple POST /api/assets/{fileId}/download-url POST /api/assets/{fileId}/favorite POST /api/assets/{fileId}/set-profile-picture POST /api/chatbot/chatbots/message-suggestion POST /api/chatbot/chatbots/name-suggestion POST /api/chatbot/conversations/{conversationId}/analyze POST /api/public/chatbot/{chatbotId}/conversations POST /api/public/conversations/{conversationId}/end POST /api/users/auth0-events POST /api/users/registration PUT /api/agent/messages/{messageId}Found on 2026-01-09 23:14 -
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff439601e1d463b28e5a496f82aa82351ff473ccb614Public Swagger UI/API detected at path: /swagger.json - sample paths: DELETE /api/assets/bulk-delete DELETE /api/assets/collections/{collectionId} GET /api/agent/config GET /api/agent/conversations GET /api/agent/conversations/search GET /api/agent/conversations/{conversationId} GET /api/agent/conversations/{conversationId}/export GET /api/agent/conversations/{conversationId}/messages GET /api/agent/models GET /api/agent/personas GET /api/agent/stats GET /api/assets GET /api/assets/analytics GET /api/assets/categories GET /api/assets/collections GET /api/assets/collections/{collectionName} GET /api/assets/search GET /api/assets/stats GET /api/assets/{fileId} GET /api/assets/{fileId}/metadata GET /api/health/ai-agent GET /api/health/assets GET /api/health/system GET /api/health/user-management GET /api/system GET /api/users/ GET /api/users/auth0/{auth0Id} GET /api/users/me GET /api/users/stats GET /api/users/{userId} GET /health PATCH /api/assets/bulk-update POST /api/agent/chat POST /api/agent/conversations/import POST /api/agent/conversations/{conversationId}/archive POST /api/agent/messages/{messageId}/rate POST /api/agent/messages/{messageId}/regenerate POST /api/assets/collections/{collectionId}/add POST /api/assets/collections/{collectionId}/remove POST /api/assets/presigned-upload-url POST /api/assets/profile-picture POST /api/assets/upload POST /api/assets/upload-multiple POST /api/assets/{fileId}/confirm POST /api/assets/{fileId}/download-url POST /api/assets/{fileId}/favorite POST /api/assets/{fileId}/set-profile-picture POST /api/users/auth0-events POST /api/users/registration PUT /api/agent/messages/{messageId}Found on 2025-12-22 13:50
-
-
Open service 216.150.1.1:443 · api.rightask.ai
2026-01-09 23:14
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Content-Disposition,Content-Length,Content-Type Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 391 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https://unpkg.com https://cdnjs.cloudflare.com;form-action 'self';frame-ancestors 'none';img-src 'self' data: https:;object-src 'none';script-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';script-src-attr 'none';style-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://auth.rightask.ai Content-Type: application/json; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Date: Fri, 09 Jan 2026 23:14:26 GMT Etag: W/"187-Fb9HkQcW9L+4dpM9muq37Jq9aDw" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 1000 Ratelimit-Policy: 1000;w=900 Ratelimit-Remaining: 999 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: bom1::iad1::hs6f9-1768000465873-16589f26bbf0 X-Xss-Protection: 0 Connection: close {"name":"RightAsk Backend API","version":"1.0.0","status":"running","authentication":"OAuth2 Bearer Token","documentation":"/api-docs","environment":"production","message":"API Gateway is healthy and operational. All endpoints require OAuth2 Bearer token authentication. Asset access uses secure presigned URLs that expire after 1 hour.","timestamp":"2026-01-09T23:14:26.265Z","uptime":5597}Found 3 days ago by HttpPluginCreate report
-
Open service 216.150.1.1:443 · api.rightask.ai
2026-01-02 12:56
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Content-Disposition,Content-Length,Content-Type Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 391 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https://unpkg.com https://cdnjs.cloudflare.com;form-action 'self';frame-ancestors 'none';img-src 'self' data: https:;object-src 'none';script-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';script-src-attr 'none';style-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://auth.rightask.ai Content-Type: application/json; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Date: Fri, 02 Jan 2026 12:56:51 GMT Etag: W/"187-UlpptZ7p3aiUmbdTgze1QXwK15U" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 1000 Ratelimit-Policy: 1000;w=900 Ratelimit-Remaining: 999 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::zfqrv-1767358611527-c958c834c867 X-Xss-Protection: 0 Connection: close {"name":"RightAsk Backend API","version":"1.0.0","status":"running","authentication":"OAuth2 Bearer Token","documentation":"/api-docs","environment":"production","message":"API Gateway is healthy and operational. All endpoints require OAuth2 Bearer token authentication. Asset access uses secure presigned URLs that expire after 1 hour.","timestamp":"2026-01-02T12:56:51.717Z","uptime":2541}Found 2026-01-02 by HttpPluginCreate report
-
Open service 216.150.1.1:443 · api.rightask.ai
2025-12-22 13:50
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 322 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https://unpkg.com https://cdnjs.cloudflare.com;form-action 'self';frame-ancestors 'none';img-src 'self' data: https:;object-src 'none';script-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';script-src-attr 'none';style-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://auth.rightask.ai Content-Type: application/json; charset=utf-8 Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 13:50:19 GMT Etag: W/"142-RexzYZHFR9/6LBdsivwajEgOHNU" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 1000 Ratelimit-Policy: 1000;w=900 Ratelimit-Remaining: 999 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::vmzgg-1766411418046-473fc9235495 X-Xss-Protection: 0 Connection: close {"name":"RightAsk Backend API","version":"1.0.0","status":"running","authentication":"OAuth2 Bearer Token","documentation":"/api-docs","environment":"production","message":"API Gateway is healthy and operational. All endpoints require OAuth2 Bearer token authentication.","timestamp":"2025-12-22T13:50:19.848Z","uptime":1}Found 2025-12-22 by HttpPluginCreate report
-
Open service 216.150.1.1:443 · api.rightask.ai
2025-12-20 10:25
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 322 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https://unpkg.com https://cdnjs.cloudflare.com;form-action 'self';frame-ancestors 'none';img-src 'self' data: https:;object-src 'none';script-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';script-src-attr 'none';style-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://auth.rightask.ai Content-Type: application/json; charset=utf-8 Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 10:25:56 GMT Etag: W/"142-4ok527XRl3mVvCAroNk+n172Ebw" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 1000 Ratelimit-Policy: 1000;w=900 Ratelimit-Remaining: 999 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::v9stk-1766226354944-4e2cbfc1eee7 X-Xss-Protection: 0 Connection: close {"name":"RightAsk Backend API","version":"1.0.0","status":"running","authentication":"OAuth2 Bearer Token","documentation":"/api-docs","environment":"production","message":"API Gateway is healthy and operational. All endpoints require OAuth2 Bearer token authentication.","timestamp":"2025-12-20T10:25:56.664Z","uptime":1}Found 2025-12-20 by HttpPluginCreate report
-
Open service 216.150.1.1:443 · api.rightask.ai
2025-12-19 10:49
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 322 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https://unpkg.com https://cdnjs.cloudflare.com;form-action 'self';frame-ancestors 'none';img-src 'self' data: https:;object-src 'none';script-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';script-src-attr 'none';style-src 'self' https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://auth.rightask.ai Content-Type: application/json; charset=utf-8 Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 10:49:06 GMT Etag: W/"142-dIeDDFr5gBq9YQ9iZ5JukwLvsmc" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 1000 Ratelimit-Policy: 1000;w=900 Ratelimit-Remaining: 999 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: bom1::iad1::fmmhb-1766141344343-a412a57af6b6 X-Xss-Protection: 0 Connection: close {"name":"RightAsk Backend API","version":"1.0.0","status":"running","authentication":"OAuth2 Bearer Token","documentation":"/api-docs","environment":"production","message":"API Gateway is healthy and operational. All endpoints require OAuth2 Bearer token authentication.","timestamp":"2025-12-19T10:49:06.484Z","uptime":1}Found 2025-12-19 by HttpPluginCreate report