Domain auth.api.staging.sdocs.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 35.71.145.101
Domain: auth.api.staging.sdocs.com
Port: 443
URL: https://auth.api.staging.sdocs.comFirst seen 2025-12-05 00:07
Last seen 2026-01-09 21:17
Open for 35 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b51c203798342c20326361c9d7165e0fee23706ccPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /settings/user/{customerUserId} GET /app/customer/{customerId}/status GET /app/install/oauth-callback GET /app/{platformId}/owner GET /auth/info GET /authtoken/{platformId} GET /customer-user GET /customer-user/platform-details GET /customer-user/{customerUserId} GET /customer-user/{customerUserId}/role GET /customer-users GET /customer/connected-applications GET /customer/platform/{platformId} GET /customer/platform/{platformId}/owner GET /customer/{customerId} GET /customer/{customerId}/connected-application/{connectedAppId} GET /customer/{customerId}/connected-application/{connectedAppId}/user-connection/{userConnectionId} GET /customer/{customerId}/connected-applications GET /customer/{customerId}/entitlement GET /customer/{customerId}/entitlement/{entitlementName} GET /customer/{customerId}/order GET /login-user/details GET /role-permission GET /settings/users GET /user/{id} GET /users PATCH /customer/{customerId}/connected-application/{connectedAppId}/connect PATCH /customer/{customerId}/connected-application/{connectedAppId}/disconnect PATCH /customer/{customerId}/order/{orderId} POST /auth POST /authtoken POST /customer/{customerId}/activate POST /customer/{customerId}/connected-application POST /customer/{customerId}/connected-application/{connectedAppId}/user-connection POST /settings/user POST /user PUT /customer/{customerId}/entitlement/{entitlementName}/decrement PUT /customer/{customerId}/entitlement/{entitlementName}/incrementFound on 2026-01-09 21:17
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-05 00:07
Last seen 2026-01-09 18:35
Open for 35 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b51c203798342c20326361c9d7165e0fee23706ccPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /settings/user/{customerUserId} GET /app/customer/{customerId}/status GET /app/install/oauth-callback GET /app/{platformId}/owner GET /auth/info GET /authtoken/{platformId} GET /customer-user GET /customer-user/platform-details GET /customer-user/{customerUserId} GET /customer-user/{customerUserId}/role GET /customer-users GET /customer/connected-applications GET /customer/platform/{platformId} GET /customer/platform/{platformId}/owner GET /customer/{customerId} GET /customer/{customerId}/connected-application/{connectedAppId} GET /customer/{customerId}/connected-application/{connectedAppId}/user-connection/{userConnectionId} GET /customer/{customerId}/connected-applications GET /customer/{customerId}/entitlement GET /customer/{customerId}/entitlement/{entitlementName} GET /customer/{customerId}/order GET /login-user/details GET /role-permission GET /settings/users GET /user/{id} GET /users PATCH /customer/{customerId}/connected-application/{connectedAppId}/connect PATCH /customer/{customerId}/connected-application/{connectedAppId}/disconnect PATCH /customer/{customerId}/order/{orderId} POST /auth POST /authtoken POST /customer/{customerId}/activate POST /customer/{customerId}/connected-application POST /customer/{customerId}/connected-application/{connectedAppId}/user-connection POST /settings/user POST /user PUT /customer/{customerId}/entitlement/{entitlementName}/decrement PUT /customer/{customerId}/entitlement/{entitlementName}/incrementFound on 2026-01-09 18:35
-
-
Open service 35.71.145.101:443 · auth.api.staging.sdocs.com
2026-01-09 21:17
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 09 Jan 2026 21:18:00 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=0eSRj1CO20R0xXEi0Rvw0IZ5TS1RfdFzDoesjMzE4DY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767993480"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=0eSRj1CO20R0xXEi0Rvw0IZ5TS1RfdFzDoesjMzE4DY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767993480" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2026-01-09T21:18:00.159962546Z","message":"No User Details","details":"uri=/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · auth.api.staging.sdocs.com
2026-01-09 18:35
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 09 Jan 2026 18:36:36 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AiHzx2Ee%2FWOod1xYY40AXHd8TUJnFgpW%2FvrjI1yoNvw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767983796"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AiHzx2Ee%2FWOod1xYY40AXHd8TUJnFgpW%2FvrjI1yoNvw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767983796" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2026-01-09T18:36:36.069043015Z","message":"No User Details","details":"uri=/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · auth.api.staging.sdocs.com
2026-01-02 21:48
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 02 Jan 2026 21:48:19 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=RQbn0lxGNEHOLNY3WiXy5qXF3qH0Rd81tFBwBC7oFGM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767390499"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=RQbn0lxGNEHOLNY3WiXy5qXF3qH0Rd81tFBwBC7oFGM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767390499" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2026-01-02T21:48:19.475394926Z","message":"No User Details","details":"uri=/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · auth.api.staging.sdocs.com
2026-01-02 14:12
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 02 Jan 2026 14:12:24 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=lYGXXCyz0BXSTG7%2Ba01TfesK0RF3bkPypE%2B8iwZkTeo%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767363144"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=lYGXXCyz0BXSTG7%2Ba01TfesK0RF3bkPypE%2B8iwZkTeo%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767363144" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2026-01-02T14:12:24.722961128Z","message":"No User Details","details":"uri=/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · auth.api.staging.sdocs.com
2025-12-23 04:31
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Tue, 23 Dec 2025 04:31:17 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3Ki4JrwW%2BuAW3C8T2BTA9hyWbxSd2aqSNOxER0BJerg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766464277"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3Ki4JrwW%2BuAW3C8T2BTA9hyWbxSd2aqSNOxER0BJerg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766464277" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2025-12-23T04:31:17.395696154Z","message":"No User Details","details":"uri=/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · auth.api.staging.sdocs.com
2025-12-22 17:16
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Mon, 22 Dec 2025 17:16:20 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ykk2XscB3fGX38i0ZkDdWqyqQ%2FQBS4pb%2B1texEiWq0o%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766423781"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ykk2XscB3fGX38i0ZkDdWqyqQ%2FQBS4pb%2B1texEiWq0o%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766423781" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2025-12-22T17:16:21.050459266Z","message":"No User Details","details":"uri=/"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · auth.api.staging.sdocs.com
2025-12-21 10:06
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Sun, 21 Dec 2025 10:06:44 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=f0ZLYHUxA%2BS35vre7S92oK2BjqTVmiWYY26dtMVkM3o%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766311604"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=f0ZLYHUxA%2BS35vre7S92oK2BjqTVmiWYY26dtMVkM3o%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766311604" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2025-12-21T10:06:44.683834415Z","message":"No User Details","details":"uri=/"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · auth.api.staging.sdocs.com
2025-12-20 17:19
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Sat, 20 Dec 2025 17:19:26 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=imyTGunl%2FcIYviWtSkQURuz2o3PdjhEejk8kSb38%2B9o%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766251167"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=imyTGunl%2FcIYviWtSkQURuz2o3PdjhEejk8kSb38%2B9o%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766251167" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2025-12-20T17:19:27.344992512Z","message":"No User Details","details":"uri=/"}Found 2025-12-20 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · auth.api.staging.sdocs.com
2025-12-19 06:44
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 19 Dec 2025 06:45:02 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Hh6rpWAmfYjyUmUAZdY8%2Bm%2BR19dYrSBE5Vub6qRMlbc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766126702"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Hh6rpWAmfYjyUmUAZdY8%2Bm%2BR19dYrSBE5Vub6qRMlbc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766126702" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2025-12-19T06:45:02.128872809Z","message":"No User Details","details":"uri=/"}Found 2025-12-19 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · auth.api.staging.sdocs.com
2025-12-19 00:15
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 19 Dec 2025 00:15:03 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Z0eEPOP%2BRtfMU2KoBOo1P3mlo2osDNoO86MAfSe96fY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766103303"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Z0eEPOP%2BRtfMU2KoBOo1P3mlo2osDNoO86MAfSe96fY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766103303" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 92 Connection: close {"timeStamp":"2025-12-19T00:15:03.998265506Z","message":"No User Details","details":"uri=/"}Found 2025-12-19 by HttpPluginCreate report