Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec3d38aef23458f998530d6d25980626a6cf20911e
Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
GET /api/health
GET /v1/card-payments/3ds/redirect/{txnId}/failure
GET /v1/card-payments/3ds/redirect/{txnId}/success
GET /v1/card-payments/cardpayments/response
POST /mpgs/callback/{countryCode}/pay
POST /reconciliation/adcb
POST /v1/card-payments/checkout/webhook/process
POST /v1/card-payments/initiate
POST /v3/balance
POST /v3/card-points/initiate
POST /v3/cards/encrypt
POST /v3/cards/metadata
POST /v3/credit-card/initiate
POST /v3/cybersource/callback
POST /v3/cybersource/response/{countryCode}
POST /v3/debit-card/initiate
POST /v3/otp/resend
POST /v3/otp/{transactionId}/submit
POST /v3/save-card/initiate
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec3d38aef23458f998530d6d25980626a6849ad99d
Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
GET /api/health
GET /v1/card-payments/3ds/redirect/{txnId}/failure
GET /v1/card-payments/3ds/redirect/{txnId}/success
GET /v1/card-payments/cardpayments/response
POST /reconciliation/adcb
POST /v1/card-payments/checkout/webhook/process
POST /v1/card-payments/initiate
POST /v3/balance
POST /v3/card-points/initiate
POST /v3/cards/encrypt
POST /v3/cards/metadata
POST /v3/credit-card/initiate
POST /v3/cybersource/callback
POST /v3/cybersource/response/{countryCode}
POST /v3/debit-card/initiate
POST /v3/otp/resend
POST /v3/otp/{transactionId}/submit
POST /v3/save-card/initiate