Domain dev-api.bilabel.ai
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-08 13:47
Last seen 2026-01-10 02:05
Open for 32 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496815411000362026dbdaf030801289b6c1f37b09Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v{v}/app/initial-data/all GET /api/v{v}/app/billing_customers/{id} GET /api/v{v}/app/billing_customers/{id}/has-projects GET /api/v{v}/app/billing_customers/{parentId}/all GET /api/v{v}/app/billing_projects/{id} GET /api/v{v}/app/billing_projects/{id}/has-tasks GET /api/v{v}/app/billing_projects/{parentId}/all GET /api/v{v}/app/billing_sub_tasks/availibleforreport GET /api/v{v}/app/billing_sub_tasks/{id} GET /api/v{v}/app/billing_sub_tasks/{id}/has-time-reports GET /api/v{v}/app/billing_sub_tasks/{parentId}/all GET /api/v{v}/app/billing_tasks/{id} GET /api/v{v}/app/billing_tasks/{id}/has-subtasks GET /api/v{v}/app/billing_tasks/{parentId}/all GET /api/v{v}/app/invites/my-invitations GET /api/v{v}/app/invites/pending/organization/{organizationId} GET /api/v{v}/app/invites/{id} GET /api/v{v}/app/invites/{parentId}/all GET /api/v{v}/app/meta-data/timezones GET /api/v{v}/app/organization_users/ofuser GET /api/v{v}/app/organization_users/{id} GET /api/v{v}/app/organization_users/{parentId}/all GET /api/v{v}/app/organizations/{id} GET /api/v{v}/app/organizations/{parentId}/all GET /api/v{v}/app/sub_tasks_time_reports/myreportsofcurrentmonth GET /api/v{v}/app/sub_tasks_time_reports/myreportsofmonth/{year}/{month} GET /api/v{v}/app/sub_tasks_time_reports/{id} GET /api/v{v}/app/sub_tasks_time_reports/{parentId}/all GET /api/v{v}/app/subscriptions/{id} GET /api/v{v}/app/subscriptions/{parentId}/all GET /api/v{v}/app/users/{id} GET /api/v{v}/app/users/{parentId}/all GET /api/v{v}/data/bilabel_admins/{id} GET /api/v{v}/data/bilabel_admins/{parentId}/all GET /api/v{v}/data/billing_closed_month/orgid/{orgId}/month/{month} GET /api/v{v}/data/billing_closed_month/{id} GET /api/v{v}/data/billing_closed_month/{parentId}/all GET /api/v{v}/data/billing_customers/{id} GET /api/v{v}/data/billing_customers/{parentId}/all GET /api/v{v}/data/billing_projects/{id} GET /api/v{v}/data/billing_projects/{parentId}/all GET /api/v{v}/data/billing_sub_tasks/availibleforreport GET /api/v{v}/data/billing_sub_tasks/{id} GET /api/v{v}/data/billing_sub_tasks/{parentId}/all GET /api/v{v}/data/billing_tasks/{id} GET /api/v{v}/data/billing_tasks/{parentId}/all GET /api/v{v}/data/invites/byemail/{email} GET /api/v{v}/data/invites/{id} GET /api/v{v}/data/invites/{parentId}/all GET /api/v{v}/data/organization_users/ofuser GET /api/v{v}/data/organization_users/{id} GET /api/v{v}/data/organization_users/{parentId}/all GET /api/v{v}/data/organizations/has_auto_close GET /api/v{v}/data/organizations/{id} GET /api/v{v}/data/organizations/{parentId}/all GET /api/v{v}/data/roles/{entityName}/{organizationUserId}/{objectid}/get_roles GET /api/v{v}/data/roles/{entityName}/{organizationUserId}/{objectid}/has_any_role GET /api/v{v}/data/roles/{entityName}/{organizationUserId}/{objectid}/has_roles GET /api/v{v}/data/sub_tasks_time_reports/myreportsofcurrentmonth GET /api/v{v}/data/sub_tasks_time_reports/myreportsofmonth/{year}/{month} GET /api/v{v}/data/sub_tasks_time_reports/{id} GET /api/v{v}/data/sub_tasks_time_reports/{parentId}/all GET /api/v{v}/data/subscriptions/{id} GET /api/v{v}/data/subscriptions/{parentId}/all GET /api/v{v}/data/users/{id} GET /api/v{v}/data/users/{parentId}/all GET /is_admin/{userid} POST /api/v{v}/app/billing_projects/updatetimelimit/{projectid}/{billingtype}/{newlimit} POST /api/v{v}/app/billing_sub_tasks/updatetimelimit/{subtaskid}/{newlimit} POST /api/v{v}/app/billing_tasks/updatetimelimit/{taskid}/{billingtype}/{newlimit} POST /api/v{v}/app/initial-data/load POST /api/v{v}/app/initial-data/reset POST /api/v{v}/app/invites POST /api/v{v}/app/invites/accept/{inviteId} POST /api/v{v}/app/invites/pending/resend/{id} POST /api/v{v}/app/organization_users/{id}/change-role POST /api/v{v}/app/organizations/{id}/deactivate POST /api/v{v}/app/organizations/{id}/upload-logo1 POST /api/v{v}/app/sub_tasks_time_reports/report POST /api/v{v}/app/subscriptions/{subscriptionId}/change-type POST /api/v{v}/app/subscriptions/{subscriptionId}/renew POST /api/v{v}/app/users/{id}/upload-image POST /api/v{v}/app/users/{userid}/set_default_org POST /api/v{v}/data/billing_projects/updatetimelimit/{projectid}/{billingType}/{newlimit} POST /api/v{v}/data/billing_sub_tasks/updatetimelimit/{subtaskid}/{newlimit} POST /api/v{v}/data/billing_tasks/updatetimelimit/{taskid}/{billingtype}/{newlimit} POST /api/v{v}/data/organization_users/{id}/change-role POST /api/v{v}/data/organizations/new POST /api/v{v}/data/organizations/{id}/deactivate POST /api/v{v}/data/roles/{entityName}/{organizationUserId}/{objectid} POST /api/v{v}/data/sub_tasks_time_reports/report POST /api/v{v}/data/subscriptions/{subscriptionId}/change-type POST /api/v{v}/data/subscriptions/{subscriptionId}/renew POST /api/v{v}/data/subscriptions/{targetorgid}/createdefault POST /api/v{v}/data/users/{id}/get_and_create_if_not_exists POST /upsert PUT /api/v{v}/app/billing_customers PUT /api/v{v}/app/billing_projects PUT /api/v{v}/app/billing_sub_tasks PUT /api/v{v}/app/billing_tasks PUT /api/v{v}/app/organization_users PUT /api/v{v}/app/organizations PUT /api/v{v}/app/organizations/new PUT /api/v{v}/app/organizations/{id}/currency PUT /api/v{v}/app/sub_tasks_time_reports PUT /api/v{v}/app/subscriptions PUT /api/v{v}/app/users PUT /api/v{v}/data/bilabel_admins PUT /api/v{v}/data/billing_closed_month PUT /api/v{v}/data/billing_customers PUT /api/v{v}/data/billing_projects PUT /api/v{v}/data/billing_sub_tasks PUT /api/v{v}/data/billing_tasks PUT /api/v{v}/data/invites PUT /api/v{v}/data/organization_users PUT /api/v{v}/data/organizations PUT /api/v{v}/data/sub_tasks_time_reports PUT /api/v{v}/data/subscriptions PUT /api/v{v}/data/usersFound on 2026-01-10 02:05
-
-
Open service 172.217.208.121:443 · dev-api.bilabel.ai
2026-01-10 02:05
HTTP/1.1 404 Not Found x-cloud-trace-context: 7afc14a968cd870400b12205baf15a69 date: Sat, 10 Jan 2026 02:05:04 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-10 by HttpPluginCreate report
-
Open service 172.217.208.121:443 · dev-api.bilabel.ai
2026-01-02 23:56
HTTP/1.1 404 Not Found x-cloud-trace-context: b69e786ebe9a48cc04e39d201a8ed7ff date: Fri, 02 Jan 2026 23:56:28 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-02 by HttpPluginCreate report
-
Open service 172.217.208.121:443 · dev-api.bilabel.ai
2025-12-23 09:55
HTTP/1.1 404 Not Found x-cloud-trace-context: ed3e184538dd07b0b83b1854fd765e68 date: Tue, 23 Dec 2025 09:55:59 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-23 by HttpPluginCreate report
-
Open service 172.217.208.121:443 · dev-api.bilabel.ai
2025-12-21 09:49
HTTP/1.1 404 Not Found x-cloud-trace-context: ff535828c9018feaf72151d397d6f4a5 date: Sun, 21 Dec 2025 09:49:16 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-21 by HttpPluginCreate report
-
Open service 172.217.208.121:443 · dev-api.bilabel.ai
2025-12-19 11:01
HTTP/1.1 404 Not Found x-cloud-trace-context: 42fe4961177b4cf8da04ae4a7cbd05ac date: Fri, 19 Dec 2025 11:01:21 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-19 by HttpPluginCreate report