LeakIX - Host dev.identity-api.linde.com

Domain dev.identity-api.linde.com

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 184.86.103.202
Domain: dev.identity-api.linde.com
Port: 443
URL: https://dev.identity-api.linde.com

First seen 2025-10-27 16:12
Last seen 2026-01-09 18:08
Open for 74 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8d97bb70493dbcb98feeadb287515e5c9a9c1be

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /.well-known/keys
GET /.well-known/openid-configuration
GET /old/WeatherForecast
POST /api/Identity/AdminPasswordReset
POST /api/Identity/AssignGroupToUser
POST /api/Identity/CreateLink
POST /api/Identity/CreateShortLink
POST /api/Identity/GetGroupsOfUser
POST /api/Identity/GetUserGroups
POST /api/Identity/GraphSendRequest
POST /api/Identity/MagicLink
POST /api/Identity/RemoveUserFromGroup
POST /api/Identity/SendElevateInvite
POST /api/Identity/SendEmailInvite
POST /api/Identity/SendLinxInvite
POST /api/Identity/SignUpByMail
POST /api/Identity/SignUpByPhone
POST /api/Identity/isMemberOf
POST /api/User/GetCoreB2CUserDetails
POST /api/User/GetCoreB2CUsers
POST /api/User/GetInactiveB2CUsers
POST /api/UserEntitlement/AssignEntitlement
POST /api/UserEntitlement/RemoveEntitlement

Found on 2026-01-09 18:08

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8d97bb70493dbcb98feeadb287515e55cede4ba

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /.well-known/keys
GET /.well-known/openid-configuration
GET /old/WeatherForecast
POST /api/Identity/AdminPasswordReset
POST /api/Identity/AssignGroupToUser
POST /api/Identity/CreateLink
POST /api/Identity/CreateShortLink
POST /api/Identity/GetGroupsOfUser
POST /api/Identity/GetUserGroups
POST /api/Identity/GraphSendRequest
POST /api/Identity/MagicLink
POST /api/Identity/RemoveUserFromGroup
POST /api/Identity/SendElevateInvite
POST /api/Identity/SendEmailInvite
POST /api/Identity/SendLinxInvite
POST /api/Identity/SignUpByMail
POST /api/Identity/SignUpByPhone
POST /api/Identity/isMemberOf
POST /api/User/GetCoreB2CUserDetails
POST /api/User/GetCoreB2CUsers
POST /api/UserEntitlement/AssignEntitlement
POST /api/UserEntitlement/RemoveEntitlement

Found on 2025-12-08 03:20

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8d97bb70493dbcb98feeadb287515e57f7b7ecb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /.well-known/keys
GET /.well-known/openid-configuration
GET /old/WeatherForecast
POST /api/Identity/AdminPasswordReset
POST /api/Identity/AssignGroupToUser
POST /api/Identity/CreateLink
POST /api/Identity/CreateShortLink
POST /api/Identity/GetGroupsOfUser
POST /api/Identity/GetUserGroups
POST /api/Identity/GraphSendRequest
POST /api/Identity/MagicLink
POST /api/Identity/RemoveUserFromGroup
POST /api/Identity/SendElevateInvite
POST /api/Identity/SendEmailInvite
POST /api/Identity/SendLinxInvite
POST /api/Identity/SignUpByMail
POST /api/Identity/SignUpByPhone
POST /api/Identity/isMemberOf
POST /api/UserEntitlement/AssignEntitlement
POST /api/UserEntitlement/RemoveEntitlement

Found on 2025-11-30 14:46

Create report

Open service 184.86.103.202:443 · dev.identity-api.linde.com

2026-01-09 18:08

HTTP/1.1 401 Unauthorized
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:28ea3906-66a3-4801-a78d-18674de8a7c2
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
X-Permitted-Cross-Domain-Policies: none
Expect-CT: max-age=86400, enforce
Content-Length: 51
Date: Fri, 09 Jan 2026 18:08:24 GMT
Connection: close
Set-Cookie: ARRAffinity=1d6faa472b3a363ee606f904e95d80886b5444340a63fbb66d1c44a02ceb8013;Path=/;HttpOnly;Secure;Domain=dev.identity-api.linde.com
Set-Cookie: ARRAffinitySameSite=1d6faa472b3a363ee606f904e95d80886b5444340a63fbb66d1c44a02ceb8013;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev.identity-api.linde.com


Api Key was not provided. (Using ApiKeyMiddleware)

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.16.204.94:443 · dev.identity-api.linde.com

2026-01-08 11:44

HTTP/1.1 401 Unauthorized
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:28ea3906-66a3-4801-a78d-18674de8a7c2
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
X-Permitted-Cross-Domain-Policies: none
Expect-CT: max-age=86400, enforce
Content-Length: 51
Date: Thu, 08 Jan 2026 11:44:11 GMT
Connection: close
Set-Cookie: ARRAffinity=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;Secure;Domain=dev.identity-api.linde.com
Set-Cookie: ARRAffinitySameSite=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev.identity-api.linde.com


Api Key was not provided. (Using ApiKeyMiddleware)

Found 2026-01-08 by HttpPlugin

Create report

Open service 2.16.204.94:80 · dev.identity-api.linde.com

2026-01-08 11:44

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 386
Expires: Thu, 08 Jan 2026 11:44:52 GMT
Date: Thu, 08 Jan 2026 11:44:52 GMT
Connection: close

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;dev&#46;identity&#45;api&#46;linde&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;5e1d1002&#46;1767872692&#46;bdf8c05
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;5e1d1002&#46;1767872692&#46;bdf8c05</P>
</BODY>
</HTML>

Found 2026-01-08 by HttpPlugin

Create report

Open service 2.16.204.86:80 · dev.identity-api.linde.com

2026-01-08 11:44

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://dev.identity-api.linde.com/
Date: Thu, 08 Jan 2026 11:44:51 GMT
Connection: close

Found 2026-01-08 by HttpPlugin

Create report

Open service 2.16.204.86:443 · dev.identity-api.linde.com

2026-01-08 11:44

HTTP/1.1 401 Unauthorized
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:28ea3906-66a3-4801-a78d-18674de8a7c2
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
X-Permitted-Cross-Domain-Policies: none
Expect-CT: max-age=86400, enforce
Content-Length: 51
Date: Thu, 08 Jan 2026 11:44:11 GMT
Connection: close
Set-Cookie: ARRAffinity=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;Secure;Domain=dev.identity-api.linde.com
Set-Cookie: ARRAffinitySameSite=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev.identity-api.linde.com


Api Key was not provided. (Using ApiKeyMiddleware)

Found 2026-01-08 by HttpPlugin

Create report

Open service 184.86.103.202:443 · dev.identity-api.linde.com

2025-12-22 23:28

HTTP/1.1 401 Unauthorized
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:28ea3906-66a3-4801-a78d-18674de8a7c2
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
X-Permitted-Cross-Domain-Policies: none
Expect-CT: max-age=86400, enforce
Content-Length: 51
Date: Mon, 22 Dec 2025 23:28:58 GMT
Connection: close
Set-Cookie: ARRAffinity=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;Secure;Domain=dev.identity-api.linde.com
Set-Cookie: ARRAffinitySameSite=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev.identity-api.linde.com


Api Key was not provided. (Using ApiKeyMiddleware)

Found 2025-12-22 by HttpPlugin

Create report

Open service 184.86.103.202:443 · dev.identity-api.linde.com

2025-12-20 05:49

HTTP/1.1 401 Unauthorized
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:28ea3906-66a3-4801-a78d-18674de8a7c2
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
X-Permitted-Cross-Domain-Policies: none
Expect-CT: max-age=86400, enforce
Content-Length: 51
Date: Sat, 20 Dec 2025 05:49:44 GMT
Connection: close
Set-Cookie: ARRAffinity=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;Secure;Domain=dev.identity-api.linde.com
Set-Cookie: ARRAffinitySameSite=48e56f66fd08abce79d5361a04255d6897d20b6592a7f8b3a5d0ea7ee9729bd8;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev.identity-api.linde.com


Api Key was not provided. (Using ApiKeyMiddleware)

Found 2025-12-20 by HttpPlugin

Create report

ar.linde.comb2c.lindemedicaldirect.comblog.boconline.co.ukbochop.comboconline.co.ukbocsds.comcndpa-api.linde.comcndpa.linde.comcrmapi.lindekorea.comcrmweb.lindekorea.comd.l.linde.comdev-crmapi.lindekorea.comdev-crmweb.lindekorea.comdev.cndpa-api.linde.comdev.cndpa.linde.comdev.identity-api.linde.comdev.identity.linde.comdev.lindedirect.comdev1.echannel.linde.comdev3.echannel.linde.comfioridev.whitemartins.com.brfioriqas.whitemartins.com.brga-preview.linde.comga-tagging.linde.comgtos.linde.com.mxinsights-api-ui.blu.linde.comlead.api.linde.comlgtadfs.lindepp.comlinde-am.comlinde-electronics.comlinde-gas.bglinde-gas.colinde-gas.co.idlinde-gas.itlinde-gas.krlinde-gas.pelinde-gas.salinde-gas.sklinde-gaz.hulinde.atlinde.colinde.co.idlinde.comlinde.com.pylinde.com.sglinde.com.ualinde.com.velinde.czlinde.eclinde.hklinde.idlinde.inlinde.itlinde.ltlinde.lvlinde.mxlinde.pelinde.sklinde.uslindecanada.comlindegas.cnlindegas.com.ualindegaz.com.trlindeindia.inlppusa.commedigas.commedigas.mxnft.selfservicegreen.linde.comprabord.praxair.compraxair.co.inqa-crmapi.lindekorea.comqa-crmweb.lindekorea.comresp.linde-electronics.comsharetest.linde.comtauat.linde.comtest.consol.linde.com.mxtest.kronosmobile.linde.comtestv7.lindedirect.comtst.b2c.lindemedicaldirect.comtst.cndpa-api.linde.comtst.cndpa.linde.comtst.eg-mobiwise-api.linde.comtst.eg-mobiwise-desktop.linde.comtst.eg-mobiwise-mobile.linde.comtst.insights-api-ui.blu.linde.comtst.lead.api.linde.comtst.nft.selfservicegreen.linde.comtst.validator.selfservicegreen.linde.comvalidator.selfservicegreen.linde.comwww.linde-electronics.comwww.linde.co.idwww.linde.ecwww.linde.itwww.linde.lvwww.linde.phwww.linde.plwww.linde.skwww.linde.uswww.lindeindia.inwww.lppusa.com

Fingerprint:

9294bf26015fecc91e1ebaf8ee43226950ee33342f4580c4fafe723dc5974007

CN:

linde.com

Key:

RSA-2048

Issuer:

R13

Not before:

2026-01-08 10:44

Not after:

2026-04-08 10:44

ar.linde.comb2c.lindemedicaldirect.comblog.boconline.co.ukbochop.comboconline.co.ukbocsds.comcndpa-api.linde.comcndpa.linde.comcrmapi.lindekorea.comcrmweb.lindekorea.comd.l.linde.comdev-crmapi.lindekorea.comdev-crmweb.lindekorea.comdev.cndpa-api.linde.comdev.cndpa.linde.comdev.identity-api.linde.comdev.identity.linde.comdev.lindedirect.comdev1.echannel.linde.comdev3.echannel.linde.comfioridev.whitemartins.com.brfioriqas.whitemartins.com.brga-preview.linde.comga-tagging.linde.comgtos.linde.com.mxinsights-api-ui.blu.linde.comlead.api.linde.comlgtadfs.lindepp.comlinde-am.comlinde-electronics.comlinde-gas.bglinde-gas.colinde-gas.co.idlinde-gas.itlinde-gas.krlinde-gas.pelinde-gas.salinde-gas.sklinde-gaz.hulinde.atlinde.colinde.co.idlinde.comlinde.com.pylinde.com.sglinde.com.ualinde.com.velinde.czlinde.eclinde.hklinde.idlinde.inlinde.itlinde.ltlinde.lvlinde.mxlinde.pelinde.sklinde.uslindecanada.comlindegas.cnlindegas.com.ualindegaz.com.trlindeindia.inlppusa.commedigas.commedigas.mxnft.selfservicegreen.linde.comprabord.praxair.compraxair.co.inqa-crmapi.lindekorea.comqa-crmweb.lindekorea.comresp.linde-electronics.comsharetest.linde.comtauat.linde.comtest.consol.linde.com.mxtest.kronosmobile.linde.comtestv7.lindedirect.comtst.b2c.lindemedicaldirect.comtst.cndpa-api.linde.comtst.cndpa.linde.comtst.eg-mobiwise-api.linde.comtst.eg-mobiwise-desktop.linde.comtst.eg-mobiwise-mobile.linde.comtst.insights-api-ui.blu.linde.comtst.lead.api.linde.comtst.nft.selfservicegreen.linde.comtst.validator.selfservicegreen.linde.comvalidator.selfservicegreen.linde.comwww.linde-electronics.comwww.linde.co.idwww.linde.ecwww.linde.itwww.linde.lvwww.linde.phwww.linde.plwww.linde.skwww.linde.uswww.lindeindia.inwww.lppusa.com

Fingerprint:

24191fd3a5e38d3d0a4a115122f598491fc1771a175eec052f9cc4ef40dba60e

CN:

linde.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-10-27 15:14

Not after:

2026-01-25 15:14

Domain summary

dev.identity-api.linde.com 9

1 recorded

IP summary

184.86.103.202 1 2.16.204.94 1 2.16.204.86 1

3 recorded