Domain ksapapi.dev.kpmg.com
United States
MICROSOFT-CORP-MSN-AS-BLOCK
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-17 22:10
Last seen 2026-01-09 13:51
Open for 52 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035498da363bfaab8ea7e27e213f26c4a92fc78b84361Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/CloudStorage/DeleteBlob GET /api/v1/Audit/UpdateAuditCurrencies GET /api/v1/Audit/audityear GET /api/v1/Audit/createDefaultAudit GET /api/v1/Audit/downloadTemplateBudgetFeeAndHours GET /api/v1/Audit/downloadtemplateauditmisstatement GET /api/v1/Audit/downloadtemplatemanagementletter GET /api/v1/Audit/exportAuditMilestones GET /api/v1/Audit/getArchiveAudit GET /api/v1/Audit/getAudit GET /api/v1/Audit/getAuditBilling GET /api/v1/Audit/getAuditBudget GET /api/v1/Audit/getAuditCentralTeamDetails GET /api/v1/Audit/getAuditCostOverrun GET /api/v1/Audit/getAuditCurrencies GET /api/v1/Audit/getAuditDocuments GET /api/v1/Audit/getAuditFieldMappings GET /api/v1/Audit/getAuditJSON GET /api/v1/Audit/getAuditLocalTeamDetails GET /api/v1/Audit/getAuditManagementLetterPoints GET /api/v1/Audit/getAuditMisstatements GET /api/v1/Audit/getAuditNotes GET /api/v1/Audit/getAuditPreservationDates GET /api/v1/Audit/getAuditReviewDetails GET /api/v1/Audit/getAuditTeams GET /api/v1/Audit/getKccKstatRefreshDate GET /api/v1/Audit/getLocalAuditTeamHistory GET /api/v1/Audit/getNotificationCountForAuditUsers GET /api/v1/Audit/getPreservationRequests GET /api/v1/Audit/getPreservedAudits GET /api/v1/Audit/getauditmilestonesyear GET /api/v1/Audit/init-search GET /api/v1/Audit/search-bookmarks GET /api/v1/Audit/statusMapping GET /api/v1/CloudStorage/checkFileExists GET /api/v1/CloudStorage/downloadBlob GET /api/v1/LegalEntity/GetClientContact/{clientContactId} GET /api/v1/LegalEntity/GetPermanentNotes/{legalEntityId} GET /api/v1/LegalEntity/client-contacts/{legalEntityId} GET /api/v1/LegalEntity/getClientContactbyAudit GET /api/v1/LegalEntity/getalllegalentity-by-globalclient GET /api/v1/LegalEntity/paged-result-with-auditDetails GET /api/v1/LegalEntity/{id} GET /api/v1/Lookup/getByCategoryUsingFlag GET /api/v1/Lookup/getConfigSettings GET /api/v1/MemberFirm/GetMemberFirmAndRegionMapping GET /api/v1/MemberFirm/GetRegionForMemberFirmMapping GET /api/v1/MemberFirm/getMemberFirms GET /api/v1/MemberFirm/initialize GET /api/v1/audit-pbc-list/getMassPbc GET /api/v1/audit-pbc-list/getMassPbcAuditIds GET /api/v1/currencyexchangerate/GetLocalCurrencyRate GET /api/v1/global-client-lookup/getByGlobalClientId GET /api/v1/global-client/GetAuditFeeAndHoursDueDate GET /api/v1/global-client/GlobalLegalEntityYearDetails GET /api/v1/global-client/disconnectKccKstatConnection GET /api/v1/global-client/exportGlobalClient GET /api/v1/global-client/getAllGlobalClients GET /api/v1/global-client/getAuditFeeIntegratedDetails GET /api/v1/global-client/getAuditFeeStatusDetails GET /api/v1/global-client/getCustomModuleConfigurationData GET /api/v1/global-client/getCustomModuleFieldValueByAuditId GET /api/v1/global-client/getGCWizardCount GET /api/v1/global-client/getGlobalClientByID GET /api/v1/global-client/getGlobalClientSetup GET /api/v1/global-client/getGlobalClients GET /api/v1/global-client/getLookupCategoryInactiveModule GET /api/v1/global-client/getModuleCategory GET /api/v1/global-client/getModuleDetails GET /api/v1/global-client/getUsersByGlobalClientID GET /api/v1/global-client/getalert-by-globalclient GET /api/v1/global-client/getaudit-resultby-globalclient GET /api/v1/global-client/getaudits-by-globalclient GET /api/v1/global-client/getaudits-by-globalclient-managealert GET /api/v1/global-client/getaudits-by-globalclientforauditreview GET /api/v1/global-client/getcustomModule GET /api/v1/global-client/getgc-country-mapping GET /api/v1/global-client/getlegal-entity-audits GET /api/v1/global-client/getlegalentity-resultby-globalclient GET /api/v1/global-client/getpaged-resulby-globalclient GET /api/v1/global-client/getpaged-resulby-legalentity GET /api/v1/global-client/globalclient-with-le-retention GET /api/v1/global-client/globalclient-with-legalentities GET /api/v1/global-client/init-setup GET /api/v1/massupload/GetListOfUploadedFiles GET /api/v1/massupload/GetStatusOfFile GET /api/v1/menu GET /api/v1/permission/checkGATMRolePermission GET /api/v1/permission/checkGlobalClientPermission GET /api/v1/permission/getCustomModuleVisibility GET /api/v1/qrc/GetQuickReferenceCardsByPage GET /api/v1/rolepermission GET /api/v1/roles GET /api/v1/roles/GetViewRole GET /api/v1/roles/getEngagementRole GET /api/v1/rollforward/RollForwardAudit GET /api/v1/rollforward/get-filed-audits GET /api/v1/rollforward/get-filed-auditswithlegalentity GET /api/v1/users/getGuestUsers GET /api/v1/users/getPBIReportDetails GET /api/v1/users/getUser GET /api/v1/users/getUserByEmail GET /api/v1/users/getUserShortInfo GET /api/v1/users/search GET /api/v1/users/searchExternal GET /api/v1/users/{id} POST /api/v1/Audit/SaveBulkBudgetFeesAndHours POST /api/v1/Audit/SaveMassAuditManagementLetterPoints POST /api/v1/Audit/SaveMassAuditMisstatement POST /api/v1/Audit/ValidateMassAuditManagementLetterPoints POST /api/v1/Audit/ValidateMassStatutoryAuditFeesAndHours POST /api/v1/Audit/closeArchiveAudit POST /api/v1/Audit/createStatAudit POST /api/v1/Audit/delete-search-bookmark POST /api/v1/Audit/deleteAudit POST /api/v1/Audit/deleteAuditBilling POST /api/v1/Audit/deleteAuditBudget POST /api/v1/Audit/deleteAuditCostOverrun POST /api/v1/Audit/deleteAuditDocument POST /api/v1/Audit/deleteAuditFSMisstatement POST /api/v1/Audit/deleteAuditManagementLetterPoint POST /api/v1/Audit/deleteAuditMisstatement POST /api/v1/Audit/deleteAuditNotes POST /api/v1/Audit/deleteAuditTeam POST /api/v1/Audit/deleteDocument POST /api/v1/Audit/deleteLegalEntityAudit POST /api/v1/Audit/deletePreservationRequests POST /api/v1/Audit/export-audits POST /api/v1/Audit/getPagedResultAuditMilestones POST /api/v1/Audit/getauditdashboard POST /api/v1/Audit/reopenAudit POST /api/v1/Audit/save POST /api/v1/Audit/saveAuditBillings POST /api/v1/Audit/saveAuditCostOverruns POST /api/v1/Audit/saveAuditManagementLetterPoints POST /api/v1/Audit/saveAuditMisstatements POST /api/v1/Audit/saveAuditNotes POST /api/v1/Audit/saveCentralTeamBudget POST /api/v1/Audit/saveDocument POST /api/v1/Audit/saveEngagementSummary POST /api/v1/Audit/saveEngagementTiming POST /api/v1/Audit/saveEngagementUserManagement POST /api/v1/Audit/saveLocalTeamBudget POST /api/v1/Audit/savePreservationRequests POST /api/v1/Audit/savePreservedAudits POST /api/v1/Audit/saveStatAuditMassUpload POST /api/v1/Audit/search POST /api/v1/Audit/search-bookmark POST /api/v1/Audit/updateAuditDueDate POST /api/v1/Audit/updateAuditReviewStatus POST /api/v1/Audit/validateAuditMisstamenentMassUpload POST /api/v1/Audit/validateDocument POST /api/v1/Audit/validateStatAuditMassUpload POST /api/v1/CloudStorage/UploadBlob POST /api/v1/LegalEntity/SaveLEPermanentNotes POST /api/v1/LegalEntity/SaveLegalEntity POST /api/v1/LegalEntity/SaveLegalEntityMassUpload POST /api/v1/LegalEntity/ValidateLegalEntityMassUpload POST /api/v1/LegalEntity/deleteLegalEntity POST /api/v1/LegalEntity/deleteLegalEntityContact POST /api/v1/LegalEntity/get-legal-entity-by-client POST /api/v1/LegalEntity/paged-result-with-audits POST /api/v1/Lookup/getByCategory POST /api/v1/Lookup/getCategory POST /api/v1/Lookup/getGlobalClientMasterData POST /api/v1/Lookup/saveCountryRegion POST /api/v1/Lookup/saveCountryRegionMapping POST /api/v1/Lookup/saveLookUp POST /api/v1/MemberFirm/UpdateMemberFirmAndRegion POST /api/v1/MemberFirm/remove POST /api/v1/MemberFirm/save POST /api/v1/audit-pbc-list/getPbcByAuditId POST /api/v1/audit-pbc-list/save POST /api/v1/audit-pbc-list/saveMassPBC POST /api/v1/currencyexchangerate/GetMultipleLocalCurrencyRate POST /api/v1/global-client POST /api/v1/global-client-lookup/pagedResultForApproval POST /api/v1/global-client-lookup/save POST /api/v1/global-client-lookup/updateStatus POST /api/v1/global-client/deleteGlobalClient POST /api/v1/global-client/deleteglobal-client-user POST /api/v1/global-client/getauditpaged-resultby-globalclient POST /api/v1/global-client/getglobal-client-users/{gcID} POST /api/v1/global-client/paged-result POST /api/v1/global-client/paged-result-with-legalentities POST /api/v1/global-client/save-gc-country-mapping POST /api/v1/global-client/save-gc-users POST /api/v1/global-client/saveAuditFeeHours POST /api/v1/global-client/saveCustomModuleConfiguration POST /api/v1/global-client/saveCustomModuleFieldValueByAuditId POST /api/v1/global-client/saveModuleConfiguration POST /api/v1/global-client/saveglobal-client-users POST /api/v1/global-client/subscribeUnScribeAlert POST /api/v1/global-client/updateAlert POST /api/v1/global-client/updateGlobalClientSetup POST /api/v1/massupload/QueueMassUpload POST /api/v1/permission/getRolePermissionByAuditId POST /api/v1/permission/getallpermission POST /api/v1/permission/getentitypermission POST /api/v1/permission/getentityrolepermission POST /api/v1/permission/getpermissionbyroles POST /api/v1/permission/getpermissionbyuiname POST /api/v1/permission/getuserroles POST /api/v1/rollforward/AddBulkRollForwardJob POST /api/v1/rollforward/getAuditsForRollForward POST /api/v1/users/paged-result POST /api/v1/users/removeUser POST /api/v1/users/save POST /api/v1/users/saveAll POST /api/v1/users/sendEmail POST /api/v1/users/validateUser POST /api/v1/users/{userId}/rolesFound on 2026-01-09 13:51
-
-
Open service 20.55.124.214:443 · ksapapi.dev.kpmg.com
2026-01-09 13:51
HTTP/1.1 404 Not Found Date: Fri, 09 Jan 2026 13:51:13 GMT Content-Length: 0 Connection: close Set-Cookie: ApplicationGatewayAffinityCORS=2f6b188d64717c9ce6a1b58a807e0019; Path=/; SameSite=None; Secure Set-Cookie: ApplicationGatewayAffinity=2f6b188d64717c9ce6a1b58a807e0019; Path=/ Allow: GET, POST Set-Cookie: ARRAffinity=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Set-Cookie: ARRAffinitySameSite=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;SameSite=None;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Request-Context: appId=cid-v1:2f8a2e2d-d392-4634-8793-caaf3c0d1760 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Security-Policy: script-src 'self'; style-src 'self'; img-src 'self' X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubdomains Pragma: no-cache Cache-Control: no-store
Found 2026-01-09 by HttpPluginCreate report
-
Open service 20.55.124.214:443 · ksapapi.dev.kpmg.com
2025-12-22 19:43
HTTP/1.1 404 Not Found Date: Mon, 22 Dec 2025 19:43:08 GMT Content-Length: 0 Connection: close Set-Cookie: ApplicationGatewayAffinityCORS=2f6b188d64717c9ce6a1b58a807e0019; Path=/; SameSite=None; Secure Set-Cookie: ApplicationGatewayAffinity=2f6b188d64717c9ce6a1b58a807e0019; Path=/ Allow: GET, POST Set-Cookie: ARRAffinity=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Set-Cookie: ARRAffinitySameSite=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;SameSite=None;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Request-Context: appId=cid-v1:2f8a2e2d-d392-4634-8793-caaf3c0d1760 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Security-Policy: script-src 'self'; style-src 'self'; img-src 'self' X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubdomains Pragma: no-cache Cache-Control: no-store
Found 2025-12-22 by HttpPluginCreate report
-
Open service 20.55.124.214:443 · ksapapi.dev.kpmg.com
2025-12-21 06:05
HTTP/1.1 404 Not Found Date: Sun, 21 Dec 2025 06:05:32 GMT Content-Length: 0 Connection: close Set-Cookie: ApplicationGatewayAffinityCORS=2f6b188d64717c9ce6a1b58a807e0019; Path=/; SameSite=None; Secure Set-Cookie: ApplicationGatewayAffinity=2f6b188d64717c9ce6a1b58a807e0019; Path=/ Allow: GET, POST Set-Cookie: ARRAffinity=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Set-Cookie: ARRAffinitySameSite=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;SameSite=None;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Request-Context: appId=cid-v1:2f8a2e2d-d392-4634-8793-caaf3c0d1760 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Security-Policy: script-src 'self'; style-src 'self'; img-src 'self' X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubdomains Pragma: no-cache Cache-Control: no-store
Found 2025-12-21 by HttpPluginCreate report
-
Open service 20.55.124.214:443 · ksapapi.dev.kpmg.com
2025-12-19 07:15
HTTP/1.1 404 Not Found Date: Fri, 19 Dec 2025 07:15:34 GMT Content-Length: 0 Connection: close Set-Cookie: ApplicationGatewayAffinityCORS=2f6b188d64717c9ce6a1b58a807e0019; Path=/; SameSite=None; Secure Set-Cookie: ApplicationGatewayAffinity=2f6b188d64717c9ce6a1b58a807e0019; Path=/ Allow: GET, POST Set-Cookie: ARRAffinity=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Set-Cookie: ARRAffinitySameSite=4e578cbe1efe6783ea8ca73836b126e532ae76861f661df353db6f787c115815;Path=/;HttpOnly;SameSite=None;Secure;Domain=audeusdev-sap-webapp02.kpmgdevcloud.kpmg.com Request-Context: appId=cid-v1:2f8a2e2d-d392-4634-8793-caaf3c0d1760 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Security-Policy: script-src 'self'; style-src 'self'; img-src 'self' X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubdomains Pragma: no-cache Cache-Control: no-store
Found 2025-12-19 by HttpPluginCreate report
www.KSAP.dev.kpmg.comKSAP.dev.kpmg.comaudeusdev-sap-webapp01.kpmgdevcloud.kpmg.comaudeusdev-sap-webapp01.scm.kpmgdevcloud.kpmg.comaudeusdev-sap-webapp02.kpmgdevcloud.kpmg.comaudeusdev-sap-webapp02.scm.kpmgdevcloud.kpmg.comKSAPapi.dev.kpmg.comaudeusdev-fa-kstat01.kpmgdevcloud.kpmg.comaudeusdev-fa-kstat01.scm.kpmgdevcloud.kpmg.comaudeusdev-fa-kstat03.kpmgdevcloud.kpmg.comaudeusdev-fa-kstat02.kpmgdevcloud.kpmg.comaudeusdev-fa-kstat03.scm.kpmgdevcloud.kpmg.comaudeusdev-fa-kstat02.scm.kpmgdevcloud.kpmg.com
CN:
www.KSAP.dev.kpmg.com
Not before:
2025-11-17 00:00
Not after:
2026-11-16 23:59