Domain myseatapp-api.pre.code.seat.cloud.vwgroup.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 23.50.131.156
Domain: myseatapp-api.pre.code.seat.cloud.vwgroup.com
Port: 443
URL: https://myseatapp-api.pre.code.seat.cloud.vwgroup.comFirst seen 2025-10-30 12:24
Last seen 2026-01-09 04:23
Open for 70 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5899215e8462c69f878954467ee6b9a4e20a6306cPublic Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths: DELETE /api/v1/audits/external DELETE /api/v1/contents/contents DELETE /api/v1/customer/devices/{deviceId} DELETE /api/v1/customer/pois/{poiId} DELETE /api/v1/my-car/expenses/{expenseId}/complete/{completeValue} DELETE /api/v1/vehicleManuals DELETE /api/v1/vehicles/interactive-manual DELETE /api/v1/vehicles/render DELETE /api/v2/connected-car/trips/{id} GET /api/private/staging/news/country/{countryCode}/language/{language} GET /api/private/staging/offers/country/{countryCode}/language/{language} GET /api/private/staging/strings/country/{countryCode}/language/{language} GET /api/private/staging/tips/country/{countryCode}/language/{language} GET /api/v1/applications/{platform} GET /api/v1/audits/timestamp GET /api/v1/audits/timestamp/{countryCode}/{language} GET /api/v1/avatar GET /api/v1/configurations/countries GET /api/v1/configurations/countries/{countryCode} GET /api/v1/configurations/countries/{countryCode}/treatments GET /api/v1/configurations/features/{countryCode} GET /api/v1/configurations/features/{countryCode}/{featureCode} GET /api/v1/configurations/force-maintenance GET /api/v1/configurations/force-update/{platform}/{version} GET /api/v1/configurations/languages GET /api/v1/connected-car/home-data/{vin} GET /api/v1/contents/news/country/{countryCode}/language/{language} GET /api/v1/contents/offers/country/{countryCode}/language/{language} GET /api/v1/contents/strings/country/{countryCode}/language/{language} GET /api/v1/contents/tips/country/{countryCode}/language/{language} GET /api/v1/customer GET /api/v1/customer/devices GET /api/v1/customer/permissions/{countryCode}/{language} GET /api/v1/customer/pois GET /api/v1/customer/settings GET /api/v1/dealers/country/{countryCode} GET /api/v1/dealers/country/{countryCode}/{city} GET /api/v1/dealers/{latitude}/{longitude} GET /api/v1/dealers/{latitude}/{longitude}/{radius} GET /api/v1/legal-documents/privacy-policy/1/{country}/{language} GET /api/v1/my-car/expenses/reminders GET /api/v1/my-car/trips/latest-fuel-price GET /api/v1/my-car/{vin}/alerts GET /api/v1/my-car/{vin}/expenses GET /api/v1/my-car/{vin}/expenses/first GET /api/v1/my-car/{vin}/expenses/year/{year} GET /api/v1/my-car/{vin}/expenses/year/{year}/month/{month} GET /api/v1/my-car/{vin}/metrics GET /api/v1/my-car/{vin}/metrics/year/{year} GET /api/v1/my-car/{vin}/metrics/year/{year}/month/{month} GET /api/v1/my-car/{vin}/metrics/{metricName}/year/{year} GET /api/v1/my-car/{vin}/metrics/{metricName}/year/{year}/month/{month} GET /api/v1/my-car/{vin}/offers/{countryCode}/{language} GET /api/v1/my-car/{vin}/trips GET /api/v1/my-car/{vin}/trips/{tripId} GET /api/v1/socials/facebook/{countryCode} GET /api/v1/socials/facebook/{countryCode}/{nextTokenPage} GET /api/v1/socials/twitter/{countryCode} GET /api/v1/socials/twitter/{countryCode}/{nextTokenPage} GET /api/v1/socials/youtube/{countryCode} GET /api/v1/socials/youtube/{countryCode}/{nextTokenPage} GET /api/v1/status/deprecation/{countryCode} GET /api/v1/tracking/info/{countryCode}/{countryLanguage} GET /api/v1/vehicleManuals/information/{vin} GET /api/v1/vehicleManuals/vin/{vin}/language/{language} GET /api/v1/vehicles/mapping-table GET /api/v1/vehicles/mapping-table/dashboard GET /api/v1/vehicles/mapping-table/files GET /api/v1/vehicles/{vin}/interactive-manual GET /api/v1/vehicles/{vin}/interactive-manual/{countryCode}/{language} GET /api/v1/vehicles/{vin}/maintenance-plans GET /api/v1/vehicles/{vin}/render GET /api/v1/vehicles/{vin}/symbols GET /api/v1/vehicles/{vin}/urls GET /api/v1/vehicles/{vin}/urls-new GET /api/v1/vehicles/{vin}/urls/{countryCode}/{language} GET /api/v1/weather/{latitude}/{longitude} GET /api/v2/connected-car/trip-data-dashboard/{vin}/year/{year}/month/{month} GET /api/v2/connected-car/trip-data-month/{vin}/year/{year}/month/{month} GET /api/v2/connected-car/trips/average-speed/{vin}/year/{year}/month/{month} GET /api/v2/connected-car/trips/{tripId} GET /api/v2/connected-car/trips/{vin}/year/{year}/month/{month}/{limitTo} GET /api/v2/my-car/{vin}/expenses/year/{year} GET /api/v2/my-car/{vin}/expenses/year/{year}/month/{month} GET /api/v3/connected-car/trips/{tripId} POST /api/v1/account/profile POST /api/v1/assistance POST /api/v1/audits/error POST /api/v1/connected-car/home-data POST /api/v1/connected-car/ingestion-data POST /api/v1/connected-car/trips POST /api/v1/dealers/maintenance/alert POST /api/v1/dealers/{partnerId}/book POST /api/v1/my-car/{vin}/fuel-prices POST /api/v1/my-car/{vin}/gas-prices POST /api/v1/vehicles/accident-report POST /api/v1/vehicles/create POST /api/v2/connected-car/trips POST /api/v2/connected-car/trips/report POST /api/v3/connected-car/trips POST /identity/freshTokens POST /identity/oidc/v1/token POST /identity/refreshToken PUT /api/v1/customer/updateTerms PUT /api/v1/my-car/expenses/{expenseId} PUT /api/v1/vehicles/disable/vin/{vin} PUT /api/v1/vehicles/vin/{vin}Found on 2026-01-09 04:23 -
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2025-11-21 08:12
-
-
Open service 23.50.131.156:443 · myseatapp-api.pre.code.seat.cloud.vwgroup.com
2026-01-09 04:23
HTTP/1.1 200 OK Content-Type: application/hal+json Content-Length: 126 Expires: Fri, 09 Jan 2026 04:23:48 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 04:23:48 GMT Connection: close Akamai-GRN: 0.1c173317.1767932628.1bda2d26 { "_links" : { "profile" : { "href" : "http://api-origin.pre.myseatapp.seat.cloud.vwgroup.com/profile" } } }Found 2026-01-09 by HttpPluginCreate report
-
Open service 23.50.131.156:443 · myseatapp-api.pre.code.seat.cloud.vwgroup.com
2026-01-02 11:08
HTTP/1.1 200 OK Content-Type: application/hal+json Content-Length: 126 Expires: Fri, 02 Jan 2026 11:08:42 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 11:08:42 GMT Connection: close Akamai-GRN: 0.1c173317.1767352122.b73bf3ba { "_links" : { "profile" : { "href" : "http://api-origin.pre.myseatapp.seat.cloud.vwgroup.com/profile" } } }Found 2026-01-02 by HttpPluginCreate report
-
Open service 23.50.131.156:443 · myseatapp-api.pre.code.seat.cloud.vwgroup.com
2025-12-23 02:39
HTTP/1.1 200 OK Content-Type: application/hal+json Content-Length: 126 Expires: Tue, 23 Dec 2025 02:39:04 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Dec 2025 02:39:04 GMT Connection: close Akamai-GRN: 0.0f173317.1766457544.5d7c3da2 { "_links" : { "profile" : { "href" : "http://api-origin.pre.myseatapp.seat.cloud.vwgroup.com/profile" } } }Found 2025-12-23 by HttpPluginCreate report