LeakIX - Host nextech.com

Domain nextech.com

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

AmazonS3

tcp/443 tcp/80

CloudFront

tcp/443 tcp/80

Microsoft-IIS 10.0

tcp/443

cloudflare

tcp/443 tcp/80 tcp/8443

nginx nginx

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-data-service-api-dev.nextech.com
Port: 443
URL: https://nextech-data-service-api-dev.nextech.com

First seen 2025-10-21 00:49
Last seen 2026-01-02 11:59
Open for 73 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c207410435e8bb858c20c8028d213a382b61073b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Report/DeleteAllPermissionsOfSpecificRole
DELETE /api/Report/DeleteSpecificPermissionOfSpecificRole
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/Report/GetReportPermissions
GET /api/Report/GetRolePermissions
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/Subscription/GetDataInventoryList
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData
PUT /api/Report/UpsertRolePermissions

Found on 2026-01-02 11:59

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c207410435e8bb858c20c8028d213a381ef8b73d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Report/DeleteAllPermissionsOfSpecificRole
DELETE /api/Report/DeleteSpecificPermissionOfSpecificRole
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/Report/GetReportPermissions
GET /api/Report/GetRolePermissions
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData
PUT /api/Report/UpsertRolePermissions

Found on 2025-12-26 18:13

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-21 02:37

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d602fcc6ec732aea2283beebb2b0fe35a57b605df06

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Report/DeleteAllPermissionsOfSpecificRole
DELETE /api/Report/DeleteSpecificPermissionOfSpecificRole
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/Report/GetReportPermissions
GET /api/Report/GetRolePermissions
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData
PUT /api/Report/UpsertRolePermissions

Found on 2025-12-12 21:12

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354949230d2613256704e36c5d01f5f2ed2129fd949c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData

Found on 2025-11-22 22:10

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354949230d261325670458433470122327602c411425

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData

Found on 2025-11-06 17:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: nextech-data-service-api-qa.nextech.com
Port: 443
URL: https://nextech-data-service-api-qa.nextech.com

First seen 2025-10-28 23:30
Last seen 2026-01-10 01:16
Open for 73 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c207410435e8bb858c20c8028d213a381ef8b73d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Report/DeleteAllPermissionsOfSpecificRole
DELETE /api/Report/DeleteSpecificPermissionOfSpecificRole
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/Report/GetReportPermissions
GET /api/Report/GetRolePermissions
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData
PUT /api/Report/UpsertRolePermissions

Found on 2026-01-10 01:16

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-02 18:15

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354949230d2613256704e36c5d01f5f2ed2129fd949c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData

Found on 2025-11-30 17:33

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354949230d261325670458433470122327602c411425

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData

Found on 2025-11-03 13:51

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-reminders-api.nextech.com
Port: 443
URL: https://nextech-reminders-api.nextech.com

First seen 2025-10-16 01:33
Last seen 2026-01-09 06:58
Open for 85 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60b4236ecfd4aed2e10691d2241eaeb0070e980a85
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /message-logs/{patientId}
GET /v1/configurations/Page
GET /v1/configurations/appointmentTypes
GET /v1/configurations/locations
GET /v1/configurations/{id}
POST /v1/configurations
POST /v1/configurations/Validation
```
  Found on 2026-01-09 06:58
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d604ca71754ad9b7d93644c7af0a85be5e4620a0522
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /v1/configurations/Page
GET /v1/configurations/appointmentTypes
GET /v1/configurations/locations
GET /v1/configurations/{id}
POST /v1/configurations
POST /v1/configurations/Validation
```
  Found on 2025-11-04 21:47
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: auth0-api.nextech.com
Port: 443
URL: https://auth0-api.nextech.com

First seen 2025-12-01 23:47
Last seen 2026-01-08 23:22
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6063b63dfef34e08c3f6d5e574d66721a2a33e5742

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Session/{organizationId}/End
DELETE /api/Session/{userId}/EndUserSession
DELETE /api/User/DeleteUserIpException
DELETE /api/User/{email}/Bounce
DELETE /api/User/{id}/MFA
DELETE /api/User/{id}/Metadata/{key}
DELETE /api/User/{id}/Passkeys/{passkeyId}
DELETE /api/User/{id}/UnlinkExternal/{provider}/{externalUserId}
GET /api/FeatureFlag
GET /api/FeatureFlag/GetFeatureFlagValue
GET /api/FeatureFlag/{flagKey}
GET /api/Health
GET /api/Health/Badge
GET /api/IpRestriction
GET /api/IpRestriction/{ipRestrictionId}
GET /api/OrgAkaReference
GET /api/OrgAkaReference/{organizationId}
GET /api/Organization
GET /api/Organization/{orgId}/Members
GET /api/Organization/{orgId}/orgsetting
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/OrgAkaReference
GET /api/Role
GET /api/Role/{name}
GET /api/Session/ExpirationSettings
GET /api/Ticket/AccountUpdate/Acknowledge/{ticketId}
GET /api/Ticket/AccountUpdate/{email}
GET /api/User
GET /api/User/External
GET /api/User/GetUserIpException
GET /api/User/SearchUserIpExceptions
GET /api/User/{email}/Bounce/Status
GET /api/User/{email}/Messages
GET /api/User/{id}
GET /api/User/{id}/Block
GET /api/User/{id}/EnrolledDevices
GET /api/User/{id}/Organization
GET /api/User/{id}/Organization/{orgId}
GET /api/User/{id}/Organization/{orgId}/Role
GET /api/User/{id}/Organization/{orgId}/Role/{roleId}
GET /api/User/{id}/Passkeys
GET /api/User/{id}/PasswordResetRequest/Log
POST /api/Limit/OrgChange
POST /api/Organization/UpdateCache
POST /api/Organization/{orgId}/UpdateDefaultProductForUsers/{productId}
POST /api/Role/UpdateCache
POST /api/Session/CheckForExpiration
POST /api/Session/End
POST /api/Session/KeepAlive
POST /api/Session/Register
POST /api/Ticket/AccountUpdate
POST /api/Ticket/AccountUpdate/AcknowledgeMultiple/{ticketIds}
POST /api/Ticket/AccountUpdate/{ticketId}/ExtendExpiredTicket
POST /api/Ticket/AccountUpdate/{ticketId}/Resend
POST /api/User/PasswordResetRequest
POST /api/User/PasswordResetRequest/Log
POST /api/User/{id}/ForcePasswordReset
POST /api/User/{id}/Link/{provider}
POST /api/User/{id}/LinkExternal
POST /api/User/{id}/LoginPreference
POST /api/User/{id}/Metadata
POST /api/User/{id}/Organization/{orgId}/Roles
POST /api/User/{userId}/Organization/{orgId}/AddUserIpException
PUT /api/Ticket/AccountUpdate/{ticketId}/CancelTicket

Found on 2026-01-08 23:22

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6063b63dfef34e08c3f6d5e574d66721a2a7badd95

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Session/{organizationId}/End
DELETE /api/Session/{userId}/EndUserSession
DELETE /api/User/DeleteUserIpException
DELETE /api/User/{email}/Bounce
DELETE /api/User/{id}/MFA
DELETE /api/User/{id}/Metadata/{key}
DELETE /api/User/{id}/Passkeys/{passkeyId}
DELETE /api/User/{id}/UnlinkExternal/{provider}/{externalUserId}
GET /api/FeatureFlag
GET /api/FeatureFlag/GetFeatureFlagValue
GET /api/FeatureFlag/{flagKey}
GET /api/Health
GET /api/Health/Badge
GET /api/IpRestriction
GET /api/IpRestriction/{ipRestrictionId}
GET /api/OrgAkaReference
GET /api/OrgAkaReference/{organizationId}
GET /api/Organization
GET /api/Organization/{orgId}/Members
GET /api/Organization/{orgId}/orgsetting
GET /api/Organization/{organizationId}
GET /api/Role
GET /api/Role/{name}
GET /api/Session/ExpirationSettings
GET /api/Ticket/AccountUpdate/Acknowledge/{ticketId}
GET /api/Ticket/AccountUpdate/{email}
GET /api/User
GET /api/User/External
GET /api/User/GetUserIpException
GET /api/User/SearchUserIpExceptions
GET /api/User/{email}/Bounce/Status
GET /api/User/{email}/Messages
GET /api/User/{id}
GET /api/User/{id}/Block
GET /api/User/{id}/EnrolledDevices
GET /api/User/{id}/Organization
GET /api/User/{id}/Organization/{orgId}
GET /api/User/{id}/Organization/{orgId}/Role
GET /api/User/{id}/Organization/{orgId}/Role/{roleId}
GET /api/User/{id}/Passkeys
GET /api/User/{id}/PasswordResetRequest/Log
POST /api/Limit/OrgChange
POST /api/Organization/UpdateCache
POST /api/Organization/{orgId}/UpdateDefaultProductForUsers/{productId}
POST /api/Role/UpdateCache
POST /api/Session/CheckForExpiration
POST /api/Session/End
POST /api/Session/KeepAlive
POST /api/Session/Register
POST /api/Ticket/AccountUpdate
POST /api/Ticket/AccountUpdate/AcknowledgeMultiple/{ticketIds}
POST /api/Ticket/AccountUpdate/{ticketId}/ExtendExpiredTicket
POST /api/Ticket/AccountUpdate/{ticketId}/Resend
POST /api/User/PasswordResetRequest
POST /api/User/PasswordResetRequest/Log
POST /api/User/{id}/ForcePasswordReset
POST /api/User/{id}/Link/{provider}
POST /api/User/{id}/LinkExternal
POST /api/User/{id}/LoginPreference
POST /api/User/{id}/Metadata
POST /api/User/{id}/Organization/{orgId}/Roles
POST /api/User/{userId}/Organization/{orgId}/AddUserIpException
PUT /api/Ticket/AccountUpdate/{ticketId}/CancelTicket

Found on 2025-12-01 23:47

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: auth.nextech.com
Port: 443
URL: https://auth.nextech.com

First seen 2025-10-29 13:12
Last seen 2026-01-10 02:28
Open for 72 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d69bb1abdc

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache
DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal
DELETE /api/DatabaseConnection/Icp/cache
DELETE /api/DatabaseConnection/PracticePlus/cache
DELETE /api/DatabaseConnection/PracticePlusODS/cache
DELETE /api/NextechUsers
GET /api/Clients
GET /api/Clients/Practice/{practiceId}
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/BaseUri/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS
GET /api/Clients/{accountNumber}/IPWhitelist
GET /api/Clients/{accountNumber}/Nodes
GET /api/Clients/{accountNumber}/Nodes/{id}
GET /api/Clients/{accountNumber}/Nodes/{id}/children
GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/ByEmail
GET /api/Clients/{accountNumber}/Users/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees
GET /api/MfaType
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Authentication/AuthenticateToken
POST /api/Authentication/AuthenticatedUser
POST /api/Authentication/ChangePassword
POST /api/Authentication/RenewToken
POST /api/Authentication/User
POST /api/Authentication/VerifyToken
POST /api/Clients/UpdateUserEmailAcrossClients
POST /api/Clients/{accountNumber}/ForgotPassword
POST /api/Clients/{accountNumber}/ForgotPassword/changePassword
POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token}
POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave
POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers
POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId}
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail
POST /api/DatabaseConnection/PracticePlus/search
POST /api/DatabaseConnection/PracticePlusODS/search
POST /api/rate-limit
PUT /api/Authentication/ExpireToken

Found on 2026-01-10 02:28

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d619b745dd

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache
DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal
DELETE /api/DatabaseConnection/Icp/cache
DELETE /api/DatabaseConnection/PracticePlus/cache
DELETE /api/DatabaseConnection/PracticePlusODS/cache
DELETE /api/NextechUsers
GET /api/Clients
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/BaseUri/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS
GET /api/Clients/{accountNumber}/IPWhitelist
GET /api/Clients/{accountNumber}/Nodes
GET /api/Clients/{accountNumber}/Nodes/{id}
GET /api/Clients/{accountNumber}/Nodes/{id}/children
GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/ByEmail
GET /api/Clients/{accountNumber}/Users/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees
GET /api/MfaType
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Authentication/AuthenticateToken
POST /api/Authentication/AuthenticatedUser
POST /api/Authentication/ChangePassword
POST /api/Authentication/RenewToken
POST /api/Authentication/User
POST /api/Authentication/VerifyToken
POST /api/Clients/UpdateUserEmailAcrossClients
POST /api/Clients/{accountNumber}/ForgotPassword
POST /api/Clients/{accountNumber}/ForgotPassword/changePassword
POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token}
POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave
POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers
POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId}
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail
POST /api/DatabaseConnection/PracticePlus/search
POST /api/DatabaseConnection/PracticePlusODS/search
POST /api/rate-limit
PUT /api/Authentication/ExpireToken

Found on 2025-11-10 19:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-reminders-api-dev.nextech.com
Port: 443
URL: https://nextech-reminders-api-dev.nextech.com

First seen 2025-10-20 07:25
Last seen 2026-01-09 01:29
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60b4236ecfd4aed2e10691d2241eaeb0070e980a85
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /message-logs/{patientId}
GET /v1/configurations/Page
GET /v1/configurations/appointmentTypes
GET /v1/configurations/locations
GET /v1/configurations/{id}
POST /v1/configurations
POST /v1/configurations/Validation
```
  Found on 2026-01-09 01:29
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d604ca71754ad9b7d93644c7af0a85be5e4620a0522
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /v1/configurations/Page
GET /v1/configurations/appointmentTypes
GET /v1/configurations/locations
GET /v1/configurations/{id}
POST /v1/configurations
POST /v1/configurations/Validation
```
  Found on 2025-10-29 05:24
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-notification-api.nextech.com
Port: 443
URL: https://nextech-notification-api.nextech.com

First seen 2025-10-17 17:49
Last seen 2026-01-09 18:19
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60f0777e6ab5169a9d53aa90d7cc0d9e0a39322891
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Call
POST /api/Call/status-callback
POST /api/Communication
POST /api/Communication/search
POST /api/Email
POST /api/Email/status-callback
POST /api/Sms
POST /api/Sms/status-callback
POST /api/rate-limit
```
  Found on 2026-01-09 18:19
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: nextech-cloud-file-manager-api-dev.nextech.com
Port: 443
URL: https://nextech-cloud-file-manager-api-dev.nextech.com

First seen 2025-10-19 14:35
Last seen 2026-01-09 13:36
Open for 81 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6055b4cd9e4c6e11dc19d83873c7bc05b607ea8b8d

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Health
GET /api/Health/Badge
GET /api/clients/{clientId}/categories/{category}
GET /api/clients/{clientId}/categories/{category}/files/{fileId}
GET /api/clients/{clientId}/categories/{category}/subcategories/{subcategory}
GET /api/clients/{clientId}/categories/{category}/subcategories/{subcategory}/files/{fileId}
GET /api/clients/{clientId}/patients/{patientId}/categories/{category}
GET /api/clients/{clientId}/patients/{patientId}/categories/{category}/exists/files/{fileId}
GET /api/clients/{clientId}/patients/{patientId}/categories/{category}/files/{fileId}
GET /api/clients/{clientId}/patients/{patientId}/categories/{category}/subcategories/{subcategory}
GET /api/clients/{clientId}/patients/{patientId}/categories/{category}/subcategories/{subcategory}/exists/files/{fileId}
GET /api/clients/{clientId}/patients/{patientId}/categories/{category}/subcategories/{subcategory}/files/{fileId}
GET /api/rate-limit/{id}
POST /api/clients/{clientId}/categories/{category}/subcategories/{subcategory}/files/{fileId}/metadata
POST /api/clients/{clientId}/file/store
POST /api/clients/{clientId}/file/upload
POST /api/clients/{clientId}/patient/{patientId}/file/{fileId}/category/{category}/targetclient/{targetClientId}/targetpatient/{targetPatientId}/targetfile/{targetFileId}
POST /api/rate-limit

Found on 2026-01-09 13:36

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-notification-api-dev.nextech.com
Port: 443
URL: https://nextech-notification-api-dev.nextech.com

First seen 2025-10-18 19:21
Last seen 2026-01-09 12:12
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60f0777e6ab5169a9d53aa90d7cc0d9e0a39322891
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Call
POST /api/Call/status-callback
POST /api/Communication
POST /api/Communication/search
POST /api/Email
POST /api/Email/status-callback
POST /api/Sms
POST /api/Sms/status-callback
POST /api/rate-limit
```
  Found on 2026-01-09 12:12
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: scheduler.api.nextech.com
Port: 443
URL: https://scheduler.api.nextech.com

First seen 2025-12-10 06:16
Last seen 2026-01-09 07:43
Open for 30 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60bba1d3d6e29fff9ef8acdcbc957a0c8b7be8f1e3

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/ProviderImages/{id}
GET /api/Admin/UnmigratedClients
GET /api/AppointmentReasons
GET /api/AppointmentReasons/AvailableOnline
GET /api/AppointmentTypes
GET /api/AppointmentTypes/AvailableOnline
GET /api/GeneralSettings
GET /api/GeneralSettings/AvailableOnline
GET /api/Insurance
GET /api/Insurance/AvailableOnline
GET /api/Locations
GET /api/Locations/AvailableOnline
GET /api/OnlineScheduling
GET /api/Payment
GET /api/Practice/FeatureFlags/{id}
GET /api/Practice/Nodes/{id}
GET /api/Practice/PaymentSettings/{accountNumber}
GET /api/ProviderImages
GET /api/Providers
GET /api/Providers/AvailableOnline
GET /api/SasToken
GET /api/rate-limit/{id}
GET /health-check/sql
PATCH /api/Admin/MigrateIndividualClient
POST /api/ProviderImages/{providerId}/Upload
POST /api/ProviderImages/{resourceId}/ResourceUpload
POST /api/rate-limit
PUT /api/ProviderImages/{id}/Default

Found on 2026-01-09 07:43

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.136.4
Domain: mfa-api.nextech.com
Port: 443
URL: https://mfa-api.nextech.com

First seen 2025-11-09 04:30
Last seen 2026-01-09 16:59
Open for 61 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6015553d6fc68cc3eb20b61e244762496173593b57
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Challenge
GET /api/Challenge/{challengeId}
GET /api/ChallengeType
GET /api/Channel
GET /api/Channel/{channelId}
GET /api/Factor
GET /api/Factor/{factorId}
GET /api/Factor/{factorId}/QrCode
GET /api/Health
GET /api/Health/Badge
GET /api/Registration
GET /api/Registration/{registrationId}
GET /api/Verification
GET /api/Verification/{verificationId}
```
  Found on 2026-01-09 16:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-express-api-dev.nextech.com
Port: 443
URL: https://nextech-express-api-dev.nextech.com

First seen 2025-10-19 02:00
Last seen 2026-01-09 13:15
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6036b8243a8848f5e7f6a8527d250eafe9105d1635
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Clients/{id}
GET /api/Integrations/{id}
GET /api/rate-limit/{id}
POST /api/Clients
POST /api/Clients/Search
POST /api/Integrations
POST /api/Integrations/Search
POST /api/PersistedEvents
POST /api/rate-limit
```
  Found on 2026-01-09 13:15
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: mercuryapi-lm.nextech.com
Port: 443
URL: https://mercuryapi-lm.nextech.com

First seen 2025-10-17 07:17
Last seen 2026-01-09 10:54
Open for 84 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60631107dd91fa276420be656d40559f63b9beb4f7

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/v1/sysadmin/Accounts/{accountId}
DELETE /api/v1/sysadmin/EmailTemplates/{templateId}
DELETE /api/v1/sysadmin/Users/{userId}
GET /api/v1/Accounts
GET /api/v1/Accounts/Pms
GET /api/v1/Accounts/{accountId}
GET /api/v1/Accounts/{accountId}/AccountMembers
GET /api/v1/Accounts/{accountId}/AccountMembers/{accountMemberId}
GET /api/v1/Accounts/{accountId}/EmailTemplateCategories
GET /api/v1/Accounts/{accountId}/EmailTemplates
GET /api/v1/Accounts/{accountId}/Feature/{featureId}
GET /api/v1/Accounts/{accountId}/Features
GET /api/v1/Accounts/{accountId}/IntegrationForms/{integrationFormId}
GET /api/v1/Accounts/{accountId}/LeadSources
GET /api/v1/Accounts/{accountId}/LeadSources/Channels
GET /api/v1/Accounts/{accountId}/LeadSources/{leadSourceId}
GET /api/v1/Accounts/{accountId}/Locations
GET /api/v1/Accounts/{accountId}/Locations/{locationId}
GET /api/v1/Accounts/{accountId}/TransactionKeys
GET /api/v1/Accounts/{accountId}/TransactionKeys/{transactionKeyId}
GET /api/v1/Accounts/{accountId}/TransactionKeys/{transactionKeyId}/IntegrationForms
GET /api/v1/Accounts/{accountId}/Websites
GET /api/v1/Accounts/{accountId}/Websites/{websiteId}
GET /api/v1/Accounts/{clientId}/ClientIdAvailable
GET /api/v1/Accounts/{clientId}/DoesClientExist
GET /api/v1/Accounts/{clientId}/GetByClientId
GET /api/v1/Accounts/{clientId}/ServerName
GET /api/v1/ApplicationRoles
GET /api/v1/ApplicationRoles/{pmEmrId}
GET /api/v1/ClientDatabase
GET /api/v1/ClientDatabase/Source
GET /api/v1/CommunicationsLookup/{emailId}
GET /api/v1/Countries
GET /api/v1/Countries/{countryId}
GET /api/v1/EmailTemplates/{templateId}
GET /api/v1/MedicalFields
GET /api/v1/MedicalFields/{medicalFieldId}
GET /api/v1/Navigation/AppGuards
GET /api/v1/Navigation/Menu
GET /api/v1/Navigation/MercuryMenu
GET /api/v1/PmsEmrs
GET /api/v1/PmsEmrs/{pmsEmrId}
GET /api/v1/States
GET /api/v1/States/{stateId}
GET /api/v1/TimeZones
GET /api/v1/TimeZones/{timeZoneId}
GET /api/v1/Users
GET /api/v1/Users/{userId}
POST /api/v1/AccountMembers
POST /api/v1/Accounts/{accountId}/AccountMembers/{accountMemberId}/Invite
POST /api/v1/Accounts/{accountId}/ApexChatKey
POST /api/v1/Accounts/{accountId}/IntegrationForms
POST /api/v1/Accounts/{accountId}/TwillioActivation
POST /api/v1/Accounts/{practiceName}/GenerateClientId
POST /api/v1/ClientDatabase/Destination
POST /api/v1/ClientDatabase/Ping
POST /api/v1/CommunicationsLookup
POST /api/v1/EmailTemplates
POST /api/v1/LeadSources
POST /api/v1/Locations
POST /api/v1/TransactionKeys
POST /api/v1/Users/CreatePassword
POST /api/v1/Users/{userId}/Invite
POST /api/v1/Websites
PUT /api/v1/AccountMembers/{accountMemberId}
PUT /api/v1/LeadSources/{leadSourceId}
PUT /api/v1/Locations/{locationId}
PUT /api/v1/TransactionKeys/{transactionKeyId}
PUT /api/v1/Websites/{websiteId}

Found on 2026-01-09 10:54

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: nextech-notes-api-dev.nextech.com
Port: 443
URL: https://nextech-notes-api-dev.nextech.com

First seen 2025-10-18 08:53
Last seen 2026-01-09 08:30
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d606aeda8d391ad1d81f004accb8422aa81fee43046
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/AuditEvent
GET /api/Composition
GET /api/Composition/{id}
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Composition/{id}/$audit
POST /api/rate-limit
```
  Found on 2026-01-09 08:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: todo-api.nextech.com
Port: 443
URL: https://todo-api.nextech.com

First seen 2025-12-07 10:11
Last seen 2026-01-09 07:40
Open for 32 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d606aeda8d3e47fdbbdae42428fef69f894b62d36d2
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/AuditEvent
GET /api/Category
GET /api/Category/{id}
GET /api/CommunicationMethod
GET /api/Group
GET /api/Group/{id}
GET /api/Task
GET /api/Task/patient/{patientId}/Count
GET /api/Task/user/{applicationUserId}/Count
GET /api/Task/{id}
GET /api/rate-limit/{id}
GET /health-check
PATCH /api/Todo/{id}
POST /api/AuditEvent/_search
POST /api/Category/bulk
POST /api/Client/backfill
POST /api/Task/_search
POST /api/Task/category/backfill
POST /api/Task/user/{applicationUserId}/IcpCount
POST /api/rate-limit
```
  Found on 2026-01-09 07:40
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.144.25
Domain: nextech-data-service-api.nextech.com
Port: 443
URL: https://nextech-data-service-api.nextech.com

First seen 2025-12-02 19:35
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354949230d2613256704e36c5d01f5f2ed2129fd949c
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Report/GetPowerBIReport
GET /api/Report/GetPowerBIReports
GET /api/Report/GetReportBases
GET /api/ReportFilter/appointment-resources
GET /api/ReportFilter/appointment-statuses
GET /api/ReportFilter/appointment-types
GET /api/ReportFilter/insurance-companies
GET /api/User/entitlements/Practice
GET /api/User/entitlements/Provider
GET /api/User/entitlements/facilities
POST /api/Report/GetDailyScheduleReportData
```
  Found on 2025-12-02 19:35
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: contactpref-lm.nextech.com
Port: 443
URL: https://contactpref-lm.nextech.com

First seen 2025-10-19 00:46
Last seen 2026-01-09 21:24
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60f0777e6a38a9a3741340d0d29540332a0ccd173f
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/rate-limit/{id}
GET /api/v1/Contact
POST /api/rate-limit
POST /api/v1/Contact/communication-preferences
POST /api/v1/TwilioDeactivation
```
  Found on 2026-01-09 21:24
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: nextech-express-api.nextech.com
Port: 443
URL: https://nextech-express-api.nextech.com

First seen 2025-10-18 01:06
Last seen 2026-01-09 21:10
Open for 83 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6036b8243a8848f5e7f6a8527d250eafe9105d1635
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Clients/{id}
GET /api/Integrations/{id}
GET /api/rate-limit/{id}
POST /api/Clients
POST /api/Clients/Search
POST /api/Integrations
POST /api/Integrations/Search
POST /api/PersistedEvents
POST /api/rate-limit
```
  Found on 2026-01-09 21:10
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.15.132
Domain: auth1.staging.nextech.com
Port: 443
URL: https://auth1.staging.nextech.com

First seen 2025-12-04 04:42
Last seen 2026-01-09 19:49
Open for 36 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d69bb1abdc

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache
DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal
DELETE /api/DatabaseConnection/Icp/cache
DELETE /api/DatabaseConnection/PracticePlus/cache
DELETE /api/DatabaseConnection/PracticePlusODS/cache
DELETE /api/NextechUsers
GET /api/Clients
GET /api/Clients/Practice/{practiceId}
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/BaseUri/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS
GET /api/Clients/{accountNumber}/IPWhitelist
GET /api/Clients/{accountNumber}/Nodes
GET /api/Clients/{accountNumber}/Nodes/{id}
GET /api/Clients/{accountNumber}/Nodes/{id}/children
GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/ByEmail
GET /api/Clients/{accountNumber}/Users/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees
GET /api/MfaType
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Authentication/AuthenticateToken
POST /api/Authentication/AuthenticatedUser
POST /api/Authentication/ChangePassword
POST /api/Authentication/RenewToken
POST /api/Authentication/User
POST /api/Authentication/VerifyToken
POST /api/Clients/UpdateUserEmailAcrossClients
POST /api/Clients/{accountNumber}/ForgotPassword
POST /api/Clients/{accountNumber}/ForgotPassword/changePassword
POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token}
POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave
POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers
POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId}
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail
POST /api/DatabaseConnection/PracticePlus/search
POST /api/DatabaseConnection/PracticePlusODS/search
POST /api/rate-limit
PUT /api/Authentication/ExpireToken

Found on 2026-01-09 19:49

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: membershipsapi-qa.nextech.com
Port: 443
URL: https://membershipsapi-qa.nextech.com

First seen 2025-12-07 20:51
Last seen 2026-01-09 16:01
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d603ce754bf7fdf4e7fbaf4f2ae0d979aef60ffa147

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Authorization
GET /api/FeatureFlag/All
GET /api/FeatureFlag/Flag/{featureKey}
GET /api/Location
GET /api/Membership/GetMembershipGroups/{id}
GET /api/Membership/{name}/exists
GET /api/MembershipItems/GetServicesByGroupDetailIds
GET /api/MembershipItems/Products
GET /api/MembershipItems/Services
GET /api/MerchantAccount
GET /api/PatientMembership/{id}
GET /api/PaymentCategory
GET /api/Practice/Nodes/{id}
GET /api/Provider
GET /api/rate-limit/{id}
PATCH /api/PatientMembershipServicesBilled/{id}
POST /api/Membership
POST /api/Membership/GetMemberships
POST /api/Membership/GetMembershipsAvailableToAddToPatient
POST /api/Membership/IsItemInUse
POST /api/Membership/UpdateMembership
POST /api/PatientMembership/CancelPatientMembership
POST /api/PatientMembership/CreatePatientMembership
POST /api/PatientMembership/GetPatientMemberships
POST /api/PatientMembership/GetPatientMembershipsPaginated
POST /api/PatientMembership/GetPatientMembershipsWithServiceCountsPaginated
POST /api/PatientMembershipService/AllocateServices
POST /api/PatientMembershipService/ExtendPatientMembershipService
POST /api/PatientMembershipService/GetPatientAvailableServices
POST /api/PatientMembershipService/GetPatientMembershipsDiscounts
POST /api/PatientMembershipService/MarkServiceUsed
POST /api/PatientMembershipServicesBilled/GetPatientMembershipServiceBilled
POST /api/rate-limit
PUT /api/PatientMembership/UpdatePatientMembershipStatus
PUT /api/PatientMembershipService/UpdatePatientMembershipServiceStatus

Found on 2026-01-09 16:01

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: creditcard-api.nextech.com
Port: 443
URL: https://creditcard-api.nextech.com

First seen 2025-10-16 17:13
Last seen 2026-01-09 15:32
Open for 84 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d605fdc8c9c3224d046d6c89d0d3beaa7b1e33245a0

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/CreditCardProfiles/{profileId}/{accountId}
GET /api/Audit/get/{entityType}/{objectReferenceId}
GET /api/CreditCardProfiles
GET /api/CreditCardProfiles/GetByProfileId/{profileId}
GET /api/CreditCardProfiles/{id}
GET /api/CreditCardTransactions/GetUpdatedAccountTransaction
GET /api/CreditCardTransactions/{id}
GET /api/Device/ListTerminals
GET /api/Device/Ping
GET /api/PaymentPlans
GET /api/PaymentPlans/{id}
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/CardConnectMigration/CreditCardTransaction
POST /api/CardConnectMigration/PaymentProfile
POST /api/CreditCardProfiles/{profileId}/CreditCardAccounts
POST /api/CreditCardTransactions/AuthorizeCreditCardPayment
POST /api/CreditCardTransactions/AuthorizeCreditCardProfilePayment
POST /api/CreditCardTransactions/ProcessCreditCardPayment
POST /api/CreditCardTransactions/Refund
POST /api/Device/CancelOperation
POST /api/PaymentPlans/UpdateAccount
POST /api/PaymentPlans/{id}/Cancel
POST /api/rate-limit

Found on 2026-01-09 15:32

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: api.crm.nextech.com
Port: 443
URL: https://api.crm.nextech.com

First seen 2025-10-17 02:04
Last seen 2026-01-08 23:36
Open for 83 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d601ea5f2ae301dda87301dda87301dda87301dda87
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
POST /Leads
POST /api/v1/LeadQueue/webForms
```
  Found on 2026-01-08 23:36
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: nextech-creditcard-api-dev.nextech.com
Port: 443
URL: https://nextech-creditcard-api-dev.nextech.com

First seen 2025-10-19 07:49
Last seen 2026-01-02 22:15
Open for 75 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d605fdc8c9c3224d046d6c89d0d3beaa7b1e33245a0

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/CreditCardProfiles/{profileId}/{accountId}
GET /api/Audit/get/{entityType}/{objectReferenceId}
GET /api/CreditCardProfiles
GET /api/CreditCardProfiles/GetByProfileId/{profileId}
GET /api/CreditCardProfiles/{id}
GET /api/CreditCardTransactions/GetUpdatedAccountTransaction
GET /api/CreditCardTransactions/{id}
GET /api/Device/ListTerminals
GET /api/Device/Ping
GET /api/PaymentPlans
GET /api/PaymentPlans/{id}
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/CardConnectMigration/CreditCardTransaction
POST /api/CardConnectMigration/PaymentProfile
POST /api/CreditCardProfiles/{profileId}/CreditCardAccounts
POST /api/CreditCardTransactions/AuthorizeCreditCardPayment
POST /api/CreditCardTransactions/AuthorizeCreditCardProfilePayment
POST /api/CreditCardTransactions/ProcessCreditCardPayment
POST /api/CreditCardTransactions/Refund
POST /api/Device/CancelOperation
POST /api/PaymentPlans/UpdateAccount
POST /api/PaymentPlans/{id}/Cancel
POST /api/rate-limit

Found on 2026-01-02 22:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-inventory-api-dev.nextech.com
Port: 443
URL: https://nextech-inventory-api-dev.nextech.com

First seen 2025-10-18 22:02
Last seen 2026-01-10 01:53
Open for 83 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60aa7f04b7182b46a319c84e396c1bccb3de96225a

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/practices/{practiceId}/facilities/{facilityId}/patients/{patientId}/Transactions/{transactionId}
GET /api/Clients
GET /api/Practices
GET /api/Practices/{id}
GET /api/Products
GET /api/Products/{productId}
GET /api/practices/{practiceId}/Facilities
GET /api/practices/{practiceId}/Facilities/{facilityId}
GET /api/practices/{practiceId}/Facilities/{facilityId}/Users/{userId}
GET /api/practices/{practiceId}/Facilities/{facilityId}/users
GET /api/practices/{practiceId}/Products
GET /api/practices/{practiceId}/Products/{productId}
GET /api/practices/{practiceId}/Users
GET /api/practices/{practiceId}/Users/{userId}
GET /api/practices/{practiceId}/Users/{userId}/Facilities
GET /api/practices/{practiceId}/Users/{username}/Authenticate
GET /api/practices/{practiceId}/facilities/{facilityId}/Doctors
GET /api/practices/{practiceId}/facilities/{facilityId}/Doctors/{doctorId}
GET /api/practices/{practiceId}/facilities/{facilityId}/Patients
GET /api/practices/{practiceId}/facilities/{facilityId}/Patients/{patientId}
GET /api/practices/{practiceId}/facilities/{facilityId}/Products
GET /api/practices/{practiceId}/facilities/{facilityId}/Products/{productId}
GET /api/practices/{practiceId}/facilities/{facilityId}/patients/{patientId}/Transactions
GET /api/practices/{practiceId}/facilities/{facilityId}/products/{productId}/productInventories
GET /api/rate-limit/{id}
POST /api/Clients/ValidateCredentials
POST /api/practices/{practiceId}/facilities/{facilityId}/PosTransactions
POST /api/practices/{practiceId}/facilities/{facilityId}/Transactions
POST /api/rate-limit

Found on 2026-01-10 01:53

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: timetask-lm.nextech.com
Port: 443
URL: https://timetask-lm.nextech.com

First seen 2025-10-17 14:37
Last seen 2026-01-10 01:38
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609d2290c0c216d54e4998087baca946a10a278989
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /jobs/{externalId}
GET /jobs/{externalId}/instanceHistory
POST /jobs
POST /jobs/{instanceId}/instanceHistory
PUT /jobs/pause/{externalId}
```
  Found on 2026-01-10 01:38
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.15.132
Domain: bizapp.staging.nextech.com
Port: 443
URL: https://bizapp.staging.nextech.com

First seen 2025-12-01 20:33
Last seen 2026-01-09 15:38
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6050cc01e8acc2f935be673071a5b528b2e4b85990

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Clients
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/Environments
GET /api/Clients/{accountNumber}/Features
GET /api/Clients/{accountNumber}/Hl7Configurations
GET /api/Clients/{accountNumber}/Hl7Configurations/{id}
GET /api/Clients/{accountNumber}/Podis
GET /api/Clients/{accountNumber}/Providers
GET /api/Clients/{accountNumber}/Providers/{id}
GET /api/Environments/{clientEnvironment}/Clients
GET /api/MedicalCodes/HcpcCodes
GET /api/MedicalCodes/Icd10Codes
GET /api/MedicalCodes/Icd9Codes
GET /api/Notifications
GET /api/Providers
GET /api/RxTerms/GetRxTermDisplayNames
GET /api/RxTerms/GetRxTerms
GET /api/SqlServerConnections
GET /api/TaxonomyCodes
GET /api/rate-limit/{id}
GET /health-check/sql
PATCH /api/Clients/{accountNumber}/Providers/PatchClientProvider/{id}
POST /api/Clients/{accountNumber}/PracticePlusCategories
POST /api/Clients/{accountNumber}/PracticePlusPracticeService
POST /api/Communications/{accountNumber}/AdminUsers
POST /api/EndpointNotification/Search
POST /api/MedicalCodes/MedicalCodeSearch
POST /api/clients/{accountNumber}/Provision/{specialty}
POST /api/rate-limit
PUT /api/Clients/{accountNumber}/Features/{id}
PUT /api/Clients/{accountNumber}/Features/{id}/{flagState}

Found on 2026-01-09 15:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: saas-notes-api.nextech.com
Port: 443
URL: https://saas-notes-api.nextech.com

First seen 2025-10-17 05:39
Last seen 2026-01-09 15:36
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d606aeda8d391ad1d81f004accb8422aa81fee43046
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/AuditEvent
GET /api/Composition
GET /api/Composition/{id}
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Composition/{id}/$audit
POST /api/rate-limit
```
  Found on 2026-01-09 15:36
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: nextech-inventory-api.nextech.com
Port: 443
URL: https://nextech-inventory-api.nextech.com

First seen 2025-10-18 05:49
Last seen 2026-01-09 15:36
Open for 83 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60aa7f04b7182b46a319c84e396c1bccb3de96225a

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/practices/{practiceId}/facilities/{facilityId}/patients/{patientId}/Transactions/{transactionId}
GET /api/Clients
GET /api/Practices
GET /api/Practices/{id}
GET /api/Products
GET /api/Products/{productId}
GET /api/practices/{practiceId}/Facilities
GET /api/practices/{practiceId}/Facilities/{facilityId}
GET /api/practices/{practiceId}/Facilities/{facilityId}/Users/{userId}
GET /api/practices/{practiceId}/Facilities/{facilityId}/users
GET /api/practices/{practiceId}/Products
GET /api/practices/{practiceId}/Products/{productId}
GET /api/practices/{practiceId}/Users
GET /api/practices/{practiceId}/Users/{userId}
GET /api/practices/{practiceId}/Users/{userId}/Facilities
GET /api/practices/{practiceId}/Users/{username}/Authenticate
GET /api/practices/{practiceId}/facilities/{facilityId}/Doctors
GET /api/practices/{practiceId}/facilities/{facilityId}/Doctors/{doctorId}
GET /api/practices/{practiceId}/facilities/{facilityId}/Patients
GET /api/practices/{practiceId}/facilities/{facilityId}/Patients/{patientId}
GET /api/practices/{practiceId}/facilities/{facilityId}/Products
GET /api/practices/{practiceId}/facilities/{facilityId}/Products/{productId}
GET /api/practices/{practiceId}/facilities/{facilityId}/patients/{patientId}/Transactions
GET /api/practices/{practiceId}/facilities/{facilityId}/products/{productId}/productInventories
GET /api/rate-limit/{id}
POST /api/Clients/ValidateCredentials
POST /api/practices/{practiceId}/facilities/{facilityId}/PosTransactions
POST /api/practices/{practiceId}/facilities/{facilityId}/Transactions
POST /api/rate-limit

Found on 2026-01-09 15:36

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.14.132
Domain: todo.staging.nextech.com
Port: 443
URL: https://todo.staging.nextech.com

First seen 2025-10-17 23:09
Last seen 2026-01-09 15:09
Open for 83 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d606aeda8d3e47fdbbdae42428fef69f894b62d36d2
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/AuditEvent
GET /api/Category
GET /api/Category/{id}
GET /api/CommunicationMethod
GET /api/Group
GET /api/Group/{id}
GET /api/Task
GET /api/Task/patient/{patientId}/Count
GET /api/Task/user/{applicationUserId}/Count
GET /api/Task/{id}
GET /api/rate-limit/{id}
GET /health-check
PATCH /api/Todo/{id}
POST /api/AuditEvent/_search
POST /api/Category/bulk
POST /api/Client/backfill
POST /api/Task/_search
POST /api/Task/category/backfill
POST /api/Task/user/{applicationUserId}/IcpCount
POST /api/rate-limit
```
  Found on 2026-01-09 15:09
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: auth.qa.nextech.com
Port: 443
URL: https://auth.qa.nextech.com

First seen 2025-12-07 22:25
Last seen 2026-01-09 14:30
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d69bb1abdc

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache
DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal
DELETE /api/DatabaseConnection/Icp/cache
DELETE /api/DatabaseConnection/PracticePlus/cache
DELETE /api/DatabaseConnection/PracticePlusODS/cache
DELETE /api/NextechUsers
GET /api/Clients
GET /api/Clients/Practice/{practiceId}
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/BaseUri/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS
GET /api/Clients/{accountNumber}/IPWhitelist
GET /api/Clients/{accountNumber}/Nodes
GET /api/Clients/{accountNumber}/Nodes/{id}
GET /api/Clients/{accountNumber}/Nodes/{id}/children
GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/ByEmail
GET /api/Clients/{accountNumber}/Users/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees
GET /api/MfaType
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Authentication/AuthenticateToken
POST /api/Authentication/AuthenticatedUser
POST /api/Authentication/ChangePassword
POST /api/Authentication/RenewToken
POST /api/Authentication/User
POST /api/Authentication/VerifyToken
POST /api/Clients/UpdateUserEmailAcrossClients
POST /api/Clients/{accountNumber}/ForgotPassword
POST /api/Clients/{accountNumber}/ForgotPassword/changePassword
POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token}
POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave
POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers
POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId}
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail
POST /api/DatabaseConnection/PracticePlus/search
POST /api/DatabaseConnection/PracticePlusODS/search
POST /api/rate-limit
PUT /api/Authentication/ExpireToken

Found on 2026-01-09 14:30

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: cms-lm.nextech.com
Port: 443
URL: https://cms-lm.nextech.com

First seen 2025-10-18 03:54
Last seen 2026-01-09 14:25
Open for 83 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60f681474d39d4e255bd3463da4a77f411be6f275d
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /actions/product/{productId}
GET /audience/trigger/{triggerId}
GET /campaign
GET /campaign/{campaignId}
GET /campaignMetadata/product/{productIdentifier}
GET /campaignMetadata/workflowTypes
GET /triggers/campaignType/{campaignTypeId}
POST /campaign/filter
POST /campaign/page
POST /campaign/workflow/EventHandler
```
  Found on 2026-01-09 14:25
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.0.230
Domain: practice-plus-users-api.nextech.com
Port: 443
URL: https://practice-plus-users-api.nextech.com

First seen 2025-12-05 10:58
Last seen 2026-01-09 10:24
Open for 34 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609669eef84cd0cfe01a7bb2f530c4d6abf50e51f4
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Clients/{accountNumber}/ArbimedUsers
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/{ppUserId}
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Clients/{accountNumber}/AuthUsers
POST /api/Clients/{accountNumber}/Users/{pmUserId}/roles
POST /api/rate-limit
PUT /api/Clients/{accountNumber}/ArbimedUsers/{practicePlusUserId}
PUT /api/Clients/{accountNumber}/AuthUsers/{applicationUserId}
PUT /api/Clients/{accountNumber}/Users/{pmUserId}
```
  Found on 2026-01-09 10:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: bizpm.nextech.com
Port: 443
URL: https://bizpm.nextech.com

First seen 2025-12-04 21:27
Last seen 2026-01-09 02:02
Open for 35 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6050cc01e8acc2f935be673071a5b528b2e4b85990

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Clients
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/Environments
GET /api/Clients/{accountNumber}/Features
GET /api/Clients/{accountNumber}/Hl7Configurations
GET /api/Clients/{accountNumber}/Hl7Configurations/{id}
GET /api/Clients/{accountNumber}/Podis
GET /api/Clients/{accountNumber}/Providers
GET /api/Clients/{accountNumber}/Providers/{id}
GET /api/Environments/{clientEnvironment}/Clients
GET /api/MedicalCodes/HcpcCodes
GET /api/MedicalCodes/Icd10Codes
GET /api/MedicalCodes/Icd9Codes
GET /api/Notifications
GET /api/Providers
GET /api/RxTerms/GetRxTermDisplayNames
GET /api/RxTerms/GetRxTerms
GET /api/SqlServerConnections
GET /api/TaxonomyCodes
GET /api/rate-limit/{id}
GET /health-check/sql
PATCH /api/Clients/{accountNumber}/Providers/PatchClientProvider/{id}
POST /api/Clients/{accountNumber}/PracticePlusCategories
POST /api/Clients/{accountNumber}/PracticePlusPracticeService
POST /api/Communications/{accountNumber}/AdminUsers
POST /api/EndpointNotification/Search
POST /api/MedicalCodes/MedicalCodeSearch
POST /api/clients/{accountNumber}/Provision/{specialty}
POST /api/rate-limit
PUT /api/Clients/{accountNumber}/Features/{id}
PUT /api/Clients/{accountNumber}/Features/{id}/{flagState}

Found on 2026-01-09 02:02

Create report

Open service 18.66.192.13:443 · nextech.com

2026-01-12 18:34

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 191
Connection: close
Date: Mon, 12 Jan 2026 01:02:14 GMT
Last-Modified: Mon, 10 Aug 2020 02:22:44 GMT
ETag: "93aac181795b4b078e912b1169fd6aea"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 28e56b9ddced4ed414e75f87cbd0d976.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: 9rThPRTjMBQ0Ouyslu8ZFev8bgUvPmRXNNCQW6KsNRiTzM_d3tmLbA==
Age: 63130

Page title: Nextech.com Redirect

<html>
  <head>
    <title>Nextech.com Redirect</title>
    <META http-equiv="refresh" content="0;URL=https://www.nextech.com">
  </head>
  <body bgcolor="#ffffff">
  </body>
</html>

Found 2 days ago by HttpPlugin