Domain sape-api-selfservice.citbank.com
Germany
Akamai International B.V.
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 2.20.142.9
Domain: sape-api-selfservice.citbank.com
Port: 443
URL: https://sape-api-selfservice.citbank.comFirst seen 2025-10-14 15:00
Last seen 2025-12-16 14:03
Open for 62 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a4839f52f19e383c83da541842e1354edab959f6Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/AccountClosure/GetAccountClosureSwitch GET /api/AccountClosure/GetExistingAccountsForClosure GET /api/AccountClosure/GetExternalAccountsForClosure GET /api/AccountClosure/IsAccountClosureSwitchEnabled GET /api/AppHelper/DeleteSession GET /api/AppHelper/GetAnalyticsGuid GET /api/AppHelper/GetCookieAttributes GET /api/AppHelper/IsExistingCustomer GET /api/AppHelper/IsSSOUserFlag GET /api/Applicant/GetCustomerDetails GET /api/Applicant/GetFakeSSNList GET /api/Beneficiary/GetAllExistingAccounts GET /api/Beneficiary/GetAllExistingAccountsAndBeneficiaries GET /api/Beneficiary/GetSingleExistingAccountBeneficiaries GET /api/CustomerRetentionOffer/GetCustomerRetentionOfferDetails GET /api/CustomerRetentionOffer/UpdateOfferStatusAccepted GET /api/ErrorLog/EndSesion GET /api/ExistingCustomerDashboard/GetExistingCustomerAccounts GET /api/ExistingCustomerDashboard/GetExistingCustomerDashboardInfo GET /api/ExistingCustomerDashboard/GetExistingCustomerDocuments GET /api/ExistingCustomerDashboard/GetExistingOAODocuments GET /api/ExistingCustomerDashboard/GetFile GET /api/ExistingCustomerDashboard/GetFileContent GET /api/ExistingCustomerDashboard/ProductDisclosureDocument GET /api/ExistingCustomerDashboard/PromotionDisclosureDocument GET /api/Lookup/GetCustomerLookup GET /api/Lookup/GetDocumentCategories GET /api/MaturingCD/GetCDProducts GET /api/MaturingCD/GetCdAccountDetails GET /api/MaturingCD/GetCustomerforAgreements GET /api/MaturingCD/GetExistingCustomerDetails GET /api/MaturingCD/GetExistingInternalCDAccounts GET /api/MaturingCD/GetExistingSavingsAccounts GET /api/MaturingCD/GetRecentMailAddressByAccountNumber GET /api/MaturingCD/GetTransferOptions GET /api/MaturingCD/IsManageCDOn GET /api/MaturingCD/IsUserHaveExternalAccounts GET /api/Offer/GetAllOfferCategories GET /api/Offer/GetAllOffers GET /api/Offer/GetOffer GET /api/SSP/GetIsD1Flag GET /api/Schedule/GetAssetsLiabilitiesAndAccounts GET /api/Schedule/GetCustomerScheduleInfo GET /api/Schedule/LookupDetails GET /api/Schedule/ScheduleConfirmation GET /api/Schedule/TestAuth GET /api/SelfService/GetDeepLinkAccountNumber GET /api/SelfService/GetExistingCustomerSelfServiceInfo GET /api/SelfService/GetFISDownStatus GET /api/SelfService/GetMobilePartnerOfferExternalBrowserSwitch GET /api/SelfService/GetWireTransferSwitch GET /api/SelfService/PreMaintenanceSwitch GET /api/Status/GetAppHealthCheck GET /api/Status/GetWealthInternalAppHealthCheck GET /api/Status/GetWealthInternalAppHealthCheckViaProxyService GET /api/WireTransfer/CheckWireRequestCompleteStatus GET /api/WireTransfer/GetDocumentGuid GET /api/WireTransfer/GetExistingAccountsForWireTransfer GET /api/WireTransfer/GetExternalBankDetailsByRoutingNumber GET /api/WireTransfer/GetWireDate GET /api/WireTransfer/GetWireFeeConfigurations GET /api/WireTransfer/GetWireTransferPurposes GET /api/WireTransfer/GetWireTransferRecipients POST /OAOSSO/Auth POST /OAOSSO/Consumer POST /api/AccountClosure/BadMailCodeInquiryForMailACheck POST /api/AccountClosure/ConfirmAccountClosure POST /api/AppHelper/ExtendSession POST /api/Beneficiary/AddBeneficiariesToAccountAsync POST /api/Beneficiary/RemoveBeneficiaryFromAccount POST /api/Beneficiary/ValidApplicantAddress POST /api/Beneficiary/ValidateBeneficiaryNameSSNDOB POST /api/ErrorLog/LogError POST /api/ExistingCustomerDashboard/DeleteCustomerDocument POST /api/ExistingCustomerDashboard/InitiateBannerOfferOAORequest POST /api/ExistingCustomerDashboard/InitiateOAORequest POST /api/ExistingCustomerDashboard/InitiateWealthOAORequest POST /api/ExistingCustomerDashboard/UploadCustomerDocuments POST /api/MaturingCD/ConfirmExistingSavingsTransfer POST /api/MaturingCD/InitializeNewAccountInternalTransfer POST /api/MaturingCD/MaturingCDRetention POST /api/MaturingCD/RenegotiateMaturingCD POST /api/MaturingCD/SaveMailACheck POST /api/MaturingCD/SaveManageCDRequest POST /api/MaturingCD/UpdateBackupWithholding POST /api/MaturingCD/UpdateESignPrivacyNoticeConsumerReportFlag POST /api/MaturingCD/UpdateEsignConsent POST /api/Offer/OfferEventUpdate POST /api/SSP/CeBMobileAuth POST /api/SSP/DigitalAuth POST /api/SSP/GetAccountClosureOffers POST /api/SSP/GetCustomerOffers POST /api/SSP/GetCustomerRetentionOffers POST /api/SSP/OAOSSPAuth POST /api/SSP/SetAccountClosureOfferStatus POST /api/SSP/SetRetentionOfferTransferStatus POST /api/SSP/ValidateSAML POST /api/SSPActivityLog/InsertSSPActivityLog POST /api/Schedule/Assets POST /api/Schedule/Liabilities POST /api/Schedule/RiskToleranceAndRetirement POST /api/Schedule/ScheduleInfo POST /api/SmartSaver/GetSmartSavingsProjection POST /api/SmartSaver/SaveSmartSaverEnrollmentInfo POST /api/Splash/AddSplashCustomers POST /api/Splash/AddSplashPages POST /api/Splash/AddSplashPresentationStatus POST /api/Wealth/SaveWealthContactForm POST /api/WireTransfer/DeleteWireTransferRecipient POST /api/WireTransfer/GenerateOTP POST /api/WireTransfer/GetCustomerPhoneNumbers POST /api/WireTransfer/InitWireTransfer POST /api/WireTransfer/SaveWireTransferRecipient POST /api/WireTransfer/UpdateDisclosure POST /api/WireTransfer/UpdateWireTransferRecipient POST /api/WireTransfer/VerifyOTP
Found on 2025-12-16 14:03 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a4839f52f19e383c83da541842e1354e86da6127Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/AccountClosure/GetAccountClosureSwitch GET /api/AccountClosure/GetExistingAccountsForClosure GET /api/AccountClosure/GetExternalAccountsForClosure GET /api/AccountClosure/IsAccountClosureSwitchEnabled GET /api/AppHelper/DeleteSession GET /api/AppHelper/GetAnalyticsGuid GET /api/AppHelper/GetCookieAttributes GET /api/AppHelper/IsExistingCustomer GET /api/AppHelper/IsSSOUserFlag GET /api/Applicant/GetCustomerDetails GET /api/Applicant/GetFakeSSNList GET /api/Beneficiary/GetAllExistingAccounts GET /api/Beneficiary/GetAllExistingAccountsAndBeneficiaries GET /api/Beneficiary/GetSingleExistingAccountBeneficiaries GET /api/CustomerRetentionOffer/GetCustomerRetentionOfferDetails GET /api/CustomerRetentionOffer/UpdateOfferStatusAccepted GET /api/ErrorLog/EndSesion GET /api/ExistingCustomerDashboard/GetExistingCustomerAccounts GET /api/ExistingCustomerDashboard/GetExistingCustomerDashboardInfo GET /api/ExistingCustomerDashboard/GetExistingCustomerDocuments GET /api/ExistingCustomerDashboard/GetExistingOAODocuments GET /api/ExistingCustomerDashboard/GetFile GET /api/ExistingCustomerDashboard/ProductDisclosureDocument GET /api/ExistingCustomerDashboard/PromotionDisclosureDocument GET /api/Lookup/GetCustomerLookup GET /api/Lookup/GetDocumentCategories GET /api/MaturingCD/GetCDProducts GET /api/MaturingCD/GetCdAccountDetails GET /api/MaturingCD/GetCustomerforAgreements GET /api/MaturingCD/GetExistingCustomerDetails GET /api/MaturingCD/GetExistingInternalCDAccounts GET /api/MaturingCD/GetExistingSavingsAccounts GET /api/MaturingCD/GetRecentMailAddressByAccountNumber GET /api/MaturingCD/GetTransferOptions GET /api/MaturingCD/IsManageCDOn GET /api/MaturingCD/IsUserHaveExternalAccounts GET /api/Offer/GetAllOfferCategories GET /api/Offer/GetAllOffers GET /api/Offer/GetOffer GET /api/SSP/GetIsD1Flag GET /api/Schedule/GetAssetsLiabilitiesAndAccounts GET /api/Schedule/GetCustomerScheduleInfo GET /api/Schedule/LookupDetails GET /api/Schedule/ScheduleConfirmation GET /api/Schedule/TestAuth GET /api/SelfService/GetDeepLinkAccountNumber GET /api/SelfService/GetExistingCustomerSelfServiceInfo GET /api/SelfService/GetFISDownStatus GET /api/SelfService/GetMobilePartnerOfferExternalBrowserSwitch GET /api/SelfService/GetWireTransferSwitch GET /api/SelfService/PreMaintenanceSwitch GET /api/Status/GetAppHealthCheck GET /api/Status/GetWealthInternalAppHealthCheck GET /api/Status/GetWealthInternalAppHealthCheckViaProxyService GET /api/WireTransfer/CheckWireRequestCompleteStatus GET /api/WireTransfer/GetDocumentGuid GET /api/WireTransfer/GetExistingAccountsForWireTransfer GET /api/WireTransfer/GetExternalBankDetailsByRoutingNumber GET /api/WireTransfer/GetWireDate GET /api/WireTransfer/GetWireFeeConfigurations GET /api/WireTransfer/GetWireTransferPurposes GET /api/WireTransfer/GetWireTransferRecipients POST /OAOSSO/Auth POST /OAOSSO/Consumer POST /api/AccountClosure/BadMailCodeInquiryForMailACheck POST /api/AccountClosure/ConfirmAccountClosure POST /api/AppHelper/ExtendSession POST /api/Beneficiary/AddBeneficiariesToAccountAsync POST /api/Beneficiary/RemoveBeneficiaryFromAccount POST /api/Beneficiary/ValidApplicantAddress POST /api/Beneficiary/ValidateBeneficiaryNameSSNDOB POST /api/ErrorLog/LogError POST /api/ExistingCustomerDashboard/DeleteCustomerDocument POST /api/ExistingCustomerDashboard/InitiateBannerOfferOAORequest POST /api/ExistingCustomerDashboard/InitiateOAORequest POST /api/ExistingCustomerDashboard/InitiateWealthOAORequest POST /api/ExistingCustomerDashboard/UploadCustomerDocuments POST /api/MaturingCD/ConfirmExistingSavingsTransfer POST /api/MaturingCD/InitializeNewAccountInternalTransfer POST /api/MaturingCD/MaturingCDRetention POST /api/MaturingCD/RenegotiateMaturingCD POST /api/MaturingCD/SaveMailACheck POST /api/MaturingCD/SaveManageCDRequest POST /api/MaturingCD/UpdateBackupWithholding POST /api/MaturingCD/UpdateESignPrivacyNoticeConsumerReportFlag POST /api/MaturingCD/UpdateEsignConsent POST /api/Offer/OfferEventUpdate POST /api/SSP/CeBMobileAuth POST /api/SSP/DigitalAuth POST /api/SSP/GetAccountClosureOffers POST /api/SSP/GetCustomerOffers POST /api/SSP/GetCustomerRetentionOffers POST /api/SSP/OAOSSPAuth POST /api/SSP/SetAccountClosureOfferStatus POST /api/SSP/SetRetentionOfferTransferStatus POST /api/SSP/ValidateSAML POST /api/SSPActivityLog/InsertSSPActivityLog POST /api/Schedule/Assets POST /api/Schedule/Liabilities POST /api/Schedule/RiskToleranceAndRetirement POST /api/Schedule/ScheduleInfo POST /api/SmartSaver/GetSmartSavingsProjection POST /api/SmartSaver/SaveSmartSaverEnrollmentInfo POST /api/Splash/AddSplashCustomers POST /api/Splash/AddSplashPages POST /api/Splash/AddSplashPresentationStatus POST /api/Wealth/SaveWealthContactForm POST /api/WireTransfer/DeleteWireTransferRecipient POST /api/WireTransfer/GenerateOTP POST /api/WireTransfer/GetCustomerPhoneNumbers POST /api/WireTransfer/InitWireTransfer POST /api/WireTransfer/SaveWireTransferRecipient POST /api/WireTransfer/UpdateDisclosure POST /api/WireTransfer/UpdateWireTransferRecipient POST /api/WireTransfer/VerifyOTP
Found on 2025-11-23 10:00
-