Domain synapse.api.dev.sdocs.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-30 00:40
Last seen 2026-01-08 23:59
Open for 70 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b49bd6e4bc172a02011a441220ede2d3b113b6a9aPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /connectedApp/{connectedAppId}/asset/{assetId}/platformInfo GET /connectedApp/{connectedAppId}/data/file GET /connectedApp/{connectedAppId}/data/user/{userEmail} GET /connectedApp/{connectedAppId}/data/{objectApiName}/{fieldApiName} GET /connectedApp/{connectedAppId}/metadata/assets GET /connectedApp/{connectedAppId}/metadata/objects GET /connectedApp/{connectedAppId}/metadata/objects/{objectApiName} GET /connectedApp/{connectedAppId}/metadata/objects/{objectApiName}/relationships GET /connectedApp/{connectedAppId}/metadata/objects/{objectApiName}/{fieldApiName}/options PATCH /connectedApp/{connectedAppId}/{objectApiName}/{objectId} POST /connectedApp POST /connectedApp/{connectedAppId}/connections POST /connectedApp/{connectedAppId}/data/objects/{objectApiName}/records/{recordId}/file POST /connectedApp/{connectedAppId}/data/{objectApiName}/{objectId} POST /connectedApp/{connectedAppId}/disconnect POST /connectedApp/{connectedAppId}/messaging/{msgType} POST /connectedApp/{connectedAppId}/startRecipes POST /connectedApp/{connectedAppId}/workflow/callbackFound on 2026-01-08 23:59
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-30 00:40
Last seen 2026-01-09 06:43
Open for 71 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b49bd6e4bc172a02011a441220ede2d3b113b6a9aPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /connectedApp/{connectedAppId}/asset/{assetId}/platformInfo GET /connectedApp/{connectedAppId}/data/file GET /connectedApp/{connectedAppId}/data/user/{userEmail} GET /connectedApp/{connectedAppId}/data/{objectApiName}/{fieldApiName} GET /connectedApp/{connectedAppId}/metadata/assets GET /connectedApp/{connectedAppId}/metadata/objects GET /connectedApp/{connectedAppId}/metadata/objects/{objectApiName} GET /connectedApp/{connectedAppId}/metadata/objects/{objectApiName}/relationships GET /connectedApp/{connectedAppId}/metadata/objects/{objectApiName}/{fieldApiName}/options PATCH /connectedApp/{connectedAppId}/{objectApiName}/{objectId} POST /connectedApp POST /connectedApp/{connectedAppId}/connections POST /connectedApp/{connectedAppId}/data/objects/{objectApiName}/records/{recordId}/file POST /connectedApp/{connectedAppId}/data/{objectApiName}/{objectId} POST /connectedApp/{connectedAppId}/disconnect POST /connectedApp/{connectedAppId}/messaging/{msgType} POST /connectedApp/{connectedAppId}/startRecipes POST /connectedApp/{connectedAppId}/workflow/callbackFound on 2026-01-09 06:43
-
-
Open service 3.33.241.96:80 · synapse.api.dev.sdocs.com
2026-01-09 06:43
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Fri, 09 Jan 2026 06:44:44 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gGxbo1IbCVmrN2TFHBXTZtmwfmLIrcCwBqZY6uE6Kc4%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767941084"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gGxbo1IbCVmrN2TFHBXTZtmwfmLIrcCwBqZY6uE6Kc4%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767941084" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2026-01-09T06:44:44.976401690Z","message":"Missing internal API key","description":"uri=/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 76.223.57.73:443 · synapse.api.dev.sdocs.com
2026-01-08 23:59
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Thu, 08 Jan 2026 23:59:31 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=eTkZE6hDhsyE4dBws6de0oxMIWqnhZiejg4mUNm8NDw%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767916771"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=eTkZE6hDhsyE4dBws6de0oxMIWqnhZiejg4mUNm8NDw%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767916771" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2026-01-08T23:59:31.891242295Z","message":"Missing internal API key","description":"uri=/"}Found 2026-01-08 by HttpPluginCreate report
-
Open service 3.33.241.96:80 · synapse.api.dev.sdocs.com
2026-01-02 02:36
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Fri, 02 Jan 2026 02:36:29 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Wt96upNEC3aPOG2Nq41dF6dFhFKzr40HINQ8DiiVMU0%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767321389"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Wt96upNEC3aPOG2Nq41dF6dFhFKzr40HINQ8DiiVMU0%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767321389" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2026-01-02T02:36:29.936219840Z","message":"Missing internal API key","description":"uri=/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 76.223.57.73:443 · synapse.api.dev.sdocs.com
2026-01-02 01:28
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Fri, 02 Jan 2026 01:28:22 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=u5%2B4qiLQ4lQEBQNblxMHjYkHUNp7tfM%2FEJUmKGEA0ig%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767317302"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=u5%2B4qiLQ4lQEBQNblxMHjYkHUNp7tfM%2FEJUmKGEA0ig%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767317302" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2026-01-02T01:28:22.853273209Z","message":"Missing internal API key","description":"uri=/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.33.241.96:80 · synapse.api.dev.sdocs.com
2025-12-23 04:17
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Tue, 23 Dec 2025 04:17:06 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=bJ7FHTXk%2FuNDyk6WdBVk2dRbybbYOJIfTVtbxxxJ%2FpA%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766463426"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=bJ7FHTXk%2FuNDyk6WdBVk2dRbybbYOJIfTVtbxxxJ%2FpA%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766463426" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2025-12-23T04:17:06.449565505Z","message":"Missing internal API key","description":"uri=/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 76.223.57.73:443 · synapse.api.dev.sdocs.com
2025-12-23 00:07
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Tue, 23 Dec 2025 00:08:00 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=97EuFTIjr5l4rdESXcN5AzaSSrqvrDV8hneYdHWWlbc%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766448480"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=97EuFTIjr5l4rdESXcN5AzaSSrqvrDV8hneYdHWWlbc%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766448480" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2025-12-23T00:08:00.129782375Z","message":"Missing internal API key","description":"uri=/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 76.223.57.73:443 · synapse.api.dev.sdocs.com
2025-12-21 01:49
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Sun, 21 Dec 2025 01:49:55 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BMXdLiTiWxp6FwxeH9uPQVktIWk2wudIOnRsD2TFnBA%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766281795"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BMXdLiTiWxp6FwxeH9uPQVktIWk2wudIOnRsD2TFnBA%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766281795" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2025-12-21T01:49:55.251509672Z","message":"Missing internal API key","description":"uri=/"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 3.33.241.96:80 · synapse.api.dev.sdocs.com
2025-12-20 16:22
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Sat, 20 Dec 2025 16:22:09 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=nsuO2jlN%2BsoYbtLhuT0bCbC12oUdehVaMA%2B7nwYo7Vs%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766247729"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=nsuO2jlN%2BsoYbtLhuT0bCbC12oUdehVaMA%2B7nwYo7Vs%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766247729" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2025-12-20T16:22:09.063123609Z","message":"Missing internal API key","description":"uri=/"}Found 2025-12-20 by HttpPluginCreate report
-
Open service 76.223.57.73:443 · synapse.api.dev.sdocs.com
2025-12-19 04:59
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Fri, 19 Dec 2025 04:59:42 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Cz6BEg24PqAJKqarr7xKNyz4nsP1W0V2LcKhkpG0as0%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766120382"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Cz6BEg24PqAJKqarr7xKNyz4nsP1W0V2LcKhkpG0as0%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766120382" Server: Heroku Via: 1.1 heroku-router Content-Length: 121 Connection: close {"success":false,"timeStamp":"2025-12-19T04:59:42.184368166Z","message":"Missing internal API key","description":"uri=/"}Found 2025-12-19 by HttpPluginCreate report