Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496d7a13db3dd750fd35d9ed8cc93324b038c018f5
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /reports/{reportId}/bookmarks/removeSpecificUsers
DELETE /reports/{reportId}/unshare
GET /
GET /assets
GET /branding
GET /configuration
GET /dashboards
GET /dashboards/{dashboardId}
GET /datasets
GET /datasets/{datasetId}
GET /exportHistory
GET /reports
GET /reports/shared
GET /reports/{reportId}
GET /reports/{reportId}/bookmarks
GET /reports/{reportId}/bookmarks/{bookmarkId}
GET /reports/{reportId}/bookmarks/{reportBookmarkId}/getSpecificUsers
GET /reports/{reportId}/shared-with
GET /reports/{reportId}/subscriptions
GET /stagedUsers/all
GET /stagedUsers/by-email
GET /tenants/{tenantId}/themes
GET /tenants/{tenantId}/themes/{themeId}
GET /userDetail
GET /userSubscriptions
GET /workspace/{workspaceId}/dataset/{datasetId}/datasetSchema
GET /workspace/{workspaceId}/dataset/{datasetId}/permissions
PATCH /users/me/preferences
POST /assetsWithEmbedToken
POST /dashboards/generateEmbedToken
POST /datasets/generateEmbedTokenForCreate
POST /downloadFile
POST /downloadFile/{fileName}
POST /export
POST /exportStatus
POST /reports/generateEmbedToken
POST /reports/{reportId}/bookmarks/shareWithSpecificUsers
POST /reports/{reportId}/parameters
POST /reports/{reportId}/save
POST /reports/{reportId}/share
POST /sendemail/{reportSubscriptionId}
POST /visualExport
POST /workspace/{workspaceId}/dataset/{datasetId}/column
POST /workspace/{workspaceId}/dataset/{datasetId}/columns/generateDax
POST /workspace/{workspaceId}/dataset/{datasetId}/executeDax
POST /workspace/{workspaceId}/dataset/{datasetId}/measure
POST /workspace/{workspaceId}/dataset/{datasetId}/measures/generateDax
POST /workspace/{workspaceId}/dataset/{datasetId}/relationship
POST /workspace/{workspaceId}/dataset/{datasetId}/table
POST /workspace/{workspaceId}/dataset/{datasetId}/table/generateDax
PUT /assets/assetDescription
PUT /reports/{reportId}/subscriptions/{reportSubscriptionId}
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496d7a13db3dd750fd48ec12df08facf1f2b829600
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /reports/{reportId}/bookmarks/removeSpecificUsers
DELETE /reports/{reportId}/unshare
GET /assets
GET /branding
GET /configuration
GET /dashboards
GET /dashboards/{dashboardId}
GET /datasets
GET /datasets/{datasetId}
GET /exportHistory
GET /reports
GET /reports/shared
GET /reports/{reportId}
GET /reports/{reportId}/bookmarks
GET /reports/{reportId}/bookmarks/{bookmarkId}
GET /reports/{reportId}/bookmarks/{reportBookmarkId}/getSpecificUsers
GET /reports/{reportId}/shared-with
GET /reports/{reportId}/subscriptions
GET /stagedUsers/all
GET /stagedUsers/by-email
GET /tenants/{tenantId}/themes
GET /tenants/{tenantId}/themes/{themeId}
GET /userDetail
GET /userSubscriptions
GET /workspace/{workspaceId}/dataset/{datasetId}/datasetSchema
GET /workspace/{workspaceId}/dataset/{datasetId}/permissions
PATCH /users/me/preferences
POST /assetsWithEmbedToken
POST /dashboards/generateEmbedToken
POST /datasets/generateEmbedTokenForCreate
POST /downloadFile
POST /downloadFile/{fileName}
POST /export
POST /exportStatus
POST /reports/generateEmbedToken
POST /reports/{reportId}/bookmarks/shareWithSpecificUsers
POST /reports/{reportId}/parameters
POST /reports/{reportId}/save
POST /reports/{reportId}/share
POST /sendemail/{reportSubscriptionId}
POST /visualExport
POST /workspace/{workspaceId}/dataset/{datasetId}/column
POST /workspace/{workspaceId}/dataset/{datasetId}/columns/generateDax
POST /workspace/{workspaceId}/dataset/{datasetId}/executeDax
POST /workspace/{workspaceId}/dataset/{datasetId}/measure
POST /workspace/{workspaceId}/dataset/{datasetId}/measures/generateDax
POST /workspace/{workspaceId}/dataset/{datasetId}/relationship
POST /workspace/{workspaceId}/dataset/{datasetId}/table
POST /workspace/{workspaceId}/dataset/{datasetId}/table/generateDax
PUT /assets/assetDescription
PUT /reports/{reportId}/subscriptions/{reportSubscriptionId}