{
  "info": {
    "description": "Internal + partner API. (Exposed publicly \u2014 finding.)",
    "title": "Apex Insurance API",
    "version": "2.3.1"
  },
  "openapi": "3.0.0",
  "paths": {
    "/api/account": {
      "get": {
        "summary": "Current account (CORS-open)"
      }
    },
    "/api/admin/export": {
      "get": {
        "summary": "Export all customers (api_key)"
      }
    },
    "/api/admin/payouts": {
      "get": {
        "summary": "Payout totals + customer PII"
      }
    },
    "/api/chat": {
      "post": {
        "summary": "AI assistant"
      }
    },
    "/api/invoices/{id}": {
      "get": {
        "summary": "Get an invoice by id (no auth)"
      }
    },
    "/api/users/{id}": {
      "get": {
        "summary": "Get a user by numeric id (no auth)"
      }
    },
    "/api/v1/customers": {
      "get": {
        "summary": "List all customers (no auth)"
      }
    },
    "/api/v1/profile/{id}": {
      "patch": {
        "summary": "Update profile"
      },
      "post": {
        "summary": "Update profile (mass assignment \u2014 accepts role)"
      },
      "put": {
        "summary": "Update profile"
      }
    },
    "/graphql": {
      "post": {
        "summary": "GraphQL (introspection enabled)"
      }
    },
    "/mcp": {
      "post": {
        "summary": "MCP JSON-RPC endpoint (unauthenticated)"
      }
    }
  },
  "servers": [
    {
      "url": "/"
    }
  ]
}