{
  "info": {
    "description": "Internal API for PenTrix Corp portal",
    "title": "PenTrix Internal API",
    "version": "2.0.0"
  },
  "openapi": "3.0.0",
  "paths": {
    "/api/cors/steal": {
      "get": {
        "summary": "CORS+CSRF chain demo",
        "tags": [
          "CORS"
        ]
      }
    },
    "/api/cors/test": {
      "get": {
        "summary": "CORS configuration test",
        "tags": [
          "CORS"
        ]
      }
    },
    "/api/graphql": {
      "post": {
        "summary": "GraphQL endpoint with introspection",
        "tags": [
          "GraphQL"
        ]
      }
    },
    "/api/key/verify": {
      "get": {
        "summary": "Verify API key",
        "tags": [
          "Auth"
        ]
      }
    },
    "/api/private/export": {
      "get": {
        "summary": "Export private user data",
        "tags": [
          "Export"
        ]
      }
    },
    "/api/rate-test": {
      "get": {
        "summary": "Rate limit test",
        "tags": [
          "Testing"
        ]
      }
    },
    "/api/reports/{id}": {
      "get": {
        "summary": "Access reports by ID",
        "tags": [
          "Reports"
        ]
      }
    },
    "/api/users": {
      "get": {
        "summary": "List all users (NO AUTH REQUIRED)",
        "tags": [
          "Users"
        ]
      }
    },
    "/api/users/{id}": {
      "get": {
        "summary": "Get user by ID",
        "tags": [
          "Users"
        ]
      },
      "patch": {
        "summary": "Update user fields (mass assignment vulnerable)",
        "tags": [
          "Users"
        ]
      }
    },
    "/api/v1/config": {
      "get": {
        "summary": "Deprecated config endpoint",
        "tags": [
          "Config"
        ]
      }
    },
    "/api/v2/internal": {
      "get": {
        "summary": "Internal salary data",
        "tags": [
          "Internal"
        ]
      }
    }
  }
}