Found a real problem? Tell us plainly.

We welcome good-faith reports about DemoAPI.org. Please avoid viewing data that is not yours or interrupting the public service.

Current version

15 July 2026

Report an issue

Email sohagan@aiembeddedsystems.com with the affected URL, a short impact statement, and steps that do not include live credentials. We will acknowledge a useful report as soon as practical.

A machine-readable contact is available at /.well-known/security.txt.

Good-faith testing

Stay within DemoAPI.org and your own listing data. Do not test denial of service, social engineering, physical security, third-party providers, or any API shown in a submitted URL. Do not exfiltrate, alter, or retain other people’s data.

Current boundaries

Built-in demos have fixed same-origin destinations, strict JSON validation, a 32 KB request cap, short errors, and no secret-bearing headers. Submitted URLs are stored as text for manual review and are not fetched by the form endpoint.