Report an issue
Email sohagan@aiembeddedsystems.com with the affected URL, a short impact statement, and steps that do not include live credentials. We will acknowledge a useful report as soon as practical.
A machine-readable contact is available at /.well-known/security.txt.
Good-faith testing
Stay within DemoAPI.org and your own listing data. Do not test denial of service, social engineering, physical security, third-party providers, or any API shown in a submitted URL. Do not exfiltrate, alter, or retain other people’s data.
Current boundaries
Built-in demos have fixed same-origin destinations, strict JSON validation, a 32 KB request cap, short errors, and no secret-bearing headers. Submitted URLs are stored as text for manual review and are not fetched by the form endpoint.