There is some useful information here, but saying docs are more secure than introspection makes no sense. The person can learn about your file upload endpoint through docs. Security through obscurity is not a reasonable security strategy.