🔮 Discover Hidden APIs on Any Website & Generate OpenAPI Specs Automatically
A powerful Chrome extension that transforms your browsing into API documentation
🚀 Quick Start • 📖 How It Works • 🎯 Use Cases • 🛠️ Installation
- Hidden APIs exist on every website but are undocumented
- Manual API discovery is time-consuming and error-prone
- Developers need structured API documentation for integration
This Chrome extension automatically:
- 🕵️ Monitors network traffic in real-time
- 🔍 Discovers API endpoints and patterns
- 📝 Generates OpenAPI 3.0+ specifications
- 💾 Exports ready-to-use documentation
graph LR
A[🌐 Browse Website] --> B[🔍 Start Discovery]
B --> C[📡 Monitor Network]
C --> D[🎯 Detect APIs]
D --> E[📊 Analyze Patterns]
E --> F[📋 Generate OpenAPI]
F --> G[💾 Export YAML/JSON]
style A fill:#e1f5fe
style B fill:#f3e5f5
style C fill:#e8f5e8
style D fill:#fff3e0
style E fill:#fce4ec
style F fill:#f1f8e9
style G fill:#e0f2f1
-
🌐 Browse Any Website
- Navigate to any site with API calls
- No special setup required
-
🔍 Start Discovery
- Click extension icon
- Toggle "Start Discovery"
- Real-time monitoring begins
-
📡 Monitor Network Traffic
- Captures XHR/Fetch requests
- Analyzes HTTP methods, paths, parameters
- Tracks response patterns
-
🎯 Detect API Endpoints
- Identifies RESTful patterns
- Groups by base URL
- Infers parameter types
-
📊 Analyze Patterns
- Path templating (e.g.,
/users/{id}) - Query parameter inference
- Response schema detection
- Path templating (e.g.,
-
📋 Generate OpenAPI Spec
- Creates valid OpenAPI 3.0+ specification
- Includes paths, parameters, schemas
- Adds operation descriptions
-
💾 Export Documentation
- Download as YAML or JSON
- Ready for Swagger, Postman, or Jentic
- Includes sanitized examples
- Automatic Discovery: No manual configuration needed
- Pattern Recognition: Identifies RESTful and custom API patterns
- Real-time Monitoring: Live endpoint counter and updates
- Multi-format Support: JSON, XML, GraphQL detection
- Path Templating: Converts
/users/123→/users/{id} - Parameter Inference: Detects query params, headers, body data
- Schema Generation: Creates request/response schemas
- Authentication Detection: Identifies auth patterns (safely)
- Local Processing: All data stays in your browser
- Data Sanitization: Automatically redacts sensitive information
- No External Calls: Works completely offline
- Secure Storage: Uses Chrome's secure storage API
- Multiple Formats: YAML and JSON export
- OpenAPI 3.0+: Industry-standard specification
- Tool Integration: Works with Swagger, Postman, Jentic
- Custom Naming: Timestamped files with hostname
# Clone the repository
git clone https://github.com/yourusername/chrome-api-discovery.git
cd chrome-api-discovery- Open
chrome://extensions/ - Enable Developer mode (top right toggle)
- Click Load unpacked
- Select the project folder
- Click the extension icon in your toolbar
- Click Start Discovery
- Browse any website with API calls
- Watch the endpoint counter increase
- Click Export to download OpenAPI specs
- API Integration: Discover undocumented APIs for third-party integration
- Reverse Engineering: Understand how web applications work
- Documentation: Generate API docs for internal tools
- Testing: Create test suites from discovered endpoints
- API Analysis: Study API patterns and trends
- Security Research: Identify potential API vulnerabilities
- Competitive Analysis: Understand competitor API structures
- Auto-documentation: Generate specs for legacy systems
- API Cataloging: Build comprehensive API inventories
- Standards Compliance: Ensure OpenAPI specification compliance
- API Testing: Create automated test scenarios
- Monitoring: Track API changes and versions
- Integration Testing: Validate API contracts
graph TB
subgraph "User Interface"
P[Popup UI]
I[Extension Icon]
end
subgraph "Core Engine"
B[Background Service Worker]
C[Content Script]
L[Library Modules]
end
subgraph "Data Processing"
AP[API Analyzer]
OG[OpenAPI Generator]
ST[Storage Manager]
end
subgraph "Output"
YAML[YAML Export]
JSON[JSON Export]
SPEC[OpenAPI Specs]
end
I --> P
P <--> B
B --> C
C --> AP
AP --> OG
OG --> ST
ST --> SPEC
SPEC --> YAML
SPEC --> JSON
style P fill:#e1f5fe
style B fill:#f3e5f5
style C fill:#e8f5e8
style AP fill:#fff3e0
style OG fill:#fce4ec
style ST fill:#f1f8e9
- HTTP Methods: GET, POST, PUT, DELETE, PATCH
- URL Patterns: RESTful and custom routing
- Status Codes: Success and error responses
- Content Types: JSON, XML, form data
- Query Parameters: Names, types, examples
- Headers: Authentication, content-type, custom headers
- Body Data: JSON schemas, form fields
- Path Parameters: Dynamic URL segments
- Response Structure: JSON/XML schemas
- Status Patterns: Success/error handling
- Content Examples: Sanitized sample data
- Headers: Response metadata
- Local Storage: All data stays in your browser
- No External Transmission: Zero data sent to external servers
- Automatic Redaction: Sensitive data automatically masked
- Secure Permissions: Minimal required permissions
// Automatic redaction of sensitive data
const sensitiveHeaders = [
'authorization', 'cookie', 'x-api-key',
'x-csrf-token', 'x-auth-token'
];
// PII detection and redaction
const piiPatterns = [
/[\w.-]+@[\w.-]+\.\w+/, // Emails
/\b\d{3}-\d{3}-\d{4}\b/, // Phone numbers
/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/ // IPs
];openapi: 3.0.3
info:
title: Discovered API - example.com
version: 0.1.0
description: Auto-generated from network traffic
servers:
- url: https://api.example.com
paths:
/users:
get:
operationId: getUsers
tags: [users]
parameters:
- in: query
name: page
schema: { type: integer, example: 1 }
- in: query
name: limit
schema: { type: integer, example: 10 }
responses:
"200":
description: List of users
content:
application/json:
schema:
type: object
properties:
users:
type: array
items:
$ref: "#/components/schemas/User"
/users/{id}:
get:
operationId: getUserById
tags: [users]
parameters:
- in: path
name: id
required: true
schema: { type: string }
responses:
"200":
description: User details
components:
schemas:
User:
type: object
properties:
id: { type: string, example: "123" }
name: { type: string, example: "John Doe" }
email: { type: string, example: "[REDACTED]" }- GitHub: Repository APIs, user data
- Reddit: Post fetching, user interactions
- News Sites: Article APIs, search functionality
- E-commerce: Product catalogs, search APIs
- Social Media: Feed APIs, user interactions
- REST APIs: Standard HTTP-based APIs
- Custom APIs: Non-standard API patterns
- GraphQL: Query-based APIs (basic support)
- Internal APIs: Company-specific endpoints
- Real-time Updates: Live endpoint counter
- Visual Feedback: Clear status indicators
- Export Options: YAML and JSON formats
- Data Management: Clear and reset functionality
- OpenAPI Validation: Ensures spec compliance
- Schema Inference: Automatic type detection
- Parameter Analysis: Query, path, header detection
- Response Mapping: Success/error pattern recognition
- Discovery Statistics: Endpoint counts and patterns
- Performance Metrics: Processing time and efficiency
- Pattern Recognition: Common API structures
- Trend Analysis: Usage patterns over time
- Swagger Editor: Direct import and validation
- Postman: Import collections from OpenAPI specs
- Jentic: API documentation platform integration
- Insomnia: API client integration
# YAML Export
openapi-example.com-2024-01-15.yaml
# JSON Export
openapi-example.com-2024-01-15.json
# Both include:
# - Complete OpenAPI 3.0+ specification
# - Sanitized examples and schemas
# - Timestamp and hostname metadata- Chrome 126+: Latest browser version
- Developer Mode: For local extension loading
- Network Access: To monitor web requests
- webRequest: Monitor HTTP(S) traffic
- storage: Save discovered data locally
- activeTab: Interact with current page
- downloads: Export generated files
- Demo Page:
test-demo.htmlfor testing - Validation: Online OpenAPI validators
- Integration: Import into development tools
- 🔄 Zero Configuration: Works out of the box
- 🛡️ Privacy First: No data leaves your browser
- 📊 Comprehensive: Captures all API patterns
- 🚀 Fast: Real-time processing and updates
- 📝 Standards Compliant: OpenAPI 3.0+ output
- API Developers: Discover undocumented endpoints
- Integration Teams: Understand third-party APIs
- Security Researchers: Analyze API structures
- Documentation Teams: Auto-generate API docs
Ready to discover hidden APIs?
📥 Download & Install • 📖 View Documentation • 🐛 Report Issues
Transform your browsing into API documentation with just one click!
Made with ❤️ for the developer community
