OpenAPI Detection
developer/v1/domain/openapiDiscovers OpenAPI (Swagger) specifications AND GraphQL introspection endpoints on a domain. Parses both JSON and YAML specs, extracts endpoint paths with their HTTP methods, and probes common GraphQL paths to surface schema metadata.
What It Does
Searches for OpenAPI/Swagger files at 22 common locations (/openapi.json, /swagger.json, /api-docs, /.well-known/openapi.json, etc.) — supports OpenAPI 3.1, 3.0, and Swagger 2.0. Parses BOTH JSON and YAML specs (most modern APIs ship YAML-only — Stripe, GitHub, OpenAI). Extracts endpoint paths together with their HTTP methods (GET/POST/PUT/DELETE/etc.) for attack-surface mapping. In parallel, probes 5 common GraphQL endpoints (/graphql, /api/graphql, /v1/graphql, /v2/graphql, /query) with an introspection query; surfaces query type, mutation presence, and total type count. Treats 400/403 responses on GraphQL endpoints as "introspection disabled" — a positive security signal.
Why It's Useful
OpenAPI specifications reveal the complete API structure including endpoints, parameters, and authentication. This is valuable for API integration, security assessment, and competitive analysis.
Use Cases
API Security Assessment
Discover API documentation to understand attack surface.
Map all API endpoints for comprehensive security testing.
Integration Research
Find API documentation for third-party integration.
Quickly locate API specs without searching documentation sites.
Competitive Analysis
Analyze competitor API capabilities through their OpenAPI specs.
Understand competitor API features and structure.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to search for OpenAPI specsExample: api.example.com |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
detected | boolean | Whether an OpenAPI/Swagger spec was found |
specUrl | string | URL of discovered specification |
version | string | Spec version: "openapi-3.1", "openapi-3.0", or "swagger-2.0" |
info | object | API metadata: title, description, version (populated for both JSON and YAML specs) |
endpointCount | number | Number of endpoint paths defined |
paths | array | Discovered endpoint paths, each with the HTTP methods supported: { path: string, methods: string[] } — replaces the previous string[] shape so attack-surface mapping has methods inline |
pathsTruncated | boolean | Whether the paths array was truncated (max 20) |
servers | array | API server URLs |
graphql | object | GraphQL probe result: { detected, endpoint, queryType, mutationTypeCount, typeCount, introspectionDisabled }. `introspectionDisabled: true` means a GraphQL endpoint was found but explicitly refuses the introspection query — positive security posture. |
recommendations | array | API documentation improvement suggestions |
Code Examples
curl "https://api.edgedns.dev/v1/domain/openapi" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=api.example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/openapi?domain=api.example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/openapi',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'api.example.com'
}
)
data = response.json()
print(data)Read the full OpenAPI Detection guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the OpenAPI Detection endpoint live in the playground.