Show HN: API Parrot – Automatically Reverse Engineer HTTP APIs

Thanks for your interest!

- Is this closed source?

Currently, the code is not open source, but I might open-source parts of it in the future.

- Does it cost money?

The software is free to use. If there is demand, I might create a "pro" version for businesses in the future. However, I intend to always have a free version available for individuals.

- How does it discover data relationships?

I've discussed how it discovers data relationships in the documentation here: https://docs.apiparrot.com/docs/tutorial-extras/exchange-mod....

In short, the tool breaks down the data in the requests and responses into smaller parts by identifying their formats. For example, `["foo", "bar"]` would be recognized as a JSON array and broken down into the elements `"foo"` and `"bar"`. By applying this method recursively, you build a tree-like structure of the data.

If an exact match is found between data in a response from a previous request and data in a subsequent request, a correlation is detected.

Please feel free to ask if you have any more questions!

It's entertaining that Github has become such a common place to find information that even closed source projects put something up there

This might be more useful than the OP. This thing lets you translate HAR to Swagger…

My usual process is Dev tools -> Copy as CURL -> delete unnecessary headers -> translates to requests in python (these days I just use ChatGPT) -> wrap in python sdk for managing auth etc.

The OP’s correlation features are really nice though.

The first and immediate difference for me is the ability to recall the name. I can recall Postman/Insomina fine, and now for API Parrot. I'm never going to be able to recall mitmproxy2swagger.

Unfortunately, names matter.

Probably a dumb question but if my web app uses graphql, how would I go about with the swagger generation?(since its just one endpoint)

Thank you for sharing this though, I was looking for a tool like this :)

And the unreasonable hostility towards macOS will have zero affect because in the end the best product wins.

Did the rise of Windows cause long term harm to past generation of engineers? I doubt it since now Windows, which had a gigantic market share, still was forced to implement Linux "compatibility" for developers.

There are three popular operating systems for the modern developer and it's not unreasonable to ask for a build for all of them when presenting a project to a developer focused community.

Why? I mostly code on Mac and deploy on Linux (or FreeBSD). Never really encountered a situation where programming a web app on Mac has caused issues when deploying to the server.

Or maybe some of the newer generation will take time to update Linux to be more competitive with macOS for developers. Could be a long term win for Linux fans.

Not sad at all! Mac has excellent hardware, excellent reliability, excellent day to day performance. Im not a fanboy, but it won for (IMHO) clear and obvious reasons. Of course folks want a mac app. No comment on the “harm” bit.

I agree, people don't realize the value of not depending on a single company to do their work. We can see this problem even more with LLM code generators.

Nowadays everything runs on docker anyway

Really? In the modern .Net world (originally .Net Core) it's very common for devs to use Windows machines to write code whose CI pipelines and deployed environments are all Linux. I've seen a handful of issues with things like path separators and file system case sensitivity, but we're talking about 3 or 4 minor problems in 6-7 years that I've been using it.

How about a real-world example of the harm you're clutching your pearls over?

Besides, most devs doing web development on Macs are also using Docker, which is always Linux.

conjecture?

Most people scraping sites aren’t writing anything low-level enough to care about the particular flavor of Unix-like OS it runs on.

Yes, I plan to release a macOS version of API Parrot. Unfortunately, I currently don't own a Mac, and since building macOS applications requires one, this has delayed the release. I'm actively exploring solutions, such as accessing a Mac environment remotely or acquiring the necessary hardware.

The macOS version is now available for download at https://apiparrot.com/#download

Please note that since the app isn't code-signed yet, you'll need to remove the quarantine attribute to run it. I've updated the documentation with instructions on how to do this: https://docs.apiparrot.com/docs/getting-started/download-and...

Let me know if you have any questions or run into any issues!

Try a Hackintosh, e.g. as a virtual machine on your Windows or Linux host.

^

I'm curious too

Thanks! I'm glad you like the idea—it sounds like you've had the same struggles I've been through.

Good news: the Mac version is now available to download at https://apiparrot.com/#download.

Let me know if you have any feedback!

I'm glad you like the idea! Let me answer your questions one by one:

- Exporting to Swagger/OpenAPI Spec: Currently, exporting to Swagger/OpenAPI isn't supported, but it's on my to-do list to look into. Right now, JavaScript code is the only export format.

- Exporting to a Generated SDK: Same as above. I'm considering integrating tools that can generate SDKs from OpenAPI/Swagger specs, so this might be included in a future update.

- Support for URL Path Variables (e.g., `/users/{user_id}`): Yes, API Parrot supports URL path variables!

- Support for URL Query Parameters (and filtering out common "noise" parameters like Google Analytics): Yes, API Parrot supports URL query parameters, and there are measures in place to filter out the noise.

- Support for Non-JSON Input/Output (e.g., endpoints that accept multipart form data): There is support for non-JSON input/output formats, but multipart form data isn't supported at this time. You can find all the supported data types on this page: https://docs.apiparrot.com/docs/tutorial-extras/exchange-mod...

Thanks again for your support! I'm excited for you to try it out, and I'd love to hear your feedback after you've had a chance to play around with it.

I'm glad to hear that you like the product and found the tutorial helpful. I've updated the documentation to include instructions for installing the AppImage—thanks for bringing that to my attention.

I really appreciate your detailed feedback on the UI and usability. I'll definitely take your suggestions into consideration and work on implementing them in future versions.

Thanks again for taking the time to share your thoughts!

Same issue, would prefer the option to use any browser also. Chrome is not my cup of tea

Looks like it wants to run chrome using `start chrome` which is AFAIK a Windows-only command.

Thank you for pointing this out. I've addressed the issue, and it should now be fixed in version 0.2.1, which is available for download on the website. Please update to the latest version, and let me know if you encounter any more problems.

Yep same problem

Thanks for pointing this out!

It should now be fixed.

Thank you for your suggestion!

I've added a newsletter sign-up form at the bottom of the webpage: https://apiparrot.com/#newsletter

Feel free to subscribe to receive notifications when we release the MacOSX version.

+1, ready to buy

Glad you like the project! I'm working on getting the macOS version built and released as soon as possible. If you'd like to be notified when it's ready, you can sign up for the newsletter here: https://apiparrot.com/#newsletter.

As for adblock-rs, I'm using it to detect and automatically disable requests related to ads and other unnecessary stuff. This helps cut down on noise and saves some time for developers.

> aren't there github libraries that do this already?

which ones?

Can you please share a doc link?

Currently only HTTP requests are supported. I might add support for websockets later, however that is a harder problem to solve due to the binary encoding etc.

Thank you!

Working on this side project has been both fun and rewarding. I've learned a lot throughout the process, which keeps me motivated even without immediate financial gain. I have plenty of ideas on how to improve the software in various ways. Some of these enhancements could become part of a "pro" version tailored for businesses. My long-term ambition is to turn this into a full-fledged product, which would enable me to dedicate more time to its development.

I am getting bit sick of this triplechecker spam.

Could you give some examples of what refinement you think it needs?