Why it matters
- APIs often behave differently from their documentation.
- Undocumented endpoints and stale specs create security and governance risk.
- Good testing depends on accurate contracts.
OpenAPI Mapping & Drift
Map observed APIs to specifications, detect drift and generate useful API contracts where documentation is missing.
Deterministic evidenceScope-aware executionAdaptive capability
Capability architecture
OpenAPI Mapping & Drift: context, validation and evidence.
This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.
ThreatCanary approach
- Import, link or generate OpenAPI specifications from observed traffic and platform data.
- Map discovered endpoints to operations with confidence scoring and manual override.
- Detect added, removed, changed or undocumented endpoints and parameters.
What it validates or reveals
- Spec drift.
- Undocumented or orphaned endpoints.
- Coverage gaps for schema-driven testing and CI/CD validation.
Evidence and outputs
- A clear explanation of the exposure, affected assets and likely attack path.
- Reproducible evidence suitable for analysts, developers and risk owners.
- Prioritisation based on exploitability, business impact, sensitive data and chainability.
- Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.
See ThreatCanary in action
Book a technical demo