I don't have an OpenAPI/swagger specification for my API

Hi there. I don’t have an OpenAPI/swagger specification for my API – can I still fuzz it?

thanks,
Paul

Mayhem for API will automatically convert swagger 2, postman collection and HTTP Archive (HAR) files to an OpenAPI specification when supplying the alternative documents to “mapi run”. The OpenAPI specification may not be as accurate as an OpenAPI spec created by hand, or generated from source, but it should be enough to enable fuzzing your API with Mayhem for API. If you have no specification at all, you can create a .har recording exercising relevant endpoints and convert that into an OpenAPI spec by using mapi convert . You can find more details here:

For more details, please see our documentation on API Specifications: