Product · API Risk Monitor

Know where your API breaks before attackers do.

Paste an OpenAPI 3 spec or fetch a public https URL. You get a risk score and findings focused on auth posture and sensitive routes — not a full pentest.

Scan

JSON, YAML, or spec URL.

Detect

Rules on paths, methods, security.

Fix

Severity + remediation hints.

Run a scan

Runs in this Next.js app (POST /api/scan). Specs are validated then analyzed; nothing is stored yet. Beta limit: 20 scans / 10 min / IP.

If server env API_RISK_BETA_KEY is set, scanner requires key auth via header x-api-risk-key.

Beta key (optional; use if API_RISK_BETA_KEY is set, or alongside Stripe)OpenAPI JSON

Spec diff & risk delta

Baseline (A) vs candidate (B). Uses 2 scans from your monthly pool (or free daily pool). Same size limits per spec as a single scan.

Spec A — baseline

Spec B — candidate

Legal: Results are indicative for engineering prioritization. They do not replace a formal penetration test or compliance certification.