API & Endpoint Discovery

What does API & Endpoint Discovery do?

API & Endpoint Discovery scans any website and surfaces every API endpoint it exposes — then tests and fingerprints each one so you know exactly what you're working with. Point it at a URL and get back a structured list of REST endpoints, GraphQL queries, WebSocket connections, and authentication requirements within minutes.

Built specifically for use as a Claude AI tool via Apify MCP, so Claude can discover and analyze APIs mid-conversation. Also runs as a standalone Apify Actor with full dataset output downloadable as JSON, CSV, or Excel.

Why use API & Endpoint Discovery?

• AI agent tool augmentation — give Claude real-time API discovery capabilities; ask "what APIs does stripe.com expose?" and get a structured answer
• API integration research — before integrating with a third-party service, map all their endpoints and authentication requirements automatically
• Security auditing — discover undocumented or shadow APIs, detect open CORS policies, identify unauthenticated endpoints
• API documentation — automatically generate an endpoint inventory for any website, including those without published docs
• Competitive analysis — understand what APIs a competitor's product uses

How to use as a Claude MCP tool

This actor is designed to work as a tool inside Claude. Claude can call it mid-conversation to discover and analyze any website's APIs in real time.

Setup (5 minutes)

1. Create a free Apify account and copy your API token from Settings → Integrations
2. Install Claude Desktop
3. Add the Apify MCP server to your Claude config file:
   • Mac: ~/Library/Application Support/Claude/claude_desktop_config.json
   • Windows: %APPDATA%\Claude\claude_desktop_config.json

{
    "mcpServers": {
        "apify": {
            "command": "npx",
            "args": ["-y", "@apify/mcp-server"],
            "env": {
                "APIFY_TOKEN": "your-apify-token-here"
            }
        }
    }
}

4. Restart Claude Desktop
5. Ask Claude:

"Use the API endpoint discovery actor on https://jsonplaceholder.typicode.com and tell me what endpoints are available, which ones require auth, and what their response schemas look like."

Claude will call this actor, wait for results, and return a structured summary of every discovered API endpoint — including authentication requirements, CORS policy, rate limiting, and sample response schemas.

Example Claude conversation

You: What APIs does https://petstore.swagger.io expose?

Claude: I'll use the API Endpoint Discovery actor to scan petstore.swagger.io...

(runs actor)

Claude: I found 20 endpoints across 3 resource groups:

• /pet — GET (public, returns array of Pet objects), POST (requires Bearer auth)
• /pet/{petId} — GET (public), PUT (requires auth), DELETE (requires auth)
• /store/inventory — GET (public, returns stock counts)
• /user/login — GET (public, returns auth token) ...

How to use as a standalone Apify Actor

1. Create a free Apify account
2. Go to Apify Store → API & Endpoint Discovery
3. Click Try for free
4. Add your target URLs in the Start URLs field
5. Click Start and wait for the run to finish (typically 1–5 minutes for 10 sites)
6. Download results from the Output tab as JSON, CSV, or Excel

Input

Field	Type	Default	Description
Start URLs	array	required	Websites to analyze (up to 50)
Max Endpoints per Site	integer	200	Cap on endpoints probed per site
HTTP Methods to Probe	array	all	Methods to test: GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
Include Static Analysis	boolean	true	Scan JS bundles and well-known paths for additional routes
Include GraphQL Introspection	boolean	true	Run GraphQL introspection if /graphql endpoint found
Proxy Configuration	object	none	Apify proxy settings for bypassing anti-bot protection

Output

One record per discovered endpoint:

{
    "sourceUrl": "https://jsonplaceholder.typicode.com",
    "endpoint": "https://jsonplaceholder.typicode.com/posts",
    "path": "/posts",
    "discoveredBy": ["networkInterception", "staticAnalysis"],
    "apiType": "REST",
    "methods": {
        "GET": {
            "status": 200,
            "responseTimeMs": 312,
            "contentType": "application/json",
            "requiresAuth": false,
            "sampleSchema": ["userId", "id", "title", "body"]
        },
        "POST": {
            "status": 201,
            "responseTimeMs": 198,
            "requiresAuth": false
        },
        "OPTIONS": {
            "status": 200,
            "cors": {
                "allowedOrigins": "*",
                "allowedMethods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
            }
        }
    },
    "tags": ["public", "json", "cors-open"]
}

You can download the dataset in various formats such as JSON, HTML, CSV, or Excel.

Data fields

Field	Description
sourceUrl	The input website URL this endpoint was found on
endpoint	Full URL of the discovered endpoint
path	URL path only
discoveredBy	How it was found: networkInterception, staticAnalysis, openApiSpec, graphqlIntrospection, wellKnownPath
apiType	REST, GraphQL, WebSocket, or unknown
methods	Per-method results: status, response time, content-type, auth info, CORS, sample schema
rateLimit	Rate limit headers detected, if any
tags	Auto-generated labels: requires-auth, public, json, graphql, cors-open, cors-restricted, rate-limited, versioned

How the discovery works

The actor runs a 3-phase pipeline per website:

1. Live browser interception (Playwright) — loads the page in a real Chromium browser, intercepts every XHR/fetch/WebSocket request, and captures all JS bundle URLs
2. Static analysis — scans JS bundles for API path patterns, probes well-known paths (/openapi.json, /swagger.json, /graphql, /.well-known/), and parses any OpenAPI/Swagger specs it finds
3. Deep fingerprinting — probes each discovered endpoint with all configured HTTP methods, detecting auth requirements, CORS policy, rate limiting, API type (REST/GraphQL), and extracting a sample response schema

Cost estimation

Running API & Endpoint Discovery on 10 websites typically consumes 0.5–2 Compute Units depending on site complexity. The Apify Free tier includes enough free credits to analyze dozens of sites per month at no cost.

Sites	Estimated CUs	Approximate cost
1 site	0.05–0.2	Free tier
10 sites	0.5–2	Free tier
50 sites	2.5–10	~$0.50–$2.00

Tips

• OpenAPI/Swagger sites: if a site publishes /openapi.json or /swagger.json, the actor extracts all declared routes instantly — results in seconds
• Reduce cost on large sites: lower Max Endpoints per Site to 50 if you only need a quick overview
• GraphQL APIs: enable Include GraphQL Introspection for a full schema of all queries and mutations
• Anti-bot sites: enable Apify Proxy to rotate IPs and avoid rate limiting during probing
• Claude integration: ask Claude to filter or compare results — e.g. "which of these endpoints don't require auth and return JSON?"

FAQ

Is this legal? This actor sends standard HTTP requests that any browser would make. It does not bypass authentication, exploit vulnerabilities, access private data, or perform denial-of-service attacks. Always respect a site's Terms of Service and robots.txt. Do not use this tool against systems you do not own or have explicit permission to test.

What if GraphQL introspection is blocked? Endpoints that block introspection are recorded with graphqlIntrospectionBlocked: true — the endpoint is still discovered and fingerprinted for all other signals.

Can it handle SPAs and JavaScript-heavy sites? Yes — Phase 1 uses a real Chromium browser that executes JavaScript, so it captures API calls from React, Vue, Angular, and other SPA frameworks.

What's the difference between discoveredBy values?

• networkInterception — the endpoint was actually called by the page during Playwright's browser session
• staticAnalysis — found by regex-scanning JS bundle source code
• openApiSpec — declared in an OpenAPI/Swagger spec found on the site
• wellKnownPath — found by probing standard paths like /graphql, /robots.txt

Need a custom solution? Contact Apify for custom API monitoring, bulk analysis pipelines, or enterprise integrations.

Found a bug or have a feature request? Open an issue in the ../../issues.