Record browser sessions β Auto-discover hidden APIs β Export TypeScript SDK + OpenAPI + MCP Server
Stop reverse-engineering APIs by hand. Just use the app β TabAPI figures out the rest.
TabAPI watches real browser traffic while you click through a web app, then turns that traffic into clean, reusable API artifacts.
No devtools archaeology. No guessing endpoints. No manually rebuilding payload shapes from minified frontend code.
Use TabAPI when you need to:
- Build integrations against undocumented/private APIs
- Generate an internal SDK from behavior, not docs
- Add contract checks in CI for API drift
- Give AI agents safe, structured API access via MCP
tabapi record https://app.example.comβ Browser launched (Playwright)
β Capturing network traffic + metadata
β Session recorded: 2026-03-01_abc123
β Saved: .tabapi/sessions/2026-03-01_abc123/session.json
tabapi analyzeβ Normalized requests/responses
β Inferred endpoint groups
β Inferred auth patterns + schema candidates
β Saved models to .tabapi/sessions/<session-id>/models
tabapi export --sdk ts --openapi --mcp --testsβ OpenAPI 3.0 spec generated
β TypeScript SDK generated
β MCP server config generated
β Replay tests generated
β Output written to ./generated
tabapi mcp serveβ Loaded discovered API tools
β MCP server running on :3333
β Ready for Cursor / Claude Desktop / custom agents
Alpha note: current CLI requires
session-idforanalyze,export,replay, andmcp serve. Example:tabapi analyze <session-id>.
- β π₯ Record any web app via real browser automation (Playwright)
- β π Auto-discover API endpoints from live network traffic
- β π Infer request and response schemas from real payloads
- β π Auto-redact tokens, cookies, and API keys (local-first processing)
- β π¦ Export TypeScript SDK, OpenAPI 3.0, MCP server config, and tests
- β π Replay and diff behavior to detect breaking API changes in CI
- β π€ MCP-ready API tooling for AI agents and assistants
npx tabapi record https://app.example.comThen run:
# Use the session id printed by the record command
tabapi analyze <session-id>
tabapi export <session-id> --all
tabapi replay <session-id> --report summary
tabapi mcp serve <session-id> --port 3333npx tabapi --helpnpm install -g tabapinpm install --save-dev tabapi- Node.js 20+
- npm 10+
- Network access to target web app
- Permission to test/inspect the target application
tabapi --helptabapi record <url> [--headless] [--output .tabapi] [--timeout 120]- Opens a real browser and captures request/response activity
- Stores session data at
.tabapi/sessions/<session-id>/session.json
tabapi analyze <session-id> [--session-dir .tabapi/sessions]- Normalizes captured traffic
- Clusters requests into endpoint groups
- Writes inferred models under
models/endpoint-groups.json
tabapi export <session-id> [--openapi] [--sdk ts] [--mcp] [--tests] [--all] [--output ./generated] [--allow-secrets]- Generates artifacts from inferred models
- Use
--allfor full output in one command - Keep
--allow-secretsoff unless absolutely required
tabapi replay <session-id> [--report summary|json]- Replays inferred endpoints
- Returns pass/fail/changed summary for drift detection
tabapi mcp serve <session-id> [--port 3333]- Starts MCP server based on exported session artifacts
- Exposes discovered APIs as structured tools for agents
graph LR
A[π Browse Web App] --> B[π‘ Capture Traffic]
B --> C[π Infer Endpoints]
C --> D[π¦ Export SDK/OpenAPI/MCP]
D --> E[π€ AI Agent / CI / Code]
Pipeline stages:
record: capture raw traffic, headers, timing, and navigation contextanalyze: normalize noise, detect endpoint patterns, infer schemasexport: generate typed artifacts for developers, CI, and AI runtimesreplay: compare behavior over time and surface drift
| Format | Output | Why it matters |
|---|---|---|
| TypeScript SDK | generated/sdk/ |
Typed client for app and backend integrations |
| OpenAPI 3.0 | generated/openapi/openapi.yaml |
Standard contract for docs, mocks, and tooling |
| MCP Server Config | generated/mcp/ |
Agent-compatible tools from discovered endpoints |
| Replay Tests | generated/tests/ |
CI guardrails for API regressions |
TabAPI can expose discovered APIs as MCP tools so AI assistants can execute validated API calls instead of hallucinating request formats.
- Generate MCP artifacts with
tabapi export <session-id> --mcp - Start server using
tabapi mcp serve <session-id> - Add local MCP server entry in Cursor settings
- Export MCP artifacts
- Run local MCP server
- Register the server in Claude Desktop MCP configuration
Use any MCP-compatible runtime and point it to the local TabAPI MCP endpoint.
TabAPI is designed local-first by default:
- Data stays on your machine unless you explicitly move it
- Sensitive headers and tokens are redacted in normalized artifacts
- Secrets can be excluded from exported outputs
- You control which sessions are recorded and retained
Recommended practices:
- Use dedicated test accounts while recording
- Avoid recording personal or production-sensitive activity
- Review artifacts before sharing in repos or tickets
- Run CI replay checks against controlled environments
# baseline capture
tabapi record https://staging.example.com
tabapi analyze <session-id>
tabapi export <session-id> --openapi --tests
# in CI
tabapi replay <session-id> --report jsonUse replay summaries to fail builds on unexpected API contract drift.
- Smarter latest-session auto-resolution for all commands
- More SDK targets (Python, Go)
- Improved auth flow modeling
- Snapshot minimization for cleaner diffs
- GitHub Action for nightly drift reports
PRs are welcome. Check CONTRIBUTING.md for setup and workflow.
Good issues to start with:
- Endpoint inference edge cases
- Exporter quality improvements
- Replay stability and reporting
- MCP ergonomics and tool metadata
Released under the MIT License. See LICENSE.
If TabAPI saves you hours of reverse-engineering:
- Star the repo
- Share it with your team
- Open issues with real-world API edge cases
- Contribute improvements
β Star TabAPI to help more developers stop reverse-engineering APIs by hand.