{"aiPlatform":"claude-code@2025.06","category":"api-tools","commandName":"/api-explore","content":"---\nname: API Explorer & Documentation Generator\ndescription: Comprehensive API analysis tool that discovers, tests, and documents APIs. Automatically explores REST endpoints, generates OpenAPI specifications, tests authentication methods, and creates interactive documentation. Respects rate limits and robots.txt while providing ethical API reconnaissance.\nallowed_tools:\n - puppeteer # Web scraping and browser automation\n - filesystem # Save documentation and test results\n - memory # Track API patterns and schemas\n - sqlite # Store API metadata and test history\ntags:\n - api-discovery\n - documentation\n - testing\n - integration\ncategory: api-tools\n---\n\n## Arguments\n\n```\n/api-explore \nbase_url=\"\"\n[auth_type=]\n[auth_value=]\n[depth=]\n```\n*Defaults → `auth_type=none depth=standard`*\n\n### Examples\n\n```bash\n# Basic public API exploration\n/api-explore \nbase_url=\"https://jsonplaceholder.typicode.com\"\n\n# Authenticated API with depth control\n/api-explore \nbase_url=\"https://api.github.com\"\nauth_type=bearer\nauth_value=\"ghp_xxxxxxxxxxxx\"\ndepth=shallow\n\n# API key authentication\n/api-explore \nbase_url=\"https://api.weather.com/v1\"\nauth_type=api_key\nauth_value=\"your-api-key\"\n```\n\n---\n\n## Context – what the AI should do\n\n1. **Parse Arguments and Setup**\n * `base_url` - API base URL to explore\n * `auth_type` - authentication method to use\n * `auth_value` - authentication credentials (handle securely)\n * `depth` - exploration depth (shallow: basic discovery, standard: full analysis, deep: extensive testing)\n\n2. **API Discovery Phase** (Respecting Ethics & Limits)\n * **Robots.txt Compliance**: Check and respect `/robots.txt` directives\n * **Rate Limiting**: Implement 1 request/second default throttle\n * **Common Endpoint Discovery**: Test standard REST patterns (`/api/v1/`, `/users`, `/posts`, etc.)\n * **Documentation Scraping**: Use Puppeteer to find API docs, Swagger/OpenAPI specs\n * **Sitemap Analysis**: Parse sitemap.xml for API endpoints\n * **Respect Terms of Service**: Avoid aggressive crawling or brute-forcing\n\n3. **Endpoint Analysis** (Safe Methods Only)\n * **HTTP Methods Testing**: Test GET and HEAD only (unless depth=deep)\n * **Parameter Discovery**: Analyze query parameters, path parameters from documentation\n * **Response Schema Analysis**: Examine response structures and data types\n * **Error Handling**: Test error responses respectfully (400, 401, 403, 404)\n * **Rate Limit Detection**: Detect limits and honor Retry-After headers\n\n4. **Authentication Testing**\n * **Bearer Token**: Test Authorization header with provided token\n * **API Key**: Test various API key locations (header, query, body)\n * **Basic Auth**: Test username/password combinations\n * **OAuth Discovery**: Look for OAuth endpoints and flows\n\n5. **Schema Generation**\n * **Request Schemas**: Generate JSON schemas for request bodies\n * **Response Schemas**: Create schemas for response structures\n * **Data Type Inference**: Analyze actual data to infer types and constraints\n * **Relationship Mapping**: Identify relationships between endpoints\n\n6. **Comprehensive Documentation Generation**\n * **OpenAPI 3.0**: Generate complete OpenAPI specification\n * **Postman Collection**: Create importable collection with examples\n * **Markdown Docs**: Human-readable API documentation with usage guides\n * **Code Examples**: Generate example requests in multiple languages\n * **Security Notes**: Document authentication requirements and rate limits\n * **GraphQL Support**: Detect and document GraphQL endpoints if present\n\n7. **Testing and Validation**\n * **Endpoint Health Checks**: Verify all endpoints are accessible\n * **Response Time Analysis**: Measure and document performance\n * **Data Consistency**: Check for consistent response formats\n * **Security Analysis**: Identify potential security issues\n\n8. **Knowledge Base Updates**\n * Store API patterns in memory: `/memory__create_entities` for endpoints, schemas\n * Build relationship graph: API → has_endpoint → Endpoint → returns → Schema\n * Track common patterns across different APIs\n * Store in SQLite: endpoint metadata, response times, test results\n\n9. **Output Generation**\n * Save all documentation formats: OpenAPI, Postman, and Markdown\n * Create comprehensive test report with coverage metrics\n * Generate summary dashboard with API statistics\n * Include security considerations and best practices\n * Strip any accidentally captured credentials from outputs\n\n10. **Safety & Compliance**\n * **Credential Security**: Never log or save auth values in reports\n * **Respect Rate Limits**: Exponential backoff on 429 responses\n * **Avoid Destructive Operations**: Skip DELETE/PUT/PATCH unless depth=deep\n * **Data Privacy**: Sanitize example responses to remove PII\n * **Terms of Service**: Include warnings about respecting API ToS\n\n> Provide ethical API reconnaissance with focus on documentation and integration guidance. Respect rate limits, robots.txt, and terms of service. Highlight security considerations without exploiting vulnerabilities.","contentHash":"92df8a046cc888b95a7db3bca5c0d6385bfa18cc1e17017dcc8b5ac4deaf0d03","copies":0,"createdAt":"2025-07-22T16:25:41.756Z","description":"Ethical API reconnaissance tool that discovers and documents APIs while respecting rate limits and terms of service","downloads":4,"github":{"lastSyncDirection":"from-github","lastSyncError":"Failed to sync YAML command: Failed to extract file contents: logger.logProgress is not a function","repoUrl":"https://github.com/Commands-com/ai-commands","metadata":{"importedFrom":"github_repository","repoPrivate":true,"repoDefaultBranch":"main","connectedAt":"2025-07-22T16:25:41.756Z"},"importedAt":"2025-07-22T16:25:41.756Z","lastSyncAt":"2025-08-17T16:56:10.305Z","fileMapping":{"license":"LICENSE","readme":"api-explorer/README.md","assets":[],"mainFile":"api-explorer/command.md"},"selectedCommand":"api-explorer","fileShas":{"mainFile":"3f3df1539f005b1e41d8b8ae15b9ff559c7c717e","yamlPath":"4507cfda9afa7474437ab79914331e61ec82f4f7","readme":"2fe6ed265e2e7fc22e4df7da588c91186105b284"},"branch":"main","connectionType":"commands_yaml","connected":true,"lastSyncCommit":"3f1460bda072265aa9ad932490481f0843dc66f8","importSource":"repository_import","installationId":"69232615","syncStatus":"synced"},"githubRepoUrl":"https://github.com/Commands-com/ai-commands","id":"404f38f0-a4f2-4fba-a5ba-b03dfc94f376","inputParameters":[{"name":"base_url","description":"Base URL of the API to explore and analyze","label":"API Base URL","type":"text","required":true,"defaultValue":""},{"defaultValue":"none","name":"auth_type","options":["none","bearer","basic","api_key"],"description":"Authentication method to use for API requests","label":"Authentication Type","type":"select","required":false},{"name":"auth_value","description":"Token, key, or credentials for authentication (handled securely)","label":"Authentication Value","type":"text","required":false,"defaultValue":""},{"defaultValue":"standard","name":"depth","options":["shallow","standard","deep"],"description":"How thoroughly to explore the API","label":"Exploration Depth","type":"select","required":false}],"instructions":"# API Explorer & Documentation Generator\n\nEthical API reconnaissance tool that discovers, tests, and documents APIs while respecting rate limits, robots.txt, and terms of service. Generates comprehensive documentation including OpenAPI specs, Postman collections, and usage guides.\n\n## Key Features:\n- **Ethical Discovery**: Respects robots.txt and implements rate limiting (1 req/sec)\n- **Safe Testing**: Uses read-only methods by default (GET/HEAD)\n- **Comprehensive Documentation**: Generates OpenAPI, Postman, and Markdown docs\n- **Security-First**: Handles credentials securely, strips sensitive data from outputs\n- **Smart Analysis**: Detects authentication methods, schemas, and relationships\n- **GraphQL Support**: Identifies and documents GraphQL endpoints\n\n## How to Use:\n1. **API Base URL**: Enter the base URL of the API to explore\n2. **Authentication Type**: Choose auth method (none, bearer, basic, api_key)\n3. **Authentication Value**: Provide credentials (handled securely, never logged)\n4. **Depth**: Control exploration thoroughness:\n - **Shallow**: Basic discovery and documentation only\n - **Standard**: Full analysis with safe testing methods\n - **Deep**: Extensive testing including write operations (use carefully)\n\n## What It Generates:\n- **OpenAPI 3.0 Specification**: Complete API definition with schemas\n- **Postman Collection**: Ready-to-import collection with examples\n- **Markdown Documentation**: Human-readable guides with code examples\n- **Security Analysis**: Authentication requirements and rate limits\n- **Test Report**: Coverage metrics and endpoint health status\n\n## Safety & Ethics:\n- Implements automatic rate limiting to avoid overwhelming servers\n- Respects robots.txt directives and crawl delays\n- Uses safe HTTP methods (GET/HEAD) unless depth=deep\n- Honors Retry-After headers and implements exponential backoff\n- Strips accidentally captured credentials from all outputs\n- Includes warnings about respecting API terms of service\n\n## Example Commands:\n```bash\n# Basic public API exploration\n/api-explore base_url=\"https://api.example.com\"\n\n# Authenticated API with controlled depth\n/api-explore \nbase_url=\"https://api.github.com\"\nauth_type=bearer\nauth_value=\"ghp_xxxxxxxxxxxx\"\ndepth=shallow\n\n# API key authentication with standard exploration\n/api-explore \nbase_url=\"https://api.service.com/v1\"\nauth_type=api_key\nauth_value=\"your-api-key\"\n```\n\n## Prerequisites:\n- Puppeteer MCP server for web scraping and browser automation\n- Filesystem MCP server for saving documentation\n- Memory MCP server for tracking patterns and schemas\n- SQLite MCP server for storing metadata and history\n\n## Best Practices:\n- Always check the API's terms of service before exploration\n- Use shallow depth for initial discovery\n- Provide authentication only when necessary\n- Review generated documentation for any sensitive data\n- Use the tool for integration planning, not vulnerability exploitation","lastDownloaded":"2025-08-21T22:42:51.686Z","licenseType":"mit","likes":0,"mcpRequirements":[{"tier":"required","serverId":"puppeteer"},{"tier":"required","serverId":"filesystem"},{"tier":"required","serverId":"memory"},{"tier":"required","serverId":"sqlite"}],"mcp_search_content":"docker-puppeteer docker-filesystem docker-memory docker-sqlite","organizationUsername":"commands-com","price":"free","processedGalleryItems":[{"s3KeyThumbnail":"processed/404f38f0-a4f2-4fba-a5ba-b03dfc94f376/1753201542164_preview_thumb.webp","s3KeyLarge":"processed/404f38f0-a4f2-4fba-a5ba-b03dfc94f376/1753201542164_preview.webp","name":"1753201542164_preview.webp","originalKey":"temp-uploads/404f38f0-a4f2-4fba-a5ba-b03dfc94f376/1753201542164_preview.png","pathLarge":"404f38f0-a4f2-4fba-a5ba-b03dfc94f376/1753201542164_preview.webp","type":"image/webp","pathThumbnail":"404f38f0-a4f2-4fba-a5ba-b03dfc94f376/1753201542164_preview_thumb.webp"}],"search_content":"api explorer & documentation generator ethical api reconnaissance tool that discovers and documents apis while respecting rate limits and terms of service /api-explore api-tools claude-code@2025.06","title":"API Explorer & Documentation Generator","type":"command","updatedAt":"2025-08-17T16:56:10.305Z","userId":"W0V8NAw5AhWRwcuwSoFLOi1Yem83","visibility":"public","name":"api-explorer","userInteraction":{"userHasStarred":false}}