Reverse-engineering undocumented APIs with Claude

Kalil — Wed, 31 Dec 2025 11:12:32 +0000

🔗 Project: https://github.com/kalil0321/reverse-api-engineer

Many websites expose public APIs, but they’re often undocumented, poorly documented, or intentionally hard to find.

I’m currently building Stapply Map, a job aggregator that shows jobs on a map (https://map.stapply.ai), and I needed data. Most ATS platforms do have public APIs, but discovering how to use them usually means digging through network requests and reverse-engineering things manually.

So I started doing what many of us do:
open DevTools → inspect network → copy requests → paste them into Claude → manually turn them into a usable API client.

That worked, but it felt very repetitive.

What if I automated this?

The idea

I started building reverse-api-engineer: a tool that helps reverse-engineer APIs using Claude.

The initial flow was simple:

You enter a query
A browser opens with HAR recording enabled
You navigate the website manually
The HAR file is saved
Claude Code analyzes it and generates an API client

This already worked well but I wanted to push the automation further.

Adding an agent mode

So I started experimenting with an agent mode, where an agent controls the browser directly and performs actions on your behalf.

I first tried:

browser-use
Stagehand

They worked, but weren’t ideal for this use case:

they rely on external libraries
native HAR recording support is missing for browser-use
integration was not clean for programmatic reverse-engineering, we had to do a 2 step pipeline (har recording with automation framework, then codegen with Claude)
the network requests could be unsufficient for the engineer to build the API client

Moving to Playwright MCP

At that point, I realized that Playwright MCP was actually a very good foundation and the only missing piece was HAR recording.

So I forked Playwright MCP and added it.

👉 I published this as v0.2.9, with built-in HAR support, and the results were already much better.

Now the flow looks like this:

Claude (or another agent) controls the browser via MCP
Actions are executed automatically (search, click, paginate, filter)
Network traffic is recorded as HAR
Claude analyzes the requests
A structured API client is generated

What it can extract today

public but undocumented API endpoints
query parameters & payloads
pagination logic
filters and search behavior
required headers
request dependencies
session patterns

This works especially well for:

job boards
ATS platforms
dashboards
internal tools
search-heavy web apps

Roadmap

Here’s what I’m planning next:

collector mode (ie send a complex query and get the data directly + code)
a registry of apis to make it easier to discover already reverse-engineered APIs (users can opt-in)