DEV Community

Kalil
Kalil

Posted on

Reverse-engineering undocumented APIs with Claude

#ai #claudecode #api #python

reverse-api-engineer demo

๐Ÿ”— Project: https://github.com/kalil0321/reverse-api-engineer

Many websites expose public APIs, but theyโ€™re often undocumented, poorly documented, or intentionally hard to find.

Iโ€™m currently building Stapply Map, a job aggregator that shows jobs on a map (https://map.stapply.ai), and I needed data. Most ATS platforms do have public APIs, but discovering how to use them usually means digging through network requests and reverse-engineering things manually.

So I started doing what many of us do:
open DevTools โ†’ inspect network โ†’ copy requests โ†’ paste them into Claude โ†’ manually turn them into a usable API client.

That worked, but it felt very repetitive.

What if I automated this?

The idea

I started building reverse-api-engineer: a tool that helps reverse-engineer APIs using Claude.

The initial flow was simple:

  1. You enter a query
  2. A browser opens with HAR recording enabled
  3. You navigate the website manually
  4. The HAR file is saved
  5. Claude Code analyzes it and generates an API client

This already worked well but I wanted to push the automation further.

Adding an agent mode

So I started experimenting with an agent mode, where an agent controls the browser directly and performs actions on your behalf.

I first tried:

  • browser-use
  • Stagehand

They worked, but werenโ€™t ideal for this use case:

  • they rely on external libraries
  • native HAR recording support is missing for browser-use
  • integration was not clean for programmatic reverse-engineering, we had to do a 2 step pipeline (har recording with automation framework, then codegen with Claude)
  • the network requests could be unsufficient for the engineer to build the API client

Moving to Playwright MCP

At that point, I realized that Playwright MCP was actually a very good foundation and the only missing piece was HAR recording.

So I forked Playwright MCP and added it.

๐Ÿ‘‰ I published this as v0.2.9, with built-in HAR support, and the results were already much better.

Now the flow looks like this:

  1. Claude (or another agent) controls the browser via MCP
  2. Actions are executed automatically (search, click, paginate, filter)
  3. Network traffic is recorded as HAR
  4. Claude analyzes the requests
  5. A structured API client is generated

What it can extract today

  • public but undocumented API endpoints
  • query parameters & payloads
  • pagination logic
  • filters and search behavior
  • required headers
  • request dependencies
  • session patterns

This works especially well for:

  • job boards
  • ATS platforms
  • dashboards
  • internal tools
  • search-heavy web apps

Roadmap

Hereโ€™s what Iโ€™m planning next:

  • collector mode (ie send a complex query and get the data directly + code)
  • a registry of apis to make it easier to discover already reverse-engineered APIs (users can opt-in)

๐Ÿ”— Project: https://github.com/kalil0321/reverse-api-engineer

Feedback, ideas, and suggestions are very welcome!

Top comments (0)