🐸 Frogger API Converter · Preview
Got ideas? Send feedback
F
froggerapi.io Postman → Tenable-ready OpenAPI in one hop

Most teams have Postman collections, not perfect OpenAPI specs. Frogger turns those collections into strict, hardened OpenAPI 3 files that Tenable WAS can actually scan without a bunch of “permissive input validation” noise.

1. Upload & convert
Backend: /api/convert
Required · Collection v2.1 recommended
Postman environment JSON, if you use variables
Sent as X-Tenant-Id header
Sent as X-Api-Key header if provided
Current endpoint: /api/convert
Ready when you are – choose a Postman collection and hit convert.
2. OpenAPI output
OpenAPI 3.x Tenable-hardened Variables resolved
Sample cURL for integrating with this endpoint:
Your OpenAPI spec will appear here once conversion succeeds. We’ll pretty-print the JSON or YAML so you can inspect paths, parameters, and schemas before feeding it into Tenable WAS.
What is FroggerAPI?
Built for Tenable WAS users

FroggerAPI converts Postman collections into strict, security-focused OpenAPI 3 specifications. It’s designed to generate specs that Tenable Web Application Scanning (WAS) can consume without a lot of manual fixing or trial-and-error.

  • Resolves Postman variables and environments into concrete URLs, params, and examples.
  • Infers JSON schemas from request bodies and tightens them (types, maxLength, maxItems).
  • Adds basic pattern and format hints for IDs, emails, dates, etc.
  • Skips Authorization headers so you can keep using Tenable’s credential system.
Using the output in Tenable WAS
Scan-ready OpenAPI

Once you’ve converted your collection, you can import the generated OpenAPI into Tenable WAS as an API scan:

  • 1.In Tenable, go to Scans → New Scan → Web Application and choose the API / OpenAPI template.
  • 2.Upload your Frogger-generated OpenAPI file (JSON or YAML).
  • 3.Select or configure your API credential as usual (e.g. bearer token, header auth).
  • 4.Launch the scan. Tenable will use the stricter schemas and patterns to exercise endpoints more accurately.

If Tenable raised “permissive input validation” issues on your old spec, run those same endpoints through Frogger and re-import the hardened version.

Why not just use AI to convert Postman?
Deterministic > “creative”

Large language models can guess at an OpenAPI file, but Tenable needs something more predictable:

  • Deterministic output. The same Postman file should always generate the same OpenAPI. Frogger is pure code, not a prompt, so it’s stable and debuggable.
  • Tunable for Tenable. Frogger enforces maxLength, pattern, format, maxItems and additionalProperties specifically to avoid “permissive input” findings.
  • Data stays in your environment. Frogger runs as a container or sidecar inside your VPC or on-prem. No Postman collections or environments are sent to an external AI service.
  • Built for CI/CD. The converter is deterministic and scriptable, so you can run it on every build before Tenable scans.

AI is great for improving descriptions and docs after you have a strict spec. Frogger’s job is to generate that strict, Tenable-ready baseline every time.

🐸Roadmap CI/CD integration (convert before every scan) Spec history & diffing API security linting & policy checks Tenant-aware workspaces & API keys On-prem / air-gapped deployment options