F
froggerapi.io
Postman → Tenable-ready OpenAPI
🐸 Preview · Focused on Tenable WAS users

Turn messy Postman collections into strict, Tenable-ready OpenAPI 3.

Most security teams get “permissive input validation” noise because their OpenAPI specs are too loose or auto-generated from code. FroggerAPI converts your existing Postman collections into hardened OpenAPI 3 specs that Tenable WAS can actually scan with precision.

  • Resolves Postman variables + environments into concrete URLs, params, and examples.
  • Infers JSON schemas and tightens them with type, maxLength, maxItems, and pattern.
  • Deterministic output — the same collection always produces the same spec, no prompt magic.
No login. No data stored. Collections are processed in-memory and returned as a single OpenAPI file.
Who is this for?
AppSec / product security teams Platform / API teams that own Postman collections Teams feeding Tenable WAS with OpenAPI specs

How FroggerAPI works

Built for security teams that already live in Postman but need clean, strict OpenAPI for Tenable.

1. You upload your Postman collection

Use the web UI or call the public API with a POST. Optionally include a Postman environment file if you rely on variables.

  • Supports Postman v2.1 collections.
  • Optional environment JSON for resolving variables.
  • File size and structure validated up front.

2. FroggerAPI converts to hardened OpenAPI

Under the hood, a dedicated converter walks every request in your collection and builds a strict OpenAPI 3 document.

  • Infers JSON body schemas and tightens them with type + length constraints.
  • Resolves variables into concrete server URLs, paths, and examples.
  • Skips sensitive headers like Authorization so Tenable credentials stay separate.

3. You feed the spec into Tenable WAS

Download JSON or YAML and import directly into Tenable Web Application Scanning as an API scan.

  • Use Tenable’s API / OpenAPI templates for API scans.
  • Cleaner specs mean fewer “permissive input validation” findings.
  • Repeatable process — re-generate the spec whenever your APIs change.

API usage (preview)

Use the UI, or call the public endpoint directly from scripts and CI.

Simple cURL example

Send a Postman collection (and optional environment file) as multipart form-data: 

curl -X POST "https://api.froggerapi.io/api/convert" \
  -F "collection=@your_collection.postman_collection.json" \
  -F "environment=@your_environment.json"

The response body is a strict OpenAPI 3 JSON document. YAML export is handled in the web UI. See Docs for CI/CD examples and integration patterns.

Pricing (preview)

Start free with the public converter. Pro and on-prem options are in active design.

Free (Preview)
$0
Ideal for trying FroggerAPI and ad-hoc conversions.
  • Convert Postman collections up to ~2MB.
  • Web UI + basic API usage.
  • No login required; rate limited.
Pro (Coming soon)
$19–$29/month
For teams integrating conversion into CI/CD.
  • Larger collections (10–20MB).
  • Private API key & higher rate limits.
  • Conversion history and validation checks.
Enterprise
Contact
On-prem / VPC deployments for regulated environments.
  • Run entirely inside your VPC or on-prem.
  • Unlimited collection sizes, SSO, and audit logs.
  • SLA, support, and custom policy enforcement.

Security & deployment

Built for security-sensitive environments: healthcare, finance, internal APIs, and locked-down VPCs.

How your data is handled

  • No long-term storage of collections or specs on the public demo.
  • Collections are processed in-memory and returned as a single OpenAPI file.
  • No AI model calls; conversion is pure deterministic code.

For customers that can’t send data outside their own environment, FroggerAPI is designed to run as a container inside your VPC or on-prem — the public site is just the tip of the iceberg.

Preview: HTTPS fronted by ALB / API domain
WAF / ALB hardening in progress before GA
Designed for private / on-prem deployment

Roadmap

CI/CD integration (convert before every scan) Spec history & diffing Policy linting & security checks Tenant-aware workspaces & API keys

If you want to be part of the design partner group (especially if you’re already using Tenable WAS at scale), reach out and help shape the roadmap.

Email: feedback@froggerapi.io

Future enhancements

Ideas on the roadmap as we move from preview to GA.

API security linting

Static analysis on your generated OpenAPI to flag weak patterns, missing constraints, and common AppSec issues.

  • Detect overly-permissive schemas.
  • Suggest tighter patterns and formats.

Spec diffing & history

Track changes to your specs across runs and environments for easier reviews and approvals.

  • See what changed between versions.
  • Integrate with CI for gated deployments.

Workspace & teams

Tenant-aware workspaces with shared history, API keys, and role-based access.

  • Invite collaborators in your org.
  • Per-tenant usage tracking and limits.

Ready to see your Postman collection as a Tenable-ready OpenAPI spec?

Upload a collection, get a strict OpenAPI spec back, and import directly into Tenable WAS. No signup required for the preview.