Logo
Noddev
ShowcaseDocsBlog
Go to Docs

Welcome

IntroductionEcosystem Overview

Omni (OSINT Platform)

OverviewCore ConceptsSteganographySocial Recon

ApiShield (Security)

Getting StartedRate LimitingThreat Models

Terminal-RichJS (CLI)

IntroductionInstallationComponentsLayouts

Ready to secure your next project?

GitHub Profile

© 2026 NODDEV. All rights reserved.

GitHubTwitterWhatsApp

Getting Started with ApiShield

Comprehensive API security scanning for your applications.

ApiShield is a security scanner for APIs that follows a Pipe and Filter architectural pattern. It decouples the source of API definitions (OpenAPI, Postman, HAR, or Live URLs) from the security analysis logic.

Data Flow

  1. Ingestion: Detects the input type and invokes the corresponding parser.
  2. Normalization: Parsers convert the input into a standardized internal representation (based on OpenAPI 3.0).
  3. Scanning: Iterates through the normalized definition to identify vulnerabilities.
  4. Reporting: Maps findings to the STRIDE threat model and OWASP API Top 10.

Core Modules

ModulePurposeKey Functions
index.jsCLI Entry point & orchestrationmain(), detectInputType()
lib/normalizer.jsCore scanning engine and sensitive data patternsscanSpec(), normalizeSpec(), findSensitiveFields()
lib/config.jsConfiguration management and mergingloadConfig()
lib/reporters/threatModel.jsRisk reporting and STRIDE mappinggenerateThreatModel()

Supported Parsers

  • openapi.js: Standardizes existing OpenAPI specifications.
  • postman.js: Extracts endpoints and schemas from Postman Collections.
  • har.js: Infers API structure and data types from HTTP Archive files.
  • live.js: Probes live endpoints and performs dynamic schema inference from responses.

Next Steps

  • Rate Limiting - Performance considerations
  • Threat Models - Security audit details
PreviousSocial ReconNextRate Limiting
Was this helpful?

On This Page

Data FlowCore ModulesSupported ParsersNext Steps