How do I generate an OpenAPI spec from a HAR file?

Capture network traffic in your browser DevTools → Network → right-click → Save all as HAR. Upload that file to Specway. The tool walks every request, groups by host + path pattern + method, infers schemas from request and response bodies, and emits an OpenAPI 3.0 document. Review and clean before publishing.

How does it handle path parameters?

The tool detects numeric segments and replaces them with {id}, UUID segments with {uuid}, and long base64-ish segments with {token}. So /users/42 and /users/43 collapse into /users/{id}. The heuristics aren't perfect — review path parameters in the output and rename them to match your domain.

Are response schemas accurate?

Schemas are inferred from response bodies in your HAR — types are detected (string, integer, number, boolean, array, object), but optional vs required isn't (the tool can't know what fields are sometimes missing without seeing more samples). Treat the output as a starting point, then refine based on your API contract.

How do I capture a HAR file?

Chrome / Edge: open DevTools (F12), go to Network tab, perform the requests, then right-click in the request list → Save all as HAR. Firefox: similar — Network tab → right-click → Save All As HAR. Safari requires enabling the Develop menu first. Both browsers also let you copy individual requests as fetch / curl.

Should I use this for production specs?

No — use it as a bootstrap. The tool gives you a starting OpenAPI spec from real traffic, which is often the fastest way to document an undocumented API. Then refine: add operationIds, polish descriptions, mark required fields, normalize examples, add error responses. For Specway customers, paste the result into the spec editor and iterate.

Does it handle authentication?

Authorization headers from the HAR are preserved as header parameters with placeholder values. To add a proper securityScheme to the spec, manually add components.securitySchemes (Bearer, API key, OAuth2) and reference it from operations. The tool doesn't infer auth scheme type because the same Authorization header could be Bearer JWT, basic, or custom.

How do I generate an OpenAPI spec from a HAR file?

Capture network traffic in your browser DevTools → Network → right-click → Save all as HAR. Upload that file to Specway. The tool walks every request, groups by host + path pattern + method, infers schemas from request and response bodies, and emits an OpenAPI 3.0 document. Review and clean before publishing.

How does it handle path parameters?

The tool detects numeric segments and replaces them with {id}, UUID segments with {uuid}, and long base64-ish segments with {token}. So /users/42 and /users/43 collapse into /users/{id}. The heuristics aren't perfect — review path parameters in the output and rename them to match your domain.

Are response schemas accurate?

Schemas are inferred from response bodies in your HAR — types are detected (string, integer, number, boolean, array, object), but optional vs required isn't (the tool can't know what fields are sometimes missing without seeing more samples). Treat the output as a starting point, then refine based on your API contract.

How do I capture a HAR file?

Chrome / Edge: open DevTools (F12), go to Network tab, perform the requests, then right-click in the request list → Save all as HAR. Firefox: similar — Network tab → right-click → Save All As HAR. Safari requires enabling the Develop menu first. Both browsers also let you copy individual requests as fetch / curl.

Should I use this for production specs?

No — use it as a bootstrap. The tool gives you a starting OpenAPI spec from real traffic, which is often the fastest way to document an undocumented API. Then refine: add operationIds, polish descriptions, mark required fields, normalize examples, add error responses. For Specway customers, paste the result into the spec editor and iterate.

Does it handle authentication?

Authorization headers from the HAR are preserved as header parameters with placeholder values. To add a proper securityScheme to the spec, manually add components.securitySchemes (Bearer, API key, OAuth2) and reference it from operations. The tool doesn't infer auth scheme type because the same Authorization header could be Bearer JWT, basic, or custom.

Free Tool

HAR → OpenAPI (2026)

Generate a starting OpenAPI 3.0 spec from a browser HAR capture. Groups requests by path+method, infers schemas from real request/response bodies, detects path parameters. The fastest way to bootstrap a spec for an undocumented API.

HAR file· 2 operations extracted

{
  "log": {
    "version": "1.2",
    "creator": {
      "name": "Specway",
      "version": "1.0"
    },
    "entries": [
      {
        "request": {
          "method": "GET",
          "url": "https://api.example.com/v1/pets?limit=10",
          "headers": [
            {
              "name": "Authorization",
              "value": "Bearer xxx"
            },
            {
              "name": "Accept",
              "value": "application/json"
            }
          ],
          "queryString": [
            {
              "name": "limit",
              "value": "10"
            }
          ]
        },
        "response": {
          "status": 200,
          "content": {
            "mimeType": "application/json",
            "text": "[{\"id\":1,\"name\":\"Rex\"}]"
          }
        }
      },
      {
        "request": {
          "method": "POST",
          "url": "https://api.example.com/v1/pets",
          "headers": [
            {
              "name": "Content-Type",
              "value": "application/json"
            }
          ],
          "postData": {
            "mimeType": "application/json",
            "text": "{\"name\":\"Fido\"}"
          }
        },
        "response": {
          "status": 201,
          "content": {
            "mimeType": "application/json",
            "text": "{\"id\":2,\"name\":\"Fido\"}"
          }
        }
      }
    ]
  }
}

openapi: 3.0.3
info:
  title: Generated from HAR (api.example.com)
  version: 1.0.0
  description: Generated by Specway from a HAR capture. Review and edit before publishing.
servers:
  - url: https://api.example.com
paths:
  /v1/pets:
    get:
      operationId: getv1pets
      parameters:
        - name: limit
          in: query
          schema:
            type: string
        - name: Authorization
          in: header
          schema:
            type: string
      responses:
        '200':
          description: Response
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
                  properties:
                    id:
                      type: integer
                    name:
                      type: string
              example:
                - id: 1
                  name: Rex
    post:
      operationId: postv1pets
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
      responses:
        '201':
          description: Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  id:
                    type: integer
                  name:
                    type: string
              example:
                id: 2
                name: Fido
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
            example:
              name: Fido

When to use this

Reverse-engineering a third-party API that has no public OpenAPI spec.
Documenting an internal API where the team never wrote a spec — start with what production actually does.
Onboarding to a legacy system: capture the requests you make in a day, generate a spec, refine.

How to capture a HAR file

Open DevTools (F12 / Cmd+Opt+I) and go to the Network tab.
Make sure recording is on. Optionally check "Preserve log" if you'll navigate across pages.
Perform the requests you want documented.
Right-click any request → Save all as HAR.
Upload the resulting .har file here.

What the converter does (and doesn't do)

Does: group requests into operations, detect numeric and UUID path parameters, infer JSON schemas from real request/response bodies, preserve auth headers as header parameters, attach example payloads, set the server URL from the host.

Doesn't: distinguish required vs optional fields (would need more samples), detect auth scheme types (Bearer vs Basic vs custom), handle multipart bodies cleanly, infer descriptions or operation summaries. Treat the output as 60% — the last 40% is human polish.

Ship API docs that stay this clean

Specway turns your OpenAPI spec into a branded developer portal — auto-synced, searchable, with built-in playground and code samples in every language. Free tier available.

Related tools

OpenAPI Validator

Validate the generated spec.

OpenAPI Linter

Find quality issues in the bootstrap spec.

OpenAPI Viewer

Browse the operations the tool extracted.

cURL → Code

Convert single requests to client code.

Frequently asked questions

openapi: 3.0.3 info: title: Generated from HAR (api.example.com) version: 1.0.0 description: Generated by Specway from a HAR capture. Review and edit before publishing. servers: - url: https://api.example.com paths: /v1/pets: get: operationId: getv1pets parameters: - name: limit in: query schema: type: string - name: Authorization in: header schema: type: string responses: '200': description: Response content: application/json: schema: type: array items: type: object properties: id: type: integer name: type: string example: - id: 1 name: Rex post: operationId: postv1pets parameters: - name: Content-Type in: header schema: type: string responses: '201': description: Response content: application/json: schema: type: object properties: id: type: integer name: type: string example: id: 2 name: Fido requestBody: required: true content: application/json: schema: type: object properties: name: type: string example: name: Fido

What the converter does (and doesn't do)