Skip to main content

Overview

Threat Modeling becomes significantly more accurate and efficient when API schemas and request collections flow into the system automatically. Snapsec supports two primary adapter-driven integrations:
Swagger Integration (via Adapter)

Postman Integration (via Adapter)
These adapters import, sync, and refresh API routes — ensuring your threat models always reflect the latest system behavior.

Swagger Integration (Adapter-Driven)

Swagger Integration Overview

Swagger/OpenAPI files help identify:
  • Endpoints
  • HTTP methods
  • Request/response schemas
  • Parameter and authentication details

What the Adapter Does

  • Imports OpenAPI/Swagger specs directly into Snapsec
  • Discovers all API paths, parameters, and operations
  • Syncs updated swagger files without manual re-upload
  • Auto-generates threat scenarios for newly detected endpoints
  • Flags outdated or missing Swagger definitions

Ideal For

Teams using OpenAPI-first or schema-driven API development.

Postman Integration (Adapter-Driven)

Postman Integration Overview

Postman collections represent real-world API behavior and testing flows.

What the Adapter Does

  • Syncs Postman collections into the Threat Modeling workspace
  • Extracts endpoints, variables, headers, and authentication
  • Detects dynamic request flows and chained operations
  • Auto-maps threats to each Postman-defined request
  • Tracks changes in collections over time

Ideal For

Teams that manage APIs through Postman or use it for internal testing.

Key Benefits

Automatic Endpoint Discovery

Import and sync API endpoints directly from Swagger or Postman — no manual entry needed.

Continuous Updates

Adapters refresh endpoints automatically when collections or specs change.

Stronger Threat Coverage

More accurate threat modeling thanks to real, up-to-date API definitions.

Reduced Manual Work

Eliminates the need to rebuild threat models whenever APIs evolve.

How Integration Sync Works

Connect the Adapter

Install the Swagger or Postman adapter from the integrations panel.

Authorize or Upload Spec

Connect Postman via API key or upload/URL-link your Swagger file.

Auto-Import API Endpoints

Endpoints, collections, and schema definitions are imported automatically.

Threat Generation

Snapsec analyzes each endpoint and generates OWASP/CWE-aligned threat scenarios.

Continuous Sync

Whenever the source updates, Snapsec re-syncs and updates the threat model.

Example Use Cases

Schema-Driven Threat Modeling

Generate complete threat models from structured Swagger/OpenAPI definitions.

Runtime-Based Threat Mapping

Build threat models from real-world Postman traffic and request flows.

API Change Detection

Detect added, removed, or modified endpoints through continuous synchronization.

Developer-Synced Security

Keep security models aligned with engineering changes automatically.

Next Steps

Connect Swagger or Postman

Enable adapter-driven integrations and start automated threat discovery.