DEV Community

Cover image for Auto OpenAPI Generation — The Network Doesn’t Lie!
Harish Nataraj
Harish Nataraj

Posted on

Auto OpenAPI Generation — The Network Doesn’t Lie!

API Visibility Is Key

Visibility of APIs is a fundamental necessity for governance, security, and productivity. Yet most organizations are unable to answer the following critical questions:

  • What APIs do I have?
  • Are OpenAPI schemas for the APIs documented and maintained?
  • Which APIs process sensitive data?
  • Which users access which APIs, under what roles (or scopes)?
  • Which APIs are external vs. internal?

Annotation Based OpenAPI Generation Is Not Scalable

Disparate Set of Open Source Tools

There are a plethora of (language/framework specific) open source tools that generate OpenAPI specifications at build time, by scanning source code.

They use code level annotations added by developers, to language/framework specific resources, methods, and controllers, to generate schema for APIs.

Java Annotations for Swagger-Core

Java Annotations for Swagger-Core



Examples include Swagger-Core, SpringFox, NSwag / Swashbuckle, Swagger-express / HAPI-Swagger, Django-REST-Swagger / Flask-RESTplus, etc.

These Tools Don’t Scale Well

Polyglot Microservices

Polyglot Microservices

Modern development environments are polyglot in nature, where you find several small teams, using a variety of technology stacks, and disparate programming languages.

These tools don’t scale well in these environments due to the following reasons:

Achieving Consistency Across Teams is Challenging

Achieving Consistency Across Teams is Challenging

  • It is hard to achieve consistency (of API documentation) across so many small teams, disparate programming languages, and variety of language frameworks.
  • Developers need to correctly annotate the code in appropriate places, lest the documentation will be incomplete and inaccurate.
  • Developers need to maintain the annotations as they continuously refactor code, lest the documentation will be incomplete and inaccurate.
  • Annotations are static in nature. When APIs return dynamic objects, the auto documented specification will be incorrect, or incomplete.
  • There is no guarantee that what is auto documented, is the actual wire behavior exhibited by the API.

The Network Doesn’t Lie

APIs transact by exchanging JSON data over the network. This makes the network, the ultimate source of truth for API behavior, and schema.

Harnessing the network to auto discover & auto document APIs, in a consistent and scalable manner, has been challenging until recently.

eBPF Based Automatic OpenAPI Generation

Achieve Consistency & Scale, while Preserving Privacy

eBPF is revolutionary technology, that enables auto documentation of APIs in a consistent, scalable, and language/framework agnostic manner.

Frictionless & Privacy-Preserving API observability

Frictionless & Privacy-Preserving API observability



Levo provides a free service that automatically generates OpenAPI documentation for all your APIs, by passively observing your runtime API traffic via eBPF.

The installation involves a single Helm Chart for Kubernetes, or a single Docker command for other environments. The installation does not require code changes, configuration changes, or SDK additions to your applications.

Ensuring the privacy of your customer data is paramount. You can read more about privacy-preserving features here.

Auto Generate OpenAPI with Sensitive Data Annotations

All APIs active in the runtime environments are auto discovered, and OpenAPI specifications are auto generated for them.

Auto Discovered API Catalog

Auto Discovered API Catalog



OpenAPI specifications are annotated with sensitive data types (PII, PSI, PHI, etc).

Auto Generated OpenAPI Specifications

Auto Generated OpenAPI Specifications



The API documentation is always fresh, and is based on the single source of truth, which is the actual API behavior observed on the network.

Continuously Validate Existing OpenAPI Documentation

Teams building API documentation with an API-First approach, can also benefit.

Cross validate existing OpenAPI documentation with auto generated documentation for accuracy and completeness.

Interested in trying Auto OpenAPI Generation?

OpenAPI Auto Generation — Forever Free

OpenAPI Auto Generation — Forever Free

Levo is a purpose-built, developer-first API security solution that fully automates API Observability, API Documentation & API Testing in CI/CD pipelines.

Signup for a forever free account, and start auto documenting all your APIs within minutes.

Have questions? Contact us at info@levo.ai.

Top comments (0)