CI Integration (optional)

Most organizations use FroggerAPI as a security-owned handoff: Dev → Frogger → Security → Tenable. CI integration is optional for earlier visibility or as a quality gate.

Recommended default

If you do not want to block deployments, run CI in report-only mode:

curl -sS https://froggerapi.io/api/v1/lint?failOn=none \
  -H "X-Tenant-Id: my-tenant" \
  -H "X-Api-Key: $FROGGER_API_KEY" \
  -H "Content-Type: application/json" \
  --data-binary @openapi.json

This captures findings without failing the pipeline. Security can still pull the validated spec/history from Frogger.

What this does

FroggerAPI validates your OpenAPI spec during CI. You can block builds on errors, warnings, or allow everything through.

No spec storage required (lint runs in-memory)
Deterministic CI behavior via curl -f + HTTP 422
Spec hash returned for traceability

Prerequisites

A FroggerAPI Pro subscription
Your OpenAPI JSON file (e.g., openapi.json)
Your X-Api-Key and X-Tenant-Id

Quick start checklist

✔ OpenAPI file is valid JSON (openapi.json)
✔ Use https:// (not http)
✔ Include X-Tenant-Id header
✔ Store API key in CI secrets
✔ Use curl -f so builds fail automatically

One-liner (gate)

Use this only if you want CI to fail on policy violations.

curl -f https://froggerapi.io/api/v1/lint?failOn=errors \
  -H "X-Tenant-Id: my-tenant" \
  -H "X-Api-Key: $FROGGER_API_KEY" \
  -H "Content-Type: application/json" \
  --data-binary @openapi.json

Why curl -f?
-f makes curl exit non-zero when FroggerAPI returns HTTP 422.