Deep linking to OpenAPI on someone else's computer

by Jeremy Jay

Sharing API details with your team or partners should be simple—but staying private while doing so? That’s a much bigger challenge.

Most API tools rely on a web application to share links, combining server-side storage with user accounts and identifiers. While this works, it comes with a significant downside: every step of the process—upload, permissions, link creation, verification, and sharing—can expose your API to tracking and data leakage. Proxies, CDNs, firewalls, analytics, web browsers and extensions, are all potential points where sensitive information might be logged or shared. Even worse, do you really know if that vendor sent your API document to a third party just to share a link with their team?

With Callosum, I took a different approach: an offline-first, privacy-friendly way to share links to API endpoints without relying on any external servers.

How it works

Callosum uses a custom URL scheme (callosum://), a common and well-supported technique (macOS, Windows), to avoid HTTP requests entirely. Instead of storing your OpenAPI document on a remote server, Callosum defines a custom OpenAPI extension: x-6a-deeplink-id.

Here’s the process:

• When you save an OpenAPI document in Callosum, it generates a random, unique Deeplink ID which is saved to the info section.
• Share the OpenAPI document with your team through a secure file transfer service. We don’t want a copy of it!
• Internally, Callosum keeps a cache of the Deeplink IDs you’ve opened and the path to the files that contained them, and this cache stays on your computer.
• Share a link to API Endpoints with your team through your preferred secure messaging platform. No web servers to hit, no accounts or permissions to manage for your team, and no third-party exposure risks.
• When someone opens a shared link, Callosum locates the right document, asks to open it, and then selects the shared endpoint automatically.

Why It Matters

This approach protects your privacy and simplifies collaboration. Instead of juggling permissions or worrying about security risks, you can focus on what matters: building reliable APIs.

Callosum keeps your workflow secure, private, and fully under your control. And this is just one of the features designed to make your API development smarter and safer. Give it a try and see how it can transform your team’s approach to API sharing and development!