API Spyder uses a predictive crawling technique on your public domain to discover exposed resources, similar to what Google does when they update their search algorithms. In order to discover your API attack surface, all you need to provide is a top-level domain (e.g. exampledomain.com), and API Spyder will use that to uncover API servers under that domain.