Thremapi is a project for the REST API security. It is a simple threat modeling tool for APIs based on their OpenAPI/Swagger specifications. It provides an API which could be called with an OpenAPI/Swagger specification. Then, a set of rules is applied on this specification. As a result, a simple risk analysis report is returned as JSON. The report contains basic tips and warnings which reflect the most common security risks in APIs. It also has a very simple UI at https://thremapi.com, which could be used to test and get familiar with the functionality.