Application Programming Interface (API) Testing Tool

Request snapshot

Sending request…

Name:

Method:

URL:

Requests run directly in your browser. The API must explicitly allow your origin, otherwise the browser will block the response (CORS).

On	Key	Value	Remove

On	Header	Value	Remove

Auth type:

Credentials:

User

Pass

Token:

Body is ignored for GET and HEAD. JSON payloads receive automatic prettifying and Content-Type when blank.

Timeout:

Redirects:

Parse cURL:

You can paste the command in the URL field as well.

Response snapshot

Metric	Value	Copy
{{ row.label }}	{{ row.value }}
No response metrics.

{{ formattedBody }}

Preview is available only for HTML responses.

Provide a URL or parse an incoming cURL command to populate the request trace.

Send a request to capture the response trace with status line, headers, body, and timing.

Header	Value	Copy
{{ h.key }}	{{ h.value }}
No headers returned.

Saved requests

Import

Name	Method	URL	Actions
{{ entry.name }}	{{ entry.method }}	{{ entry.url }}
No saved requests yet.

Tags: Devtools , Diagnostics , HTTP

Export to PDF Fullscreen

Include query parameters

Embed:

Customize embed code

Include query parameters

Wrap embed in collapsible toggle

Collapse panel by default

Hide card frame (bare iframe)

Loading behavior

Width

Height

Aspect ratio (width : height)

Max height (optional)

Collapsible heading

Collapsible description (optional)

Allow fullscreen

Referrer policy

Sandbox tokens

HTTP requests are structured messages used to read or change data on web services, and understanding them makes debugging clearer and faster. Seeing the exact request and the full response helps you confirm behavior, compare attempts, and pinpoint issues.

Uniform Resource Locators identify the target, query parameters refine the call, and headers describe preferences and context. A request body carries data for create and update actions, while the response reports status, headers, and text or binary content you can inspect.

You provide a method and a URL, then add optional parameters, headers, and a body. The result shows status and size and time, with JSON prettified and HTML rendered for quick review, so you can test a change and immediately see what improved.

A simple check might send a small JSON object and confirm the echoed fields and a successful code. Another check might replay the same call with a shorter timeout to simulate a slow path and compare the measured time.

Use disposable credentials for experiments and avoid pasting secrets that you cannot rotate quickly.

Technical Details:

HTTP request and response pairs are the observed quantities. The request includes a method, a Uniform Resource Locator (URL), headers, and optionally a body. The response exposes status code and text, headers, a decoded body when textual, the resolved URL, approximate size in bytes, and elapsed time in milliseconds.

Elapsed time is measured from dispatch to response resolution. Size is taken from the received buffer when available. Textual bodies are decoded using the charset from the Content‑Type header when present, otherwise UTF‑8. JSON is detected and pretty‑printed; HTML can be rendered in a preview.

Authentication can attach an Authorization header using Basic credentials once encoded to Base64, or a Bearer token as provided. If a body looks like JSON and no Content‑Type is set, a JSON content type is applied automatically for methods that allow a body.

Interpret results using standard HTTP status families. Success codes indicate an accepted request, redirections point to follow‑up locations, client errors suggest fixes on the caller side, and server errors indicate issues on the service side.

Processing pipeline

Construct the final URL by appending enabled query parameters.
Merge enabled headers and add Authorization for Basic or Bearer when set.
For methods that allow a body, attach the body text; set JSON content type if inferred.
Configure redirect handling and start a timer; apply an optional timeout.
Send the request; record status, status text, resolved URL, and headers.
Clone the response; read a buffer for size; decode text using the detected charset.
Detect JSON for pretty printing; enable HTML preview when the type is HTML.
Build curl‑style request and response traces for inspection and copying.

I/O formats & encoding

Inputs and outputs
Input	Accepted Families	Output	Encoding/Precision	Rounding
URL	Absolute URL with optional query string; fallback concatenation when parsing fails	Resolved URL	String	N/A
Headers	Key–value pairs; case preserved; Content‑Type auto‑set for JSON bodies	Header list	Array of pairs	N/A
Body	Arbitrary text; JSON detection by structure	Decoded text or binary notice	UTF‑8 default; charset from Content‑Type when present	N/A
Auth	Basic user and password; Bearer token	Authorization header	Basic uses Base64 of user:pass	N/A
Response	JSON, HTML, XML, YAML, CSV, text, binary	Status, headers, text body, size, time	Bytes from buffer when available	N/A

Validation & bounds extracted from the code

Field constraints
Field	Type	Min	Max	Step/Pattern	Error Text / Notes	Placeholder
Method	Enum	—	—	GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS	Body ignored for GET and HEAD	GET
URL	String	—	—	Absolute recommended	“No URL provided.” when blank	https://api.example.com/users?limit=10
Timeout	Number (ms)	0	—	Step 100	Abort when exceeded; “Request cancelled.” on manual cancel	9000
Redirect handling	Enum	—	—	follow, error, manual	Applies to fetch redirect behavior	follow
Headers	Pairs	—	—	Enabled rows only	Default Accept: application/json	Accept / application/json
Auth	None / Basic / Bearer	—	—	Basic user:pass, Bearer token	Writes Authorization header	—

Networking & storage behavior

Requests run directly from the browser to the target endpoint. The API must explicitly allow your origin or the browser blocks the response. Saved requests are stored in local storage and can be exported or imported as JSON.

Privacy & compliance

Calls go straight to the URL you specify and no additional services receive the request. Saved entries remain in local storage until you clear them.

Assumptions & limitations

CORS must permit your origin for headers and body to be readable.
Authentication supports Basic and Bearer only.
JSON detection uses structure; malformed JSON is treated as text.
Charset comes from Content‑Type; fallback is UTF‑8.
Large bodies increase memory use and slow formatting Heads‑up.
Elapsed time reflects response resolution, not full render of previews.
HTML preview renders returned markup; treat untrusted content with care.
Redirect handling follows the selected fetch mode; cookies use browser defaults.

Edge cases & error sources

Blank URL triggers a local error message.
Cross‑origin endpoints without proper headers cause blocked reads.
Timeout aborts the request; increasing it can confirm slow paths.
Sending a body with GET or HEAD has no effect.
Incorrect Content‑Type can confuse server parsing.
Wrong charset mis‑decodes text and breaks JSON parsing.
Very large JSON slows pretty printing and copying.
Manual redirect mode requires you to inspect Location headers.
Basic auth exposes user and password in an easily reversible header.
Binary responses show a size note rather than a preview.

Step‑by‑Step Guide:

HTTP API calls with request and response inspection.

Enter the URL of the endpoint.
Choose the Method that matches the action.
Add query parameters and headers as needed.
If the API blocks browser calls, adjust the server CORS policy or test from an allowed origin.
Provide a body for create and update methods; use JSON when appropriate.
Optionally set a Timeout and redirect handling.
Send the request and review status, size, and time.
Open JSON, body, preview, and trace tabs to inspect details.

Example: POST https://api.example.com/items with Content‑Type: application/json and body {"name":"Ada"} then confirm a 201 status and echoed fields.

Repeat with small changes to compare outcomes and confirm fixes.

FAQ:

Is my data stored?

Saved requests are kept in local storage on your device. Requests are sent directly to the APIs you specify; there is no intermediate server.

Why do I get a CORS error?

The server must allow your origin. If it does not, the browser blocks access to headers and body even when the server replies.

How do I send JSON?

Paste valid JSON in the body. If no content type is set, a JSON type is applied automatically for methods that send a body.

Can I preview HTML?

Yes. HTML responses can be rendered in a preview frame for quick inspection.

What does status 0 mean?

It indicates a local error such as a missing URL, a blocked cross‑origin read, a network failure, or a cancelled request.

How do I send a JSON POST?

Select POST, set Content‑Type to application/json, paste a JSON body, then send. Check the JSON tab for prettified output.

Does it work without a network?

You can view and edit saved entries without a network. Sending requests requires connectivity to the target API.

Can I inspect redirects?

Yes. Set redirect handling to manual or error to examine Location headers instead of following them automatically.

Are cookies sent?

Cookies follow browser defaults. There is no explicit control in this interface.

Are there licensing or accounts?

The package contains only client logic and local storage. There are no account or subscription flows in the code.

Troubleshooting:

Check the URL is absolute and reachable.
Remove conflicting headers, especially duplicate content types.
Increase the timeout for slow services.
Switch redirect handling to error to see the status and Location.
Pretty‑print the body to confirm valid JSON.
Use Basic or Bearer, not both at once.
Try the request in a separate tab to confirm server availability.

Cross‑origin blocked responses cannot be inspected. Enable CORS on the server or use a permitted origin.

Advanced Tips:

Tip Keep one Accept header; duplicate entries make negotiation unclear.
Tip Save golden requests and reuse them to catch regressions quickly.
Tip Use manual redirect mode to verify authentication on 302 responses.
Tip Compare elapsed time before and after small header changes.
Tip Inspect response size to spot compression or payload drift.
Tip For Basic auth, use test accounts and rotate passwords often.

Glossary:

HTTP method: Verb that indicates the action such as GET or POST.
URL: Uniform Resource Locator that addresses the target resource.
Header: Key–value metadata attached to requests and responses.
Content‑Type: Header describing how to interpret the body.
Status code: Three‑digit code that classifies the outcome of a request.
CORS: Cross‑Origin Resource Sharing rules for browser access to responses.