Online API Testing Tool
Fire HTTP requests with custom methods, headers and body, and inspect the full response — a lightweight Postman that runs in your browser.
Send a request to see the response here.
Requests are relayed through our server (so CORS never blocks you). Private, loopback and internal addresses are refused, redirects aren't followed, and responses are capped at 1 MB.
A quick API client, no install
When you just need to poke an endpoint — check a webhook, confirm an API returns what you expect, inspect the headers a URL sends back — spinning up Postman or writing a curl command is overkill. Pick a method, paste a URL, add headers or a JSON body, and hit Send. You get the status code, response time, size, headers and a pretty-printed body. There's a cURL tab too, so you can copy the equivalent command for your terminal or a bug report.
Why it goes through our server
Browsers block cross-origin requests (CORS) from arbitrary pages, so a purely client-side tester can't call most APIs. This tool relays your request through our server, which sidesteps CORS entirely. That relay is deliberately locked down: it refuses private, loopback, link-local and cloud-metadata addresses, won't follow redirects, times out after 10 seconds, and caps responses at 1 MB — so it can't be abused to reach internal infrastructure.
FAQ
Can I send authentication headers?
Yes — add an Authorization header (or any custom header) in the Headers tab. They're forwarded to the target, but treat production tokens with care: prefer test credentials when you can, since the request passes through our relay.
Why did I get a 3xx status instead of the final page?
The relay doesn't follow redirects — it returns the 3xx and its Location header so you can see the redirect itself. Put the redirect target in the URL box to follow it manually.
Are my requests logged?
The relay processes your request to fetch the response and doesn't store it. Still, because it isn't a purely local tool, avoid sending highly sensitive production secrets through it.
Free tools are just the start
Deploy your next app on bare-metal cloud with per-second billing — your first app is free, no credit card required.
More free tools
Generate strong, random passwords with a cryptographically secure RNG — entirely in your browser.
Encode text to Base64 or decode it back — UTF-8 safe, with URL-safe variant support.
Percent-encode strings for safe use in URLs, or decode %20-style sequences back to text.
Decode a JSON Web Token's header and payload, check expiry, and verify HS256 signatures.
Generate MD5, SHA-1, SHA-256 and SHA-512 hashes of any text — instantly, in your browser.
Validate JSON with precise error locations, then pretty-print or minify it — with sorted keys if you like.