Build, send, and inspect HTTP requests with full control over method, headers, and body.Instantly view status codes, response headers, and formatted response bodies. Ideal for API development, debugging, and learning HTTP fundamentals.
An HTTP Request Tester (also called an API client or REST client) is a tool that lets you
craft, send, and inspect HTTP messages directly from your browser. It is an essential companion for backend developers, QA engineers, API designers,
and anyone who works with web services. Instead of writing boilerplate code or using a command‑line
tool like curl, you can interactively build requests, tweak headers, and instantly see
the server's response — all in a visual, user‑friendly interface.
This tool supports the full suite of HTTP methods: GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS. You can add
arbitrary headers, choose from multiple body formats (JSON, form‑urlencoded, plain text), and
optionally generate a curl command to share or reproduce your request. The response is
displayed with syntax‑highlighted JSON, status codes, timing information, and response headers.
At a glance
curl commands from your tests to embed in scripts or pipelines.
When you click Send Request, the tool builds a fetch request
using the parameters you provided. The URL is validated, the selected method is applied, and
any custom headers are merged. If a body is present, it is serialized according to the chosen
body type (application/json, application/x-www-form-urlencoded, or text/plain). The request is then sent asynchronously.
The response is captured and parsed: the status code and status text are displayed, the response time is measured (from request start to full response), and the response headers are normalized into a readable list. If the response is JSON, it is pretty‑printed with syntax highlighting. For non‑JSON responses (HTML, XML, plain text), the raw body is shown in a monospace box. Errors such as network failures, CORS blocks, or invalid URLs are caught and displayed with actionable messages.
All processing happens entirely in your browser. No request data is sent to our servers, stored in logs, or shared with third parties. This makes the tool safe for testing private or internal APIs.
https://).
Add headerto include authentication tokens, content types, or custom metadata.
Send Requestbutton. The response will appear below the form.
Bodyand
Headerstabs to examine the server’s reply.
Generate cURLbutton to get a ready‑to‑use command, or copy the response for documentation.
A fintech startup integrates with a third‑party payment API. The API requires a specific X-API-Key header and a JSON payload with amount, currency,
and card_token. Before writing production code, the team uses this HTTP Request
Tester to manually verify the endpoint's behavior. They send a POST request with the required
headers and inspect the response — including the id of the created transaction and
the status field. They also test error scenarios by sending malformed payloads,
observing HTTP 400 responses with descriptive error messages. This rapid feedback loop saves
hours of debugging and ensures the integration is correct before it reaches the codebase.
A mobile development team notices that their app occasionally fails to load user profiles.
Using this tool, they replicate the app's request: a GET to https://api.example.com/users/me with an Authorization: Bearer <token> header. The response returns a 403 Forbidden with a message Token expired
.
They then test the refresh token flow by sending a POST to the refresh endpoint,
verify the new token works, and confirm the fix. The ability to quickly isolate the issue
without touching the app's code or using a heavy debugging proxy streamlines the entire process.
Understanding HTTP semantics is crucial for building robust APIs. Below is a quick reference to the most common methods and status codes.
| Method | Purpose | Idempotent | Safe | Body allowed |
|---|---|---|---|---|
GET
|
Retrieve a resource | ✓ | ✓ | No |
POST
|
Create a new resource | ✗ | ✗ | Yes |
PUT
|
Replace a resource entirely | ✓ | ✗ | Yes |
PATCH
|
Partially update a resource | ✗ | ✗ | Yes |
DELETE
|
Remove a resource | ✓ | ✗ | Maybe |
HEAD
|
Same as GET, but only headers | ✓ | ✓ | No |
OPTIONS
|
Describe communication options | ✓ | ✓ | No |
| Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request succeeded. The response contains the requested data. |
| 201 | Created | Resource successfully created (usually after POST or PUT). |
| 204 | No Content | Request succeeded, but no response body (common for DELETE). |
| 400 | Bad Request | Malformed syntax or invalid parameters in the request. |
| 401 | Unauthorized | Authentication missing or invalid. |
| 403 | Forbidden | Authenticated but not authorized to access the resource. |
| 404 | Not Found | The requested resource does not exist. |
| 405 | Method Not Allowed | HTTP method not supported for this endpoint. |
| 429 | Too Many Requests | Rate limiting has been exceeded. |
| 500 | Internal Server Error | Server‑side error; generic catch‑all. |
| 502 | Bad Gateway | Upstream server error (proxy/gateway). |
| 503 | Service Unavailable | Server is temporarily unable to handle the request. |
Access-Control-Allow-Origin header in its response, the browser blocks
the request. This tool respects the browser's CORS policy. To avoid CORS issues, use
an endpoint that allows your origin, or test with a server that supports CORS.
Many public test APIs (like jsonplaceholder.typicode.com) are CORS‑enabled.
fetch API. We do not proxy, log, or store any request or response data.
Your API keys, tokens, and payloads remain on your device. This tool is designed with
privacy as a core principle, making it safe for testing internal or sensitive endpoints.
POST request with a JSON body containing a query field (and optionally variables). Simply set the method to POST, add a Content-Type: application/json header, and enter your GraphQL query in
the JSON body. The tool will handle the request and display the response just like
any other JSON API.
curl command. This command can be copied and pasted into
a terminal to reproduce the request outside the browser. It's useful for sharing
test cases with colleagues, embedding in scripts, or debugging in a command‑line
environment. The command is generated client‑side using a rule‑based builder.