const response = await fetch('https://api.example.com/endpoint', { method: 'GET',});const data = await response.json();console.log(data);
Related Tools
API Mock GeneratorFake REST API with JSON schema
JSON → TypeScriptInterface & type generator
JSON Dashboard GeneratorCharts · filters · React export
JSON FormatterFormat & validate
JWT DecoderDecode & verify tokens
Base64 Encoder/DecoderEncode & decode instantly
URL Encoder/DecoderPercent-encode & decode
Timestamp ConverterEpoch → date, batch, timezonesAPI Request Tester & Code Generator — Free Postman Alternative
Features
$.data.items[0] to extract nested fields live from the response body{{VAR}} substitution in URL, headers, and body with multi-env supportAbout this tool
Test APIs Live and Generate Code in 12 Languages — No Install, No Account
You need to hit an API endpoint right now — see what it returns, verify a header is set, confirm a POST with JSON is accepted. Opening Postman means finding the window, maybe logging in, clicking through a workspace. Reaching for the terminal means typing a full curl command and squinting at raw output. You just want to send a request and see the response.
That is what this tool is for. Paste the URL, pick the method, add headers and body in the tabs below the URL bar, click Send. The response appears in under a second — HTTP status, response time, body size, and the full JSON highlighted with colour-coded keys, values, arrays, and booleans. No install. No account. No workspace setup.
Beyond quick testing, the tool solves the most common translation problem: API docs give you cURL, you need Python, Go, or Axios. Configure your request once and every language tab updates instantly — 12 outputs in parallel: JavaScript Fetch, Axios, XMLHttpRequest, Node.js 18+, cURL, Python requests, PHP cURL, Ruby net/http, Go net/http, C# HttpClient, Jest tests, and Pytest tests.
The left sidebar works like Postman's. Collections at the top — save any request with a name and folder, click to restore. Request history below — every request you send is logged with the date and time, click any entry to reload it instantly. Both are stored in IndexedDB, which survives browser restarts reliably.
Cross-device sync via GitHub Gist. Click the GitHub icon in the toolbar, paste a Personal Access Token with gist scope, and click Sync Now. The tool creates a private secret Gist and syncs automatically — 5 seconds after any collection add, delete, or history update. Open the tool on a second device with the same token and your entire workspace appears. Deletions propagate: if you delete a collection on one browser, it disappears on all others after the next sync. History clears propagate the same way, so cleared history never comes back from another device.
When the JSON response is 500 lines deep, use the JSONPath filter above the response body to pull out exactly what you need. Type $.data.users[0].email to see only that value. Use $.items[*] to get every array element. The filter runs live — no button press needed.
When you need to verify a deploy didn't break an API, pin the before-deploy response with the 📌 Pin button. Deploy, send the same request, click ⇄ Diff — a side-by-side modal shows exactly what changed in the body, status code, and timing.
When a colleague needs to reproduce your request, click ⇡ Share to copy a link that encodes the entire request — URL, method, headers, body, auth — as a URL parameter. Anyone who opens it has the full request pre-loaded.
For recurring API work, save requests to named collections in the left sidebar. Create dev, staging, and prod environments with {{API_KEY}} and {{BASE_URL}} variables that swap automatically. Set a Base URL in Settings so you type only the path for each request. Export your full workspace as a JSON file to back it up or share with a teammate.
All requests go directly from your browser to the API. Nothing passes through the tool's servers except when you explicitly use the CORS proxy. Your tokens, passwords, and API keys stay on your device.
How to Use
- 1Select HTTP method and enter the URLClick the method dropdown and select GET, POST, PUT, PATCH, DELETE, HEAD, or OPTIONS. Paste your endpoint URL into the URL bar. If all your endpoints share the same host, open Settings and set a Base URL prefix — then type only the path (like /users) for each request.
- 2Configure your requestUse the tabs above the response area: Params for query string parameters (with per-row enable/disable), Headers for custom headers, Body for JSON/form/raw/GraphQL payload (Content-Type injected automatically), Auth for Bearer token, Basic Auth, or API Key, Env for environment variable sets, Settings for timeout and redirect options.
- 3Send and inspect the responseClick Send or press Ctrl+Enter. The Response panel shows the status code, response time, and body size. Use the JSONPath filter to drill into specific fields. Check the Headers tab for response headers and Cookies for Set-Cookie values. Copy the body or download it with the action buttons.
- 4Save to collectionsClick "+ Save" in the Collections panel on the left sidebar to name the current request and assign it to a collection (new or existing). Click any saved request to restore it instantly. To delete: click × on the request or × on the collection name. All data stored in IndexedDB — no account needed.
- 5Set up GitHub Gist sync (optional)Click the GitHub icon in the toolbar. Create a Personal Access Token at github.com/settings/tokens with gist scope and paste it in. Click Save settings, then Sync Now. The tool finds or creates a private Gist and syncs automatically 5 seconds after any change. On another device, enter the same token and your collections and history appear.
- 6Keep your Gist private — never store real credentials in itGitHub private Gists are not truly encrypted — they are unlisted links. Anyone who has your Gist URL or Gist ID can read the full contents without logging in. Never share your Gist URL, Gist ID, or Personal Access Token with anyone. Do not save real API keys, Bearer tokens, or production credentials in collections that sync to Gist — use placeholder values or environment variables instead. For maximum privacy, skip Gist sync and use Export workspace to transfer collections manually.
- 7Use environment variables (optional)Open the Env tab to add key-value pairs like BASE_URL and API_KEY. Create multiple environments (dev, staging, prod) with the + button. Use {{VAR_NAME}} in the URL, headers, or body — values substitute automatically when you generate code or send a request.
- 8Compare responses with diff (optional)Click Pin to save the current response as a baseline. Change your request or environment, send again, then click Diff to open a side-by-side comparison — status, size, response time, and full body. Useful for regression testing after a deploy.
- 9Copy the generated codeSwitch to the Code tab and select any of the 12 languages. The Jest and Pytest tabs generate complete test files pre-filled with your URL, headers, and body. Export the full workspace from Settings to back up everything as a JSON file.
Common Use Cases
All 12 Supported Languages — Libraries and Install Commands
| Language | Library / Client | Install | Best For |
|---|---|---|---|
| JavaScript (Fetch) | Built-in browser API | None | Frontend apps, React, Vue, browser scripts |
| JavaScript (Axios) | axios | npm install axios | React, Vue, Node.js with interceptors and retries |
| XMLHttpRequest | Built-in browser API | None | Legacy browsers, IE11 support, progress events |
| Node.js | Built-in (Node 18+) | None | Server-side JS, Next.js API routes, Express |
| cURL | CLI tool | Built-in on macOS/Linux | Terminal testing, shell scripts, CI/CD pipelines |
| Python | requests | pip install requests | Scripts, data pipelines, Django/Flask backends |
| PHP | cURL (libcurl) | Built-in | WordPress, Laravel, legacy PHP backends |
| Ruby | net/http | Built-in | Rails backends, Ruby scripts |
| Go | net/http | Built-in (standard library) | Go microservices, CLI tools |
| C# | HttpClient (.NET) | Built-in (.NET 2.2+) | .NET APIs, ASP.NET Core, Blazor backends |
| Jest | axios + jest | npm install jest axios | JavaScript API integration tests |
| Pytest | requests + pytest | pip install pytest requests | Python API integration tests |
All requests fire directly from your browser to the target API — the tool's servers are never involved in normal operation. Your Bearer tokens, Basic Auth credentials, and API keys exist only in your browser tab's memory and are never logged, stored remotely, or transmitted anywhere other than the API endpoint you specify.
Collections and request history are stored in your browser's IndexedDB — they stay on your device. GitHub Gist sync is entirely optional: when enabled, data is pushed to your own private Gist on your GitHub account via the GitHub API. The tool never sees your Gist data.
When you use the CORS proxy, requests are routed through corsproxy.io. Avoid using the proxy with sensitive production credentials and prefer server-side code (Node.js, Python, Go) for authenticated requests in production environments.
A Lightweight Postman and Insomnia Alternative — No Install Required
If you search "postman alternative no install" or "rest client browser free", you have probably hit one of two walls: Postman now requires an account and pushes toward paid plans, and Insomnia had a controversial forced-cloud-sync change that drove many developers away. Both require a desktop install that is blocked on many corporate machines.
This tool requires nothing. Open it in a tab and you are testing APIs in seconds. Requests go from your machine directly to the API — nothing is routed through the tool's servers in normal operation.
What you get for free with no account:
- Live API testing with syntax-highlighted JSON responses, response time, and body size - Code generation in 12 languages — the thing Postman doesn't do well - Postman-style left sidebar with Collections and History, stored in IndexedDB - GitHub Gist sync for cross-device access — collections and history follow you everywhere, deletions propagate - Environment variables for dev/staging/prod credential swapping - Shareable request links that encode the entire request in a URL parameter - Response diff — compare before/after responses side-by-side - JSONPath filtering to extract specific fields from deep nested JSON - Workspace export/import as plain JSON — no cloud account required - CORS proxy via corsproxy.io for APIs that block browser requests - Postman Collection v2.1 and Insomnia v4 import
The one thing this tool does that Postman doesn't: the moment you have a working request, switch to Fetch, Python, Go, C#, or any other language and copy ready-to-run production code — no translation, no boilerplate, no documentation to reference. That is the feature developers come back for every day.
Frequently Asked Questions
Open the tool in your browser, paste your API endpoint URL, select the HTTP method (GET, POST, PUT, etc.), add headers or body in the tabs below the URL bar, and click Send. The response appears instantly — status code, response time, body, and headers — with no install, no account, and no setup. Works on any device including Chromebooks and restricted work machines where installing desktop apps is blocked.
Click the "+ Save" button in the Collections panel on the left sidebar to name your request and assign it to a collection. Collections and request history are stored in your browser's IndexedDB — no account needed. To sync across devices, click the GitHub icon in the toolbar, paste a GitHub Personal Access Token with gist scope, and click Sync Now. The tool creates a private Gist and syncs automatically whenever you add or delete requests. Open the same tool on another device, enter the same token, and your collections and history appear instantly.
GitHub Gist sync backs up your collections and request history to a private secret Gist on your GitHub account. To set it up: create a Personal Access Token at github.com/settings/tokens with the gist scope, paste it in the GitHub sync panel (GitHub icon in the toolbar), and click Sync Now. On first sync the tool either finds an existing backup Gist or creates a new one. Auto-sync triggers 5 seconds after any add or delete. Deletions propagate — if you delete a collection on one browser, it disappears on all others after sync. History clears propagate the same way.
Open the Auth tab in the request section. For Bearer token authentication, select Bearer Token and paste your JWT or token — it is added as Authorization: Bearer automatically. For API key authentication, select API Key, enter the header name (e.g. X-API-Key) and value, and choose whether it goes in a header or query parameter. For Basic Auth, select Basic Auth and enter username and password — they are base64-encoded automatically. All auth details are included in the generated code for every language.
CORS errors happen when the API server does not include the Access-Control-Allow-Origin header, so the browser blocks the request. When this happens the tool shows a Retry with CORS Proxy button — click it to re-route the request through corsproxy.io, which adds the missing header so the response reaches your browser. Do not use the proxy with sensitive credentials. For production code, the real fix is to configure CORS headers on your API server. Note: cURL, Python, PHP, Ruby, Go, and C# generated code runs server-side and is never affected by CORS.
Reconstruct the request in the tool: paste the URL, set the method, add -H headers in the Headers tab, add the -d body in the Body tab (select JSON for a JSON body), set up auth in the Auth tab. Then switch to the Code tab and select Python, Fetch, Axios, Go, Ruby, PHP, C#, or any other language to get the equivalent code. All 12 languages are available simultaneously — no manual translation needed.
In the Body tab, select GraphQL. Two fields appear: a Query editor for your GraphQL query and a Variables field for a JSON variables object. Enter your query (e.g. { user(id: "1") { name email } }) and variables, then click Send. The tool posts the standard {"query":"...","variables":{...}} JSON to your endpoint. Switch to any language tab in the Code section to get the implementation in Fetch, Axios, Python, Go, and more.
Yes. Select POST from the method dropdown, enter your URL, open the Body tab, choose JSON, and type your payload. Code for all 12 languages generates instantly — JavaScript fetch with JSON.stringify(), Axios with the data field, Python requests with json={}, PHP curl_setopt with json_encode(), Go with bytes.Buffer, C# with StringContent. All generated code sets Content-Type: application/json automatically. Click Send to test the POST live before writing any code.
Open the Env tab and create two environments — dev and prod — using the + button. In each, add a BASE_URL variable with the respective value (e.g. https://dev-api.example.com and https://api.example.com). Use {{BASE_URL}} in your URL bar. Switch environments by clicking the tab name — every {{VAR}} in your URL, headers, and body substitutes automatically before code is generated or a request is sent.
Use environment variables in the Env tab. Add a variable named API_KEY with your actual key value, then use {{API_KEY}} in your Auth field or URL. The generated code contains the {{API_KEY}} placeholder rather than the real value — replace it with process.env.API_KEY (Node.js), os.environ["API_KEY"] (Python), or your framework equivalent before committing. This prevents accidental exposure when sharing code or filing bug reports.
After receiving a response, click Pin in the response action bar to save it as a baseline. Then change your request (different params, different environment, after a deploy) and click Send. Click Diff to open a side-by-side modal showing pinned and current responses — status codes, response times, sizes, and full bodies. Useful for confirming a deploy did not change the response shape.
After receiving a JSON response, use the JSONPath filter input above the response body. Type a path like $.data.users[0].name or $.items[*] to extract a specific value or array. The result updates live as you type. Use $.key for an object key, $.arr[0] for the first element, $.arr[*] for all items. Clear the filter to return to the full response.
Click the Import button in the toolbar and select your exported .json file. The tool reads it locally — nothing is uploaded. For Postman, export as Collection v2.1. For Insomnia, export as v4 format. If the file has one request it loads immediately; for collections with multiple requests, a picker modal appears. All fields populate automatically: method, URL, headers, body, auth, and GraphQL query. Switch to any language tab to get the code.
Configure your request in the tool, then switch to the Code tab and select Jest (JavaScript) or Pytest (Python). The generated code is a complete test file with two test cases: one asserting a 200 status and a defined response body, and one testing 401/403 handling with an invalid token. Both are pre-filled with your actual URL, headers, and body. Copy the file into your test suite and add specific assertions based on the response shape you see in the Response panel.
Click the Share button in the toolbar. The tool encodes your entire request — method, URL, query params, headers, body, and auth settings — as a base64 string in the URL and copies the link to your clipboard. Anyone who opens the link has the full request pre-loaded. Useful for bug reports with a reproducible request, debugging with colleagues, or bookmarking endpoints you use frequently. Auth tokens are included in the link so only share with trusted recipients.
No — avoid storing real production API keys or tokens in collections that sync to Gist. GitHub "private" Gists are not encrypted — they are unlisted links. Anyone who has your Gist URL or Gist ID can read all your saved collections without needing a GitHub login. Never share your Gist URL, Gist ID, or Personal Access Token with anyone. Use environment variables with placeholder names ({{API_KEY}}) in saved requests and substitute real values locally. For maximum privacy, skip Gist sync and use the Export workspace option to transfer collections manually.