REST API Tester Online Free
Send HTTP requests to any API endpoint directly from your browser. Set method, headers, and body. See status code, response time, headers, and the full JSON response. No install, no signup.
Headers
⚠ Requests are made directly from your browser. APIs without CORS headers will fail with a network error — this is a browser security restriction, not a tool bug.
How to Test a REST API
- 1Select the HTTP method (GET, POST, PUT, PATCH, DELETE…) and enter the API endpoint URL.
- 2Expand Headers to add authentication tokens, content type, or any custom headers the API requires.
- 3For POST/PUT/PATCH, expand Request Body and paste your JSON payload.
- 4Click Send. The response panel shows the status code, response time, headers tab, and formatted body.
Browser vs Terminal API Testing
Browser-based API testers are fast for exploring public APIs and APIs that support CORS. For APIs behind authentication, internal endpoints, or those that don't set CORS headers, the browser will block the response — use the cURL Generator tool to build the equivalent command and run it from your terminal where there are no CORS restrictions.
API Testing Tips
Check the Status Code First
2xx = success, 4xx = client error (bad request, not found, unauthorized), 5xx = server error. A 401 means authentication is missing or wrong. A 403 means authenticated but not permitted.
CORS Errors? Use cURL
If you get a network error on a request that works in Postman or curl, it is almost certainly CORS. Use the cURL Generator tool to build the curl command and test from your terminal.
Inspect Response Headers
The Headers tab shows rate-limit info (X-RateLimit-*), cache directives (Cache-Control), and content type. Many API issues are visible in headers before you even look at the body.
Decode JWT Tokens
If the API returns a JWT in its response body, copy it and paste it into the JWT Decoder tool to inspect the claims, expiry, and issuer without any additional setup.
Frequently Asked Questions
What is a REST API tester?
A REST API tester lets you send HTTP requests to any URL and inspect the response — status code, response headers, and body — without writing code or using a command-line tool. It is the online equivalent of tools like Postman or Insomnia, useful for exploring API documentation, debugging integration issues, and verifying endpoint behaviour.
Why do some requests fail with a network error?
Requests from this tool are made directly from your browser using the Fetch API. Browsers enforce the CORS (Cross-Origin Resource Sharing) policy: if the API server does not include the correct Access-Control-Allow-Origin response header, the browser blocks the request before the response can be read. This is a browser security restriction, not a bug. If a request fails with CORS, use the cURL Generator tool to build the equivalent curl command and run it from your terminal — curl is not subject to CORS restrictions.
How do I send a JSON body?
Select POST, PUT, or PATCH. A Request Body panel appears. Paste your JSON there. The tool sends the body as-is with the Content-Type header you specify. Make sure Content-Type: application/json is in your headers if the API requires it.
How do I authenticate with Bearer tokens?
Add an Authorization header with the value Bearer your-token-here in the Headers section. The tool includes all headers you define in the request. For Basic auth, set the Authorization header to Basic followed by the Base64-encoded username:password (use our Base64 Encoder tool to compute it).
Is my request data sent to PublicSoftTools servers?
No. The request is made directly from your browser to the target URL — it does not pass through our servers. PublicSoftTools never sees your request payload, headers, or response data. The only network traffic is between your browser and the API endpoint you are testing.
Can I test HTTPS and HTTP endpoints?
Yes for HTTPS. For HTTP (non-secure) endpoints, most browsers block requests from an HTTPS page to an HTTP endpoint (mixed content restriction). If the API uses HTTP, you may need to run the request from the terminal using curl instead.