API Response Tester

Free API Tester -- Test REST Endpoints in Your Browser

The Toololis API Response Tester lets you send HTTP requests to any API endpoint and inspect the response -- status code, headers, body, and latency -- all from your browser. Think of it as a lightweight Postman or Insomnia that requires zero installation. Supports GET, POST, PUT, PATCH, and DELETE methods with custom headers and JSON request bodies.

How this API tester works

When you click Send, the tool uses the browser's native fetch() API to make an HTTP request to the URL you specified. The response is captured along with timing data and displayed in a formatted view. JSON responses are automatically pretty-printed with syntax highlighting. Everything happens client-side -- your API keys, tokens, and response data never touch our servers.

Understanding HTTP status codes

• 2xx (green) -- Success. 200 OK, 201 Created, 204 No Content
• 3xx (blue) -- Redirection. 301 Moved, 302 Found, 304 Not Modified
• 4xx (orange) -- Client error. 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 429 Too Many Requests
• 5xx (red) -- Server error. 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable

Testing different HTTP methods

REST APIs use HTTP methods to indicate the type of operation:

• GET -- retrieve data (read-only, no body)
• POST -- create a new resource (send JSON body)
• PUT -- replace an entire resource (send full JSON body)
• PATCH -- partially update a resource (send only changed fields)
• DELETE -- remove a resource

Common headers you might need

• Authorization: Bearer <token> -- JWT or OAuth2 bearer token
• Content-Type: application/json -- required for JSON request bodies
• Accept: application/json -- request JSON response format
• X-API-Key: <key> -- API key authentication
• Cache-Control: no-cache -- bypass caching

Understanding CORS limitations

Cross-Origin Resource Sharing (CORS) is a browser security mechanism that restricts which domains can access an API. When testing a third-party API from this browser-based tool, the API server must include the header Access-Control-Allow-Origin: * (or your specific origin) in its response. If the API does not support CORS, the browser will block the response and you will see a CORS error. In that case, use server-side tools like curl, Postman Desktop, or a CORS proxy.

APIs that support CORS include most public REST APIs (JSONPlaceholder, GitHub API, OpenWeatherMap, etc.), APIs behind API gateways with CORS configured, and any API you control where you have added the CORS headers.

Testing GraphQL APIs

While this tool is designed for REST APIs, you can also test GraphQL endpoints. Set the method to POST, the URL to your GraphQL endpoint, add a Content-Type: application/json header, and send a JSON body with your query:

• {"query": "{ users { id name email } }"}
• {"query": "mutation { createUser(name: \"John\") { id } }"}

Free public APIs for testing

• JSONPlaceholder -- https://jsonplaceholder.typicode.com/posts -- fake REST API for testing
• HTTPBin -- https://httpbin.org/get -- returns your request details back
• Dog CEO -- https://dog.ceo/api/breeds/image/random -- random dog images
• Open Meteo -- https://api.open-meteo.com/v1/forecast?latitude=52.52&longitude=13.41¤t_weather=true -- weather data