API Request Tester
A minimal Postman in your browser — pick a method, add headers and a body, hit send. You get status, timing, size, response headers and pretty-printed JSON. Requests go straight from your browser, so the API must allow CORS (see notes below).
| No requests yet. |
About this tool
The honest CORS note: this tool uses your browser's fetch(), so it can only read responses from APIs that send CORS headers (Access-Control-Allow-Origin). Public APIs like GitHub, most JSON APIs, and anything you build with permissive CORS work fine. APIs without CORS headers will fail with a bare TypeError: Failed to fetch — the request may even have reached the server, but the browser refuses to show you the response. That is a browser security rule, not a bug in the API or this page. For CORS-less APIs use curl or a desktop client.
Custom headers beyond the simple set (Content-Type of JSON, Authorization, etc.) trigger a CORS preflight (OPTIONS) which the server must also allow. Response headers shown are only the ones the browser exposes: the safelist plus anything in Access-Control-Expose-Headers.
Requests go directly from your browser to the URL you enter — nothing passes through legendev.org. History is kept in your browser's localStorage only (last 10 requests, no response bodies) and you can clear it any time. Be careful pasting secrets into headers on shared machines.