Guides

Running endpoints

Send live requests through the server-side proxy and inspect responses.

Updated

The Run tab executes a request against your real API and shows you the response. Requests are sent server-side via /api/execute, so CORS isn’t a problem and your auth tokens never leave the workspace.

The Run tab

Open an endpoint and switch to Run. You’ll see:

  • Server picker — pick which servers[] URL to hit when the spec defines more than one (production, staging, local).
  • Parameters — pre-populated from the operation; fill in values.
  • Headers — auto-filled from any matching workspace credentials and active header profile.
  • Body — auto-seeded from the first example on the request body schema (for POST/PUT/PATCH).
  • Execute — sends the request.

Authentication

Stored credentials at the workspace level are matched by security scheme name. Once you save a credential, every operation that requires that scheme picks it up automatically.

To save credentials: Workspace → Settings → Credentials.

Header profiles

A header profile is a named set of HTTP headers you can stack onto any request — see Header profiles. Use them for X-Request-Id, custom auth, locale headers, or anything you’d otherwise paste every time.

Reading the response

After execute, the response panel shows:

  • Status + status text.
  • Timing — round-trip duration.
  • Size — response body size in bytes.
  • Headers — full response headers.
  • Body — pretty-printed JSON (collapsible) or raw for non-JSON.
  • Schema validation — if your operation defines a response schema, the runner validates the body and shows ✓ matched, or a list of violations.

Long responses (>500 KB) are truncated in storage but show in full at runtime.

Execution history

Every run is logged in the History tab on the same endpoint, retained for 7 days. Click any past execution to:

  • Re-run with the same payload.
  • Save it past the retention window (push the pin icon).
  • Copy the cURL equivalent.

History is per-spec, not per-user — your team sees what’s been run.

Copy as cURL

The action menu on every endpoint has Copy cURL. The generated command includes:

  • The active server URL.
  • All declared parameters with the values you’ve entered.
  • Auth headers from your workspace credentials and active header profile.

Useful for handing off a reproducible call to a colleague or pasting into a terminal.

Rate limits

To protect both you and your upstream APIs, executions are rate-limited:

  • 100 / 5 minutes per user.
  • 1,000 / day per user.

The runner surfaces 429s with a clear retry-after.