HTTP Request Builder

Send HTTP requests directly from the browser and inspect responses

โš  Browser requests are subject to CORS. Cross-origin APIs without proper CORS headers will fail. For unrestricted requests, use curl or a backend proxy.

About this tool

The HTTP Request Builder lets you construct and fire HTTP requests from your browser โ€” set the method, URL, custom headers, and request body, then inspect the response status, headers, and body. It is a lightweight alternative to Postman for quick API testing without leaving the browser.

When to use it

  • โ†’Testing REST API endpoints during development without installing desktop tools
  • โ†’Quickly verifying authentication headers and response formats
  • โ†’Debugging webhook payloads by sending POST requests with custom bodies
  • โ†’Checking CORS headers and response codes from public APIs

Tips

  • โ—†Browser requests are subject to CORS โ€” cross-origin APIs that don't set Access-Control-Allow-Origin will fail. Use a CORS proxy or test same-origin APIs.
  • โ—†Set Content-Type: application/json when sending JSON bodies so the server parses the body correctly.
  • โ—†For APIs requiring Bearer token auth, add an Authorization header with value: Bearer <your-token>.

Frequently asked questions

Why do I get a CORS error even though the API works in my app?

CORS (Cross-Origin Resource Sharing) errors occur when a browser blocks a request to a different domain that hasn't explicitly allowed your origin. Your app works because it runs on the same domain as the API, or the API is configured to allow your app's domain. Browser-based testing tools run from a different origin (the tool's URL), which the API may not allowlist. Native HTTP clients like curl and Postman bypass CORS entirely because they're not browsers.

What is the difference between GET, POST, PUT, PATCH, and DELETE?

GET retrieves data โ€” idempotent, no body. POST creates a new resource โ€” non-idempotent (calling twice creates two records). PUT replaces a resource completely โ€” idempotent. PATCH partially updates a resource โ€” may or may not be idempotent depending on implementation. DELETE removes a resource โ€” idempotent. HEAD is like GET but returns only headers, no body.

How do I send a JSON body in a POST request?

Set the method to POST, add a header Content-Type: application/json, and paste your JSON into the body field. The Content-Type header tells the server how to parse the body. Without it, many APIs return a 400 Bad Request or silently ignore the body.

What is the difference between query parameters and a request body?

Query parameters are appended to the URL (e.g. /api/users?page=2&limit=10) and are visible in logs and browser history โ€” use for filtering and pagination. The request body carries data in the message payload, not the URL โ€” use for creating/updating resources and for sensitive data that shouldn't appear in logs. GET requests conventionally have no body; POST/PUT/PATCH use the body.

Related tools

Regex TesterDiff CheckerCRON Expression Tester
๐Ÿฅท ToolNinja