The offline API client for teams who can't paste tokens into the cloud.
Testnizer is a free, fully offline desktop app for testing HTTP, SOAP, WebSocket, GraphQL, gRPC and SSE — built by Apinizer for teams in banking, government, insurance and healthcare where production data cannot reach a vendor server.
macOS (arm64 / x64) · Windows (x64 / arm64) · Linux (deb / AppImage)
The four guarantees
Your data never leaves your machine.
Not when you decode a JWT. Not when you sign an XML envelope. Not when you check for updates. Not ever.
100% Offline
Air-gapped networks supported. The app sends API requests only to the targets you configure — never to a vendor server. No login, no account, no telemetry.
Local Storage Only
Workspaces, projects, environments, history, certificates and secrets live in a single SQLite database on your disk. Move it, back it up, delete it — your call.
Internal Git & Local DB
Tests live next to your code in your existing Git repo. Built-in simple-git integration means collections branch and review through your normal PR pipeline.
Zero Data Leakage
The renderer has CSP connect-src self — physically incapable of reaching the public internet. Every API call goes through an audited main-process IPC handler you control.
Why offline matters
Where your data actually goes.
| Concern | Cloud tools | Testnizer |
|---|---|---|
| Where collections live | Vendor cloud workspace | Local SQLite on your disk |
| Where tokens are stored | Synced to vendor servers | OS keychain (Keychain / DPAPI / libsecret) |
| JWT decode | Web app sends token to a remote service | Local crypto — token stays in process |
| WS-Security sign / encrypt | Online tools or separate desktop app | Built-in main process with xml-crypto + Node crypto |
| Telemetry | On by default | None — and no opt-in either |
| Air-gapped network | Doesn't work | Works |
Protocols
Test what enterprise systems actually run on.
Not just REST. SOAP envelopes, gRPC streams, WebSocket sessions, and event streams — first-class, on-device.
HTTP / REST
Methods, params, headers, body, cookies, mTLS, proxy, redirects, multipart with file upload, scripts, assertions.
SOAP / WSDL
WSDL import (URL or file), manual envelope mode, SOAP 1.1 + 1.2, multi-service, multi-port.
WebSocket
ws + wss, custom headers, JSON / text composer, message timeline.
GraphQL
Query, mutation, subscription, schema introspection, variables JSON.
gRPC
.proto import, all four streaming modes, metadata, JSON skeleton from message fields.
Server-Sent Events
Long-lived streams with Last-Event-ID resume.
AI Chat
14 providers (OpenAI, Anthropic, Google, xAI, DeepSeek, Mistral, Groq…) plus Custom URL — streaming, multi-turn.
Built-in tools
All the things you'd otherwise paste into jwt.io.
Every utility runs on-device. No round-trips to a third-party site to "format your JSON" or "decode your token." If the network is off, the tools still work.
- JWT debugger
- WS-Security workbench
- AES / RSA encrypt / decrypt
- XML Signature & Encryption
- JSON / XML formatters
- Base64 / URL / Hex encoders
- JSONPath / XPath / XSLT / Jolt
- Text diff
Migration
Bring your existing collections.
Lossless round-trips for the documented surface — including scripts and variables.
Free. MIT-licensed. No vendor lock-in.
Testnizer is built and maintained by Apinizer. There is no "pro" tier, no cloud workspace upsell, no waitlist for real features. We made it because we needed it ourselves.