Testnizer
EN TR
Download

Everything in one app. Everything on-device.

Testnizer covers the full enterprise API surface — REST, SOAP, gRPC, GraphQL, WebSocket, SSE, Socket.IO and MCP, plus an AI client and a workbench of cryptographic tools. None of it phones home.

Protocols

Every protocol, first-class.

HTTP / REST

  • Full method coverage including TRACE and CONNECT
  • Body modes: raw / JSON / XML / urlencoded / form-data with file upload / binary
  • mTLS with project-scoped client certificates and OS-keychain-encrypted passphrases
  • HTTP / SOCKS proxy with auth, follow / no-follow redirects, custom timeouts
  • Pre-request and post-response scripts with a Postman-compatible pm API
  • Test assertions on status, headers, body, response time, JSON path, XML path
  • Cookie jar per workspace with manual edit

SOAP / WSDL

  • WSDL import from URL or file, SOAP 1.1 + 1.2 dual bindings
  • Multi-service, multi-port WSDL parsing with operation extraction
  • Manual envelope mode for hand-written SOAP / XML payloads
  • Automatic example envelope generation from XSD schema
  • WS-Security: UsernameToken (Text + Digest with nonce/created), Timestamp with TTL
  • XML Signature (RSA-SHA1 / RSA-SHA256), envelope or specific elements
  • XML Encryption (AES-128/256-CBC, AES-128/256-GCM, RSA-OAEP key wrapping)
  • SOAPAction extraction and header negotiation

WebSocket

  • ws + wss with custom headers and subprotocol negotiation
  • JSON / text composer with template variable substitution
  • Message timeline (sent + received) with timestamps and direction
  • Reconnection control with manual disconnect

GraphQL

  • Query, mutation, and subscription support over HTTP and WebSocket transports
  • Schema introspection with searchable type browser
  • Variables JSON editor synced with the operation
  • graphql-ws for live subscriptions, no SaaS proxy

gRPC

  • .proto file import via @grpc/proto-loader
  • All four streaming modes: unary, server-streaming, client-streaming, bidirectional
  • Metadata editor (request and response)
  • JSON skeleton automatically generated from message field types
  • TLS / mTLS with project-scoped certificates

Server-Sent Events

  • Long-lived event streams with automatic Last-Event-ID resume
  • Per-event filtering, JSON parsing of data payloads
  • Reconnect-with-backoff (configurable)

Socket.IO

  • WebSocket and HTTP long-polling transports via the official socket.io-client
  • Namespaces and connection-time auth (bearer token via the auth payload)
  • Custom HTTP headers on the WebSocket upgrade handshake
  • Emit any event with a JSON payload — outgoing events appear in the timeline
  • Subscribe to any event name; incoming events stream into the same timeline
  • Bidirectional event timeline with direction arrows and timestamps

MCP (Model Context Protocol)

  • Built on the official @modelcontextprotocol/sdk — same wire protocol Claude Desktop and other MCP hosts speak
  • Three transports: Streamable HTTP, SSE (legacy), stdio for locally-spawned servers
  • For stdio, Testnizer launches the server as a subprocess (e.g. `npx @modelcontextprotocol/server-everything`)
  • Server identity (name + version) shown after handshake
  • Tool catalog with input-schema preview
  • Invoke any tool with a JSON arguments object; inspect the structured result

AI Chat

  • 14 providers: OpenAI, Anthropic, Google, xAI, DeepSeek, Mistral, Groq, Perplexity, Cerebras, Cohere, Fireworks, DeepInfra, Together, OpenRouter
  • Custom URL provider for self-hosted vLLM / LM Studio / Ollama / TGI endpoints
  • Streaming responses with abort support
  • Multi-turn conversations with system prompt control
  • Environment variable resolution in URL, headers, and body

Mock Server

  • Multiple HTTP server instances on custom ports — bound to 127.0.0.1 by default, 0.0.0.0 with explicit opt-in
  • Endpoint matching: exact, :param placeholders, * / ** wildcards, full-regex with named capture
  • Per-response conditions: header / query / path-param / body-JSONPath / body-XPath / method / and / or — first match wins
  • Templating with Handlebars + dynamic values (e.g. {{request.body.x}}, {{$timestamp}}, {{$randomUUID}})
  • Pre-response JavaScript in a Node vm sandbox (5s timeout) — read & mutate state, override status / headers / body, console.log captured
  • Per-server in-memory state shared across endpoints — POST / GET / PUT round-trips work without external storage
  • Authentication gate: Bearer / Basic / API-key (header or query); per-endpoint overrides
  • JSON Schema (draft-07) body validation per endpoint with 400 + Ajv error details on mismatch
  • Failure injection (probabilistic 5xx or upstream-timeout simulation) and rate limiting (per-IP or global, 429 + Retry-After)
  • Configurable CORS (origins / methods / headers / credentials / max-age) with auto preflight responses
  • Echo endpoint at /__echo for quick reflection of inbound requests
  • Proxy passthrough for unmatched paths with optional recording — captured upstream responses persist as new mock endpoints for offline replay
  • Import endpoints from OpenAPI 3 (JSON / YAML, $ref dereferencing, examples + schema-derived bodies) or Postman v2 collections
  • Live request log per server with replay-friendly request / response capture and matched-rule attribution

Mock Server

A real HTTP server, configured in the same UI.

Define endpoints with path params, wildcards, or regex. Pick a response with declarative conditions on headers, query, body (JSONPath/XPath), or method. Sign and encrypt the responses with templating, in-memory state, and a Node-vm sandbox that runs your JavaScript before each reply. Plus auth, schema validation, failure injection, rate limit, CORS, OpenAPI/Postman import, and a recording proxy — all on 127.0.0.1.

Testnizer Mock Server — endpoints panel with full URL bar, condition / script editors, and live response preview

Built-in tools

No more pasting tokens into jwt.io.

These all run inside Testnizer's main process, with no network call. If your machine is offline, they still work.

Testnizer tools workbench — JWT debugger with decoder/encoder, hash and HMAC calculators, epoch converter, HTTP status codes, and more

JWT Debugger

Decode + encode in one tool. Header / payload as JSON or table view, intra-line claim descriptions, ISO-rendered date claims. Verify HS / RS / PS / ES / EdDSA signatures, sign with shared secret or PEM private key. Generate working sample tokens per algorithm.

JSON / XML Formatters

Pretty-print, minify, validate. Multi-line input, syntax errors with line numbers. Sort-keys / sort-attributes options.

Encoders / Decoders

Base64, URL, Hex, HTML entities, Unicode escape — paired text fields, instant convert.

Text Diff

Side-by-side aligned diff with character-level intra-line highlights for paired modified rows. Per-side line counts and additions / removals tally; ignore-whitespace and ignore-case toggles.

JSON Schema Generator

Infer a draft-07 JSON Schema from a sample document, including string-format detection (date, date-time, email, uuid, uri, ipv4) and array-shape unions via oneOf.

JSONPath / XPath Evaluator

Live-evaluate expressions against an in-editor sample. Built-in canonical sample datasets and 11–17 ready-to-load example queries each (Goessner reference + common predicates).

JSON ↔ XML Converter

Both directions with attribute preservation, xsi:nil → null mapping, paths-as-arrays hint, ignore-nulls / ignore-empty filters, root-element naming.

XSLT / Jolt Evaluators

XSLT 1.0 transformations + Jolt-compatible JSON shaping (shift / default / remove). 17 Jolt + 8 XSLT runnable samples bundled.

WS-Security Workbench

Apply, verify, decrypt, and sign arbitrary XML. Same engine as the SOAP request panel. Useful for inspecting captured envelopes.

Hash Calculator

MD5, SHA-1, SHA-256, SHA-384, SHA-512 — all algorithms computed in parallel for the same input, with per-row copy buttons. RFC-vector tested.

HMAC Generator

HMAC-SHA1 / SHA256 / SHA384 / SHA512 with shared secret. RFC 4231 vector tested.

Epoch Converter

Auto-detected unit (seconds / ms / μs / ns) ↔ ISO 8601 + GMT + local zone + relative ("4 seconds ago"). Date-parts builder for the inverse direction.

HTTP Status Codes

Searchable, category-filtered reference (1xx / 2xx / 3xx / 4xx / 5xx) covering 60+ codes from RFC 9110 + IANA + WebDAV.

Base Converter

ASCII ↔ Binary ↔ Octal ↔ Decimal ↔ Hex — UTF-8 byte-aware, all five fields synced live, multi-byte characters handled correctly.

UUID Generator

v1 / v4 / v5 / v7 in batches up to 1000, with namespace presets (DNS / URL / OID / X.500) for deterministic v5. Lower / upper / no-dashes / urn / braces formats. Validate + version-detect any UUID.

Regex Tester

Live regex match with named + numbered group captures, replacement preview with $1 backreferences, all six JS flags toggleable, and a built-in cheatsheet (email / URL / IPv4 / UUID / ISO 8601 / JWT / hex color / phone).

YAML ↔ JSON Converter

Bidirectional with indent + sort-keys options. JSON_SCHEMA-safe (no `!!js/*` tags). Convenient for OpenAPI specs, Kubernetes configs, and Helm charts.

Certificate Manager

Local cert store, mTLS / client certificates per project, OS keychain encryption for passphrases.

Workflow

The collaborative bits, without a cloud.

Collection runner

Sequential or parallel execution of multiple endpoints with HTML report output. Iterate over data files for parameterised runs.

Test suites

Multi-collection regression sets with auto-detected import (Testnizer + Postman + Insomnia formats).

Scheduler

Local cron-style scheduling for repeat runs against staging or QA endpoints. No background SaaS workers.

Git integration

Project files commit through your existing repo. Branch with the project, review through PRs.

Console

Virtualised log timeline with per-tab filtering, raw request / response capture, search.

Code generation

Export any request as cURL, JavaScript fetch, Python requests — useful for sharing without sharing tokens.

Try it in five minutes.

Free. No account, no waitlist, no telemetry.

Download Testnizer Read the docs