API Request Playground

Send an HTTP request and explore the JSON response in an interactive tree. Runs entirely in your browser — nothing is proxied or logged.

What is the API Request Playground?

A lightweight, in-browser HTTP client — like a mini Postman. Pick a method, enter a URL, add any headers and a request body, and hit Send. The response comes back with its status code, round-trip time, and size, and any JSON payload is rendered as an interactive, collapsible tree you can search and copy paths from. Every request is made directly from your browser; JSONKit never proxies, stores, or logs it.

Equivalent curl command

bash
# The playground runs this in your browser, the same way curl would:
curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -d '{ "name": "Ada", "role": "admin" }'

A note on CORS

Because requests run in your browser, they are subject to the same CORS rules as any web page. APIs that send an Access-Control-Allow-Origin header (most public APIs) work out of the box. APIs that don't allow cross-origin browser requests will fail with a CORS error — that's a restriction set by the API, not by JSONKit. For those, test the endpoint from a server or a desktop HTTP client.

Where This Playground Helps

  • Exploring a new APITry endpoints from documentation without installing Postman or writing a script, and see the exact response shape immediately.
  • Debugging an integrationReproduce a failing request with the exact headers and body your code sends, isolating whether the bug is in the request or your app's handling of the response.
  • Checking auth headers quicklyConfirm a Bearer token or API key actually works against an endpoint before wiring it into application code.
  • Inspecting a large JSON responseBrowse a deeply nested response as a collapsible tree instead of scrolling through raw formatted text.

Frequently Asked Questions

No. The request is made directly from your browser to the target API. JSONKit has no backend involved in the call — nothing is proxied, cached, or logged. Your URLs, headers (including auth tokens), and bodies never touch our servers.

Browser requests obey CORS. If the target API doesn't return an Access-Control-Allow-Origin header that permits jsonkit.in, the browser blocks the response and you'll see a network/CORS error. This is enforced by the browser and the API, not by the playground. Use a server-side client for APIs that don't allow cross-origin browser requests.

Yes. Add an Authorization header (e.g. 'Bearer <token>') or any custom header in the Headers section. They're sent with the request from your browser only.

GET, POST, PUT, PATCH and DELETE. For POST/PUT/PATCH/DELETE you can attach a JSON (or any text) request body, and a Content-Type: application/json header is added automatically if you don't set one.

The playground still shows the status, time, size and the raw response text. The interactive tree view only appears when the body parses as valid JSON.

Related Tools