API Request Builder

Build a request and turn it into cURL and framework snippets, with assertion and negative-test ideas to test against.

Runs 100% client-side
Copy output
On this page4 sections
✓ Valid JSON
curl -X POST 'https://api.example.com/users' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <token>' \
  -d '{
  "name": "QA User",
  "email": "qa@example.com"
}'

Assertion ideas

  • Status code is 201 (or 200).
  • Response time is within the agreed SLA (e.g. < 800ms).
  • Response Content-Type header is application/json.
  • Required fields are present and correctly typed in the body.
  • Response shape matches the agreed schema.
  • Side effect is persisted (re-fetch and confirm the change).

Negative test ideas

  • Missing or invalid auth token → 401.
  • Authenticated but unauthorized role → 403.
  • Unknown resource id → 404.
  • Missing required field → 400 with a clear error.
  • Wrong field type (e.g. number instead of string) → 400.
  • Empty body → 400.
  • Boundary values (min/max length, 0, negative) handled correctly.
  • Duplicate request handled idempotently (no double side effect).

HOW TO USE

  1. 01Choose a method and enter the URL; add headers and query params one per line.
  2. 02For POST/PUT/PATCH, paste a JSON body — the validator flags syntax errors and Format JSON tidies it.
  3. 03Switch the snippet tab between cURL, Playwright, Cypress, REST Assured, and Postman and copy what you need.
  4. 04Use the assertion and negative-test ideas as a starting checklist for the endpoint.

Try it

Method = POST, URL = https://api.example.com/users, body = { "name": "QA User" } → copy the Playwright snippet.

WHEN TO USE

Use this to understand a request's structure and turn it into starter test code without switching tools. It is the inverse of the Curl to Code Converter: build the request in a form here, or paste a cURL command there. The assertion and negative-test ideas help you cover the cases that matter — auth, validation, boundaries, and idempotency — not just the happy path.

WHAT BUGS THIS FINDS

  • Weak auth and permission handling

    The negative-test ideas prompt missing-token (401) and wrong-role (403) checks that are easy to forget.

  • Loose request validation

    Missing-field, wrong-type, and empty-body suggestions surface endpoints that accept bad input.

  • Malformed request bodies

    The JSON validator catches body syntax errors before they cause confusing 400s in your tests.

QA USE CASES

01

Bootstrap an API test

Build the request and copy a Playwright or REST Assured snippet straight into your suite.

02

Document an endpoint

Generate a Postman example and a cURL command to share in a ticket or runbook.

03

Plan endpoint coverage

Use the assertion and negative-test ideas as a coverage checklist before writing tests.