Notification message
ApexAPI
Fully client-side API Sandbox & Key Tester

Test and validate raw credentials with ultimate precision

An advanced, browser-based API client built for developers. Analyze endpoints, scan raw API keys (Google AIza, OpenAI, Slack, GitHub), configure parameters, and bypass client limitations seamlessly.

Quick Preview Sandbox
CORS Friendly
GET
Response Console
// Click "Send" above to run an instant dynamic query...

Complete toolbelt for API debugging

We have packed all essential features directly inside a modular browser framework with zero signup friction.

All HTTP Methods & Payloads

Full control over HTTP verbs, dynamic parameters, customized headers, dynamic variables, and custom raw payload types.

Raw Key Detection & Test

Instantly validate raw credentials like Google (AIza...), OpenAI, Anthropic, Stripe, and Slack. Detect profiles and load test rigs instantly.

Adaptive Sandbox Mode

Stuck behind CORS restriction blocks? Switch to the Sandbox engine to mock rich status profiles, schemas, and header results locally.

Understanding CORS in Browser Clients

Because ApexAPI runs completely in your web browser, requests to remote APIs are bound by the browser's Same-Origin Policy (CORS). If a remote API doesn't return CORS access headers, the browser block is triggered.

How to handle this inside the app:

  • Test open endpoints that support CORS (e.g., CatFacts, CoinDesk, JSONPlaceholder).
  • Turn on "Mock Sandbox Mode" in the workspace to test rich, complex headers and custom responses with 100% predictability.
  • Use an extension or local development proxy that injects `Access-Control-Allow-Origin` if testing internal localhost servers.
Environment Variables

Define key-value pairs to replace strings. Use {{variableName}} in requests.