Free, browser-based utilities for everyday developer workflows

Detect the API security issue

Find the bug in an API request/response: status codes, headers, JWT, CORS, and more.

About API Detective

Each round shows a tiny request/response scenario. Pick the most accurate root cause. Builds reflexes for status codes, headers, auth, CORS preflight, and content negotiation. Use the related HTTP Headers, cURL Converter, and JWT & OAuth Toolkit for live work.

Runs locally in your browser. Progress is stored only in this browser.