Free, browser-based utilities for everyday developer workflows

XML / XPath / SOAP Inspector

Parse, format, inspect, query, and debug XML, XPath, namespaces, and SOAP envelopes locally in your browser. Nothing leaves this tab.

  • Format / minify XML, walk a collapsible tree, and copy stable XPath expressions for any node.
  • Run XPath with an editable namespace map and a no-match debugger that explains default-namespace and prefix issues.
  • Inspect SOAP 1.1 / 1.2 envelopes, operations, and faults; generate ready-to-paste cURL snippets.
  • Detect secrets and tokens before sharing, redact them, and hand off to XML → JSON, Text Diff, cURL, HTTP Headers, JWT, Base64, URL, and Line Tools.

XML input

Plain XML, SOAP 1.1 / 1.2 envelopes, SAML responses, and XML from logs are all accepted. Parsing happens in your browser only.

Document summary

Root
Namespace
Elements
Attributes

Tree

Selected node

Select a node in the tree to see XPath suggestions, attributes, and copy actions.

Formatted XML

Minified XML

How to use the XML / XPath / SOAP Inspector

Parse, format, query, and debug XML, SOAP envelopes, and SAML assertions in your browser. Walk the tree, run XPath expressions with namespace-aware resolution, inspect SOAP 1.1 / 1.2 operations and faults, build a copy-paste cURL, and redact passwords / tokens / WS-Security values before sharing. Useful for legacy enterprise integrations, SAML troubleshooting, B2B partner debugging, and any XML payload that won't behave.

How to use it

  1. Paste your XML document, SOAP request / response, or SAML assertion.
  2. Open the Tree tab to walk the structure — click any node to see suggested XPath expressions.
  3. Open XPath to evaluate an expression with the namespace resolver; use the no-match debugger if it returns nothing.
  4. Open SOAP for the operation, header, body, and parsed Fault details (1.1 or 1.2).
  5. Open Redaction to mask passwords, tokens, JWT-shaped values, and WS-Security secrets.
  6. Generate a cURL snippet to reproduce the SOAP call, or hand off to XML → JSON, JSON Formatter, Text Diff, or other tools.

When to reach for this tool

What it does

Privacy

XML parsing, formatting, XPath evaluation, SOAP inspection, namespace analysis, redaction, snippet generation, and export are all performed in your browser. No XML, headers, URLs, tokens, or XPath expressions are sent to a server. External DTDs and entities are never fetched. The tool does not execute any HTTP request; the cURL snippet is a copy-paste artifact only.

FAQ

Does this upload my XML?

No. Everything runs locally in your browser tab.

Why does my XPath return no matches?

The most common reason is a default namespace. In XPath, unprefixed names match the “no namespace” — even if the source XML declares xmlns="…". Use a generated prefix from the Namespaces tab, or fall back to //*[local-name()='YourElement'].

What is the difference between SOAP 1.1 and SOAP 1.2?

SOAP 1.1 uses the http://schemas.xmlsoap.org/soap/envelope/ namespace and a SOAPAction HTTP header with text/xml content type. SOAP 1.2 uses http://www.w3.org/2003/05/soap-envelope and an application/soap+xml content type with the action embedded in the Content-Type. Faults also have different shapes — this tool extracts both.

Can I convert XML to JSON?

Use the Next-steps tab or the SOAP body actions to hand off to the XML to JSON Converter. The handoff is browser-side.

Can I redact secrets before sharing?

Open the Redaction tab. The tool finds passwords, tokens, JWT/Base64-shaped values, and WS-Security elements, then emits an XML with the sensitive values replaced by <redacted>.

Runs locally in your browser. No uploads.