Rest | Tools of the Trade

How can I test what a REST endpoint is posting?

How can I test what a REST endpoint is posting?

UPDATE 2: In February 2019, I got an email about a new public RequestBin site, created by PipeDream. As of Jan 2020 it's still up, so that's good. In general, if the data is remotely sensitive, I'd be wary of sending requests to an endpoint I didn't control - consider setting up your own RequestBin instance instead.

I wanted to give you a heads up that we launched a new version of RequestBin at requestbin.com.  We fixed all the known issues -- uptime, load handling, etc -- and  added a bunch of features including optional private bins protected by  login. I hope this is helpful for you and your readers. ~Tod

UPDATE 1: As of June 2018, none of these seem to be working. One was taken down due to people abusing it, and the other two are unresponsive. It seems to be the nature of this particular beast.

Still... maybe there's something useful in here. The RequestBin repo has instructions on how to deploy your own instance of it (something I haven't tried yet).

I had an unusual (for me) problem yesterday, where I needed to configure a third-party service to send status updates to our application. The third-party service accepts a URL of my choosing, to which it'll post some set of data about the update. This is often referred to as a "web hook" and is a very common practice.

The problem was that their documentation about what data they were sending was incomplete. So how do you know what to expect in that case? You could write code that accepts anything and then refactor it later, but that's a lot of wasted effort - and I had no idea if it was posting values in the querystring, the headers, or using a JSON body, or a x-www-form-urlencoded body, or something else entirely.

A little bit of searching for solutions turned up some sites that solve this problem (I should've figured). You use them as the URL for your web hook, and they'll just take whatever's thrown their way and display the results to you - then you know exactly what the response will be.

Requestbin

RequestBin was actually the first one I came across, but unfortunately it's very flaky, frequently showing an "Application error" message; it seems to go down a lot. (Update for March 2020: Now it's completely gone.)

Just select the "Private" checkbox and click "Create a RequestBin". You'll be given a randomly generated URL, similar to Hookbin, which you can use - something like:

https://requestb.in/1aopvlq1

Here I sent it a few sample POSTS from Postman - a JSON body, some querystring parameters, and an x-www-form-urlencoded body, respectively.

Nice and easy to read.. when it's working. :p

Hookbin

Okay, Hookbin is the only free one I found that is easy to setup and works reliably. I mean, everything else I found either periodically goes down or is dead, so the bar was low, but this one really is nice.

Select the "Make it Private" box (unless you know it's something you'd like to share) and press "Create New Endpoint". That generates a new "Hookbin Endpoint", which is just a randomly generated URL for you to use as a webhook.

Here I used one with the third-party service. It ends up they're sending a x-www-form-urlencoded body, so the body contains a bunch of key/value pairs (i.e. Called, ToState, Direction, etc).

Be careful when you're using these services - you're sending them data and you can't be absolutely sure what they'll do with it. Hookbin has a very concise, clear terms and privacy policy. The significant parts:

  • Public endpoints can be viewed by anyone with a link.
  • Private endpoints are only viewable from the browser used to create them.
  • Each endpoint stores 100 results; older results are deleted.
  • Each endpoint is kept active and accessible for 7 days from creation, then deleted.
  • Third party vendors/hosts provide the infrastructure to run Hookbin.

The limitations are clearly spelled out, as well as the fact that the maintainer of this tool uses other services to support it. In general, I'd still suggest using this only for testing (not production).

Mockbin

I really wanted to like this one - it was so easy to setup. And it looks like it has worked with great success, in the past.. on and off... somewhat recently.

You should be able to click the green "Create Bin" button, then the blue "Create Bin" button (leave everything empty), and then copy the URL (basically a GUID) that's in your browser and post to it.

POST http://mockbin.org/bin/fcf45a91-a0de-468c-9a56-14debc870414/view?name=Grant&eyes=blue

Unfortunately it's been down for months and no one's responded, so this one may be dead. Someone posted their bin from when the site was working, so you can see what it's supposed to look like. It's opensourced on GitHub - feel free to take a stab at fixing it. ;p

Even when it is working, there's nothing in their docs about how long they hold on to the requests they intercept, or what they might do with the data.

Thoughts

There are quite a few other sites too, but unfortunately many of them have problems. RequestBin and APICombo seem to be down, and HTTP Responder throws a 500 "internal application error" (seems to be working as of March 2020).

I found a nice looking one called Runscope, but their most basic option is $79/month, out of my price-range. But the fact that they charge for their service hopefully it means it's always available when you need it, and they probably provide a wider array of features too. There's another free one called WebHook but I couldn't find anything about it, or its terms and policies, or about the company Quantisle that owns it, so I didn't even try it. (update April 2018 - it's dead)

Speaking of which, always check for privacy policies and terms of service. Be aware of what data they're intercepting, and stick to using them for testing purposes - unless it's a service that guarantees privacy and control over your data. Don't post things like API keys and auth tokens and passwords, or customer data that you don't want to share, or anything that should be kept confidential! If you need to do that, setup up your own RequestBin instance instead.

Affiliate Links

I occasionally include affiliate links for products and services I find useful and want to share. These links don't increase your cost at all, but using them helps pay for this blog and the time I put into it. Thanks!