PointHTTP LogoPointHTTP
GitHub
NPM Library For REST API Testing & Automatic Documentation In The Browser

Convert Your .http Files Into A Stunning Interactive Playground

PointHTTP automatically generates an elegant, in-browser REST client and documentation portal for your Express, NestJS and other nodejs frameworks backend with zero extra setup.

📂 Explore Library
$npm install pointhttp📋

⚡ Interactive Experience Sandbox

Experience PointHTTP in action! Try selecting endpoints on the left, editing environment variables inside the grid, and clicking "Send Request" to watch responses render in our collapsible JSON tree viewer.

PointHTTP Logo
PointHTTP
API REST Client
🔍
REST Documents
Saved Snapshots
📄src/modules/auth/auth.http
📄src/modules/admin/admin.http
📄src/modules/app-notification/app-notification.http
📄src/modules/audit-trail/audit-trail.http
📄src/modules/document-categories/document-categories.http
📄src/modules/document/document.http
📄src/modules/entity/entity.http
📄src/modules/request/request.http

PointHTTP Playground (.http REST Client)

Consolidated, fully interactive API documentation. You can test and execute requests directly inside your browser!

ACTIVE ENVIRONMENT VARIABLESShow Variables ⌵
# =========================================================================
# 2. ADMIN AUTHENTICATION
# =========================================================================
POSThttp://localhost:5000/api/v1/auth/login
Content-Type: application/json
Request Body (JSON)● EDITABLE
# =========================================================================
# 3. GET USER PROFILE
# =========================================================================
GEThttp://localhost:5000/api/v1/users/profile
Authorization: Bearer {{authToken}}
Query Parameters
page=
limit=
action=
category=

API Response

Idle
Pretty
Raw

Drawer Awaiting Request

Click a "▷ Send Request" link inside the HTTP cards to open results.

📦 Built for Modern API Workflows

A self-contained development tool that empowers your testing suite and document pipelines.

📂

Modular Folder Scanning

PointHTTP recursively crawls your specified directory, scans modular .http documents, and automatically mounts them into a structured, clickable tree layout.

In-Browser Request Engine

Requests are executed using your browser's native fetch API. Test local environment APIs, staging networks, and cookie-authenticated sessions directly.

📝

Dynamic Variables Grid

Features a live-syncing key/value grid editor allowing developers to update dynamic credentials (e.g. baseUrl or JWTs) which auto-inject into active paths.

📦

Collapsible JSON Tree

Ditch huge, unreadable JSON blobs. Inspect nested structures with an interactive collapsible tree supporting custom styling for strings, booleans, and nulls.

💾

Local Storage Snapshots

Save response states, request variables, and history directly inside the user's browser, keeping their playground workspace cached across sessions.

🛡️

100% Insulated SSRF Protection

Since all network calls dispatch from the user's browser client and not the hosting Node server, your internal servers are perfectly isolated from request forgery exploits.

📄 How to Write .http Files

PointHTTP parses standard RFC 2616 REST Client files. Organize your workspace using simple .http sheets to define variables and endpoints.

💡 Syntax Convention Reference

  • Variables definition: Declare key-value request variables using @variableName = value. PointHTTP preloads and resolves these in request cards.
  • Request blocks: Specify the request verb (GET, POST, etc.) followed by the target URL.
  • Request headers: Write standard key-value headers directly below the request line (e.g. Content-Type: application/json).
  • Payload body: Add a single blank line after your headers, then write your raw text or JSON request payload.
  • Request separation: Separate multiple endpoints in a single file using ### (three hashtags) as a clean block delimiter.
example.http
# 1. Declare workspace local variables
@baseUrl = http://localhost:5000/api/v1
@token = ph_token_live_7x89yZ12

# 2. First request block
# @name authenticateAdmin
POST {{baseUrl}}/auth/login
Content-Type: application/json

{
  "email": "peter.paul@yopmail.com",
  "password": "Password1!"
}

###

# 3. Second separated request block
# @name getSystemModules
GET {{baseUrl}}/modules
Authorization: Bearer {{token}}

⚡ Integration in 2 Minutes

Mount PointHTTP as a standard Express-compatible middleware and expose it safely in your Node environments.

🚀 Express JS
🦅 NestJS App
📦 Zero-Config Out-of-the-Boxplayground()
import express from 'express';
import { playground } from 'pointhttp';

const app = express();

// 1. Zero-config: Scans default src/modules
app.use('/docs/http', playground());

app.listen(3000, () => {
  console.log('⚡ Running at http://localhost:3000/docs/http');
});
⚙️ Custom Settings & Preloadsplayground(options)
import express from 'express';
import { playground } from 'pointhttp';
import path from 'path';

const app = express();

// 2. Custom configuration & preloaded variables
app.use(
  '/docs/http',
  playground({
    modulesDir: path.join(process.cwd(), 'src/endpoints'),
    title: 'Custom API Docs Portal',
    logoText: 'C1',
    logoTitle: 'CustomDocs',
    // Preload custom authorization and default variables
    envVariables: {
      baseUrl: 'https://api.production.com/v1',
      authToken: 'ph_token_live_7x89yZ1239840abcde',
    },
    // Allowed environments for security verification
    enabledEnvironments: ['development', 'test', 'staging'],
  })
);

app.listen(3000);

💡 Configuration Parameters Explained

Calling playground() with no parameters automatically scans your workspace directory for .http files. To custom-brand your documentation or preset environment variables, pass a configuration object:

ParameterTypeDefaultDescription
modulesDirstringsrc/modulesAbsolute directory path of your workspace modules housing the .http requests files.
titlestringPointHTTP PlaygroundHTML document tab title in the browser header.
logoTextstringPHAbbreviated 2-character initials displayed inside the top-left circle badge.
logoTitlestringPointHTTPBrand logo text rendered adjacent to the initials circle badge.
enabledEnvironmentsstring[]['development', 'test']Locks the playground mount block if environment name falls outside allowed array.
envVariablesobject{baseUrl: ...}Initial key-value environment pairs preloaded inside active variables grids.

🛡️ Enterprise Grade Security Gateways

Insulate your sandbox and staging playgrounds from unauthorized traffic. Define granular access controllers.

QA & INTERNAL TEAMScustomAuth Hook

⚡ Alphanumeric Secret Code

Perfect for lightweight authorization. Team members gain access by visiting a URL formatted with a query parameter code, e.g., https://yourdomain.com/docs/http?code=SECRET_ACCESS_CODE. The middleware intercepts and evaluates this on the server.

playground({
  modulesDir: path.join(process.cwd(), 'src/modules'),
  customAuth: (req, res) => {
    // Alphanumeric URL query parameter code verification
    const accessCode = req.query?.code;
    const SECRET_ACCESS_CODE = process.env.PLAYGROUND_ACCESS_CODE || 'A89F2K8Z';
    
    return accessCode === SECRET_ACCESS_CODE;
  }
})