Build HTTP requests with headers, auth, and body — preview and execute. Part of the DevTools Surf developer suite. Browse more tools in the API / Config collection.
Use Cases
Build and test API requests without writing any code
Prototype auth flows (OAuth2, API key, Bearer token) interactively
Debug API responses with syntax-highlighted body and header views
Export requests as code snippets for integration into applications
Tips
Use the environment variable panel to store base URLs and auth tokens — switch between dev/staging/prod without editing each request
The 'Auth' tab generates the correct Authorization header format for Bearer, Basic, API key, and OAuth2 token types
Click 'Code' to export the request as cURL, JavaScript fetch, Python requests, or Go http — useful for sharing with teammates
Fun Facts
The HTTP/1.1 specification (RFC 2616) was published in 1999 and remained the dominant protocol for 16 years until HTTP/2 in 2015. HTTP/3 (based on QUIC) became an RFC in 2022.
Postman started as a Chrome extension in 2012 and was downloaded over 30 million times before becoming a standalone app. It now has over 20 million registered users — among the fastest-growing developer tools ever.
The OPTIONS HTTP method, used for CORS preflight requests, was part of the original HTTP/1.1 spec but rarely used until browsers began enforcing CORS rules around 2010.
FAQ
Can I send files or multipart form data?
Yes — switch the body type to 'form-data' to upload files or mix file and text fields. The Content-Type header is set to multipart/form-data automatically.
Does it support GraphQL?
Basic GraphQL queries work by sending a JSON body with a 'query' field to a GraphQL endpoint. For schema introspection and explorer features, use the dedicated GraphQL Explorer tool.
Is my request data stored anywhere?
No — requests are built and executed client-side. Nothing is logged or stored on the server. Auth tokens and request bodies stay in your browser session only.
