Skip to content

lmaon2466/api-debugger

BranchesTags

Repository files navigation

REST API Security Debugger

A developer tool for inspecting, testing, and auditing REST API requests with a focus on security. Run it locally or deploy it to the internet for your team.

Live demo: api-debugger.vercel.app

Features

  • Request builder — construct and fire REST API calls with custom headers, bodies, and methods
  • Security inspection — surface CORS headers, CSP policies, auth schemes, and other security signals in responses
  • Auth0 integration — sign in with your identity provider to get a personal profile and persist your history across devices
  • API call history — view, replay, and compare past requests tied to your account
  • Works anywhere — run locally for private internal API testing or deploy publicly for team use

Tech stack

Layer Technology
Framework Next.js 16 (App Router)
Auth Auth0 (@auth0/nextjs-auth0 v4)
Database Neon (serverless Postgres)
ORM Drizzle
UI MUI v6
Deployment Vercel

Local setup

Prerequisites

  • Node.js 18+
  • An Auth0 account and application (free tier works)
  • A Neon database (free tier works)

1. Clone and install

git clone https://github.com/<your-username>/api-debugger.git
cd api-debugger
npm install

2. Configure environment variables

Copy the example env file and fill in your values:

cp .env.example .env
Variable Description
APP_BASE_URL Root URL of the app (http://localhost:3000 locally)
AUTH0_DOMAIN Your Auth0 tenant domain
AUTH0_CLIENT_ID Auth0 application client ID
AUTH0_CLIENT_SECRET Auth0 application client secret
AUTH0_SECRET 64-char random string — generate with openssl rand -hex 32
DATABASE_URL Neon pooled connection string

3. Configure Auth0

In your Auth0 application settings, add the following:

  • Allowed Callback URLs: http://localhost:3000/auth/callback
  • Allowed Logout URLs: http://localhost:3000
  • Allowed Web Origins: http://localhost:3000

4. Run database migrations

npm run db:migrate

5. Start the dev server

npm run dev

Open http://localhost:3000.

Architecture

src/
  app/
    auth/[auth0]/     # Auth0 route handler (login, logout, callback)
    api/
      proxy/          # Proxies outbound API requests
      history/        # CRUD for per-user request history
  lib/
    auth0.ts          # Auth0Client singleton
    db.ts             # Drizzle + Neon connection
  components/
    layout/           # AppNavBar with auth state

Requests are proxied server-side so the tool can test APIs that enforce CORS restrictions in the browser. Auth is enforced at the API layer via Auth0 session validation.

Running tests

npm test                  # all tests
npm run test:unit         # unit tests only
npm run test:integration  # integration tests (requires live DB)

Security model

  • All outbound proxy requests originate from the server — no client-side CORS bypass
  • Auth0 handles credential storage and token issuance — no passwords stored
  • API call history is scoped to the authenticated user
  • Session cookies are httpOnly and secure in production

About

api-debugger.vercel.app

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages