Skip to main content

Testing Console

The testing console in the Developer Portal lets you send live requests to any published endpoint directly from your browser. No separate tool needed — all auth headers are pre-filled from your active profile.

How to use the testing console

  1. Navigate to a collection and click on any published endpoint.
  2. The endpoint detail page opens showing:
    • HTTP method and path
    • Description
    • Parameters and schemas
  3. Scroll to the Try It section or click Send Request.
  4. The console pre-fills:
    • X-Client-ID from your authenticated client
    • X-Profile-ID from the selected profile
    • Authorization header from the selected profile's credentials
  5. Fill in any required path parameters and query parameters.
  6. Add or modify a request body if the endpoint requires one.
  7. Click Send.

The console shows:

  • Response status code and latency
  • Full response headers
  • Pretty-printed response body

Wildcard endpoint testing

When an endpoint path ends in /* (a wildcard proxy), the console replaces the structured parameter form with a free-form input:

Custom Path input (required)

  • Enter the full path suffix to append after the wildcard
  • Example: for endpoint /files/*, enter /documents/report-2024.pdf
  • The full request path becomes /files/documents/report-2024.pdf

Add Custom Query Parameter (dynamic rows)

  • Click Add Parameter to add arbitrary key-value query parameters
  • Useful for wildcard endpoints that accept dynamic query strings not defined in the schema
  • Each row: enter the parameter name and value

Example wildcard inputs:

Custom Path: /images/hero-banner.jpg
Query Params: width=800, format=webp
→ Requests: GET /files/images/hero-banner.jpg?width=800&format=webp

Auth headers in the console

The auth headers are sourced from the currently selected profile. To use different credentials:

  1. Switch the profile using the profile selector in the portal header.
  2. Return to the endpoint and the console refreshes with the new profile's headers.

mTLS note

Browser-based testing is not reliable for mTLS client-certificate flows. For mTLS profiles, use curl with an explicit certificate:

curl -X GET "https://gateway.example.com/api/resource" \
  --cert client.crt \
  --key client.key \
  -H "X-Client-ID: cl_abc123" \
  -H "X-Profile-ID: pr_xyz456"

Validation checklist

After testing, verify:

  1. Expected success path returns 2xx.
  2. Missing required parameter returns 400.
  3. Unauthorized request (no auth) returns 401.
  4. Wrong collection access returns 403.
  5. Disallowed method returns 405.
  6. Over-limit burst returns 429.
  7. For wildcard routes: test at least three different suffix depths and edge cases.