← Back to API Tester FAQs
Is API Tester Safe?
Yes. The API Tester sends requests directly from your browser to the target API. Here's what you should know:
Direct Browser Requests
All HTTP requests are made using the browser's native fetch() API. Requests go directly from your browser to the API endpoint — there's no proxy or intermediary server.
No Data Storage
Your API keys, tokens, and request data are not stored on any server. Request history is saved locally in your browser's IndexedDB and never transmitted anywhere.
CORS Considerations
Since requests are made from the browser, they're subject to CORS policies. If an API doesn't allow cross-origin requests, you may see CORS errors. This is a browser security feature, not a limitation of the tool.
Best Practices
- Use test/development API keys rather than production keys when possible
- Clear your history after testing with sensitive tokens
- Be aware that request history stores the first 2KB of response bodies
- For APIs with strict CORS, consider using a local proxy during development