HTTP Request Builder

An HTTP request builder lets you construct and send HTTP requests to any URL from your browser without installing tools like Postman or writing code with curl. You can set the HTTP method, headers, query parameters, request body, and authentication, then inspect the full response including status code, headers, and body.

GET retrieves data from a server. It is safe (causes no server changes) and idempotent (same result each call). Parameters go in the URL query string. POST sends data to create or update a resource. Data goes in the request body, not the URL. POST is used for form submissions, creating records, and sending JSON payloads to APIs.

REST (Representational State Transfer) is an architectural style for web APIs. A RESTful API uses HTTP methods (GET, POST, PUT, DELETE) to perform CRUD operations on resources identified by URLs. Responses are typically JSON. REST APIs are stateless — each request contains all information needed to process it independently.

401 Unauthorized means the request lacks valid authentication — you are not logged in or your token is missing or expired. 403 Forbidden means the server knows who you are but you do not have permission to access this resource. Fix 401 by providing credentials; fix 403 by requesting the correct access permissions from the resource owner.

CORS (Cross-Origin Resource Sharing) is a browser security policy that blocks JavaScript from calling a different domain unless that server explicitly allows it via Access-Control-Allow-Origin headers. Browser-based HTTP tools are affected by CORS; command-line tools like curl are not. If you hit CORS errors, the API server needs to enable CORS for your origin.

Query parameters appear in the URL after a ? (e.g. /search?q=hello&page=1) — visible in the URL, used for filters and pagination in GET requests. The request body is data sent as part of the HTTP message — not visible in the URL. Used with POST, PUT, PATCH for JSON payloads, form data, and file uploads.