The local-first
API workbench.

The ultimate workbench for HTTP, gRPC, Kafka, and SOAP. Everything stays on your machine inside an AES-256-GCM encrypted vault.

Agentic AI Assistant — autonomously configure and execute requests
Download Latest Release Read the docs
Agentic AI Assistant AES-256-GCM vault No telemetry, ever mTLS · OAuth 2.0 · proxy Real-time load testing macOS · Windows · Linux
Scroll
Four protocols · one workspace

HTTP · gRPC · Kafka · SOAP — all native

ForgeReq isn't a thin wrapper around curl. Each protocol gets a first-class builder, response viewer, and engine path, without any external tools or schema registries.

HTTP / REST

All methods, multipart uploads, OAuth 2.0 Client Credentials, cookies, proxy, redirects — and mTLS over CONNECT tunnels.

gRPC

Paste your .proto inline. No reflection, no external schema registry — the compiler runs locally.

Apache Kafka

Produce messages or tail a topic in real time. SASL / TLS for managed clusters; live table view of incoming events.

SOAP

Paste a WSDL URL, get auto-generated envelope templates pre-filled with namespaces and parameter placeholders.

Everything in the box

Built for power users who don't trust the cloud

No premium tier. No login wall. Every feature below ships in the same AGPL-3.0 binary.

✨ Agentic Workspace Drive

An AI sidebar that actually drives the application for you.

Configure your own OpenAI, Anthropic, Google Gemini, Vertex AI, Azure, Grok, or local Ollama key. Ask the assistant to "create a login request", "run a load test", or "add auth headers" and watch it autonomously execute actions on your behalf.

Conversations are persisted safely inside your encrypted vault. A highly optimized 2-step agent router ensures negligible token overhead. Nothing ever passes through a ForgeReq server — because there isn't one.

OpenAI Anthropic Gemini Vertex AI Azure Grok Ollama
ForgeReq AI Assistant sidebar
The core

A tabbed workbench that respects your screen.

Build requests with full keyboard control: ⌘ Enter to send, ⌘ S to save, switchable bottom or right-column response layout, in-response text search, and per-tab history that survives restart.

Variables, secrets, and request history all live in an AES-256-GCM encrypted vault whose master key is held by your OS keychain — never on disk in plaintext.

ForgeReq main interface
Variables

Stash & Realms — environments without the footguns.

Define {{baseUrl}}, {{token}}, anything once in the Global stash, then overlay per-realm overrides (dev, staging, prod) on top.

Empty realm entries fall through to global automatically — no more "blank field silently shadows a working value". Secrets stay masked everywhere, including the cURL / JS / Python code-gen output.

Stash and Realms
Chaining

Rules — declarative response → variable capture.

Pull a JSON path or response header out of one response and bind it to {{var}} for every other endpoint in the library. No JavaScript runtime, no test sandbox, no surprise side effects.

Captured values shadow realm and global stash automatically — so a fresh login token always beats a stale one.

Request chaining rules
Cascade

Inheritance & Overrides — set it at the library, forget the rest.

Authentication, common headers, and proxy config defined at the library or shelf level cascade down to every nested endpoint. Override only where you need to.

Visual badges in the Auth and Headers tabs always show exactly where the inherited value is coming from — no guessing how the final request was built.

Inheritance and overrides
Automation

Library Runner — sequence mode and parallel load tests.

Drag-order a list of saved endpoints, drive them with a CSV or JSON dataset, and run them once (Sequence) or fan them out across N concurrent virtual users (Load) for as long as you like.

Live throughput, p50/p90/p95/p99 latency, and per-step error rates — all rendered locally, no SaaS dashboard required.

Library Runner — Sequence mode
Library Runner — Load mode
Unblock the frontend

Local Mock Servers — every library is one click from localhost.

Authoring a mock response is part of the same editor flow — set the status, headers, and JSON body, flip the switch, hit Start, and your library is serving on the port you chose. Stash variables work inside mock bodies too.

The server runs in the Electron main process, so a single ForgeReq window can stand in for an entire upstream while your frontend team iterates.

Local Mock Servers
gRPC

Paste a .proto. ForgeReq does the rest.

The proto compiler runs locally. Service and method dropdowns populate the moment your schema parses; metadata, Bearer / Basic auth, and {{var}} interpolation all work the same as on HTTP.

No reflection requests, no upload to a schema registry, no external protoc install required.

gRPC workspace
Apache Kafka

Produce, consume, and tail topics in real time.

Specify brokers, pick a topic, switch between Produce and Consume. Consumer mode streams messages into a live table view with offset, partition, and parsed JSON payload.

SASL/PLAIN and TLS toggles for managed clusters (AWS MSK, Confluent Cloud, Aiven). Credentials stay inside the encrypted vault.

Kafka workspace
SOAP

SOAP that doesn't feel like 2007.

Drop in a WSDL URL — ForgeReq parses it for services, ports, and operations. One click on Generate XML Payload gives you a complete envelope, pre-filled with namespaces and parameter placeholders.

XML syntax highlighting + a dedicated formatter so you can read the response without scrolling sideways.

SOAP workspace
mTLS

Client Certificates pinned by host — even over a proxy.

A global registry of certs bound to host (exact or wildcard) and optional port. PEM and PFX/P12 both supported, with masked passphrase fields. Most-specific binding wins, automatically.

Works through CONNECT-tunnelled HTTP proxies. Cert bytes are re-read at send time, so rotating a cert on disk takes effect on the next request.

Client Certificates (mTLS)
Portable secrets

Vault & Backup — move machines without uploading anything.

Settings → Vault & Backup → export. You choose a passphrase, you get a .rfvault file. Import on the new machine with the same passphrase — merge or replace.

Exports are sealed with a scrypt-derived AES-256-GCM key, so the file on disk is useless without the passphrase. Library exports (.forgereq.json) are Postman v2.1-compatible and intentionally exclude stash values.

Vault and Backup
Why ForgeReq

Designed for people who actually read the privacy policy.

Local-only by design

No account, no cloud, no sync. The only outbound network call ForgeReq ever makes is the request you asked it to send. The app cannot be turned into a SaaS — it doesn't have a backend.

Encrypted at rest

Every endpoint, secret, and response sits inside an AES-256-GCM vault. The master key is held by the OS keychain (macOS Keychain / Windows Credential Vault / Linux libsecret), never on disk in plaintext.

Real load testing built in

Fan a Run Profile out across N concurrent VUs for a fixed duration. Live RPS, p50/p90/p95/p99 latency, per-step error rate. No SaaS dashboards, no upload, no quota.

Postman-compatible exports

Library exports are a superset of Postman v2.1. Migrate in, migrate out — Rules and Run Profiles ride on extensions, so a re-export still loads in either tool.

Keyboard-first ergonomics

⌘ Enter sends. ⌘ S saves. ⌘ T opens a tab. Active tab and library expansion persist across restart. No mouse-hunting through endless config dialogs.

BYOK AI Assistant

Talks straight to your provider — OpenAI, Anthropic, Google, Vertex, Azure, Grok, or local Ollama. ForgeReq never sees the conversation, and the assistant can drive every tool in the app.

Forge requests. Keep your secrets at home.

Free, open source, AGPL-3.0. macOS (Apple Silicon & Intel), Windows, Linux (AppImage, deb, rpm).

Download Latest Release Browse the documentation