Features

Once you have sent your first request and organised it into a collection, these are the concepts that unlock everything else Curlex can do. Each topic below is a self-contained deep-dive — read what is relevant to your workflow now and come back to the rest as you need it.

Authentication

Every real API requires credentials. Curlex handles the full spectrum — from a simple API Key header to the complete OAuth 2.0 authorisation code flow with PKCE — so you never have to construct an Authorization header by hand.

Basic Auth — username and password, encoded automatically
Bearer Token — paste any JWT or access token
API Key — send a key as a header or query parameter
OAuth 1.0 — HMAC-signed requests for legacy APIs
OAuth 2.0 — all five grant types, with a built-in browser flow and automatic token refresh

Vault

The Vault is Curlex's encrypted secret store. Secrets are kept in your operating system's keychain — never in your collection files or Git history — and can be locked to specific API domains so the wrong credentials can never be sent to the wrong server.

Use {{vault:secret-name}} anywhere in a request to reference a stored secret.

Dynamic Variables

Dynamic variables generate fresh values at the moment a request is sent — UUIDs, timestamps, random names, email addresses, and 60+ others. Use {{$guid}} or {{$randomEmail}} anywhere you would use a regular variable — no configuration needed.

GraphQL

Curlex treats GraphQL as a first-class request type. You get a dedicated query editor with schema-aware autocomplete, a visual schema explorer, inline error highlighting for partial failures, and a real-time subscription stream — all without installing any extra tooling.

Importing and Migrating

Already have requests in Postman, Bruno, or another tool? Curlex can import Postman v2.1 collections, cURL commands, and OpenAPI 3.x / Swagger 2.0 specifications. Scripts written using the pm.* API migrate without any changes.