Get Curlex

Available for macOS and Windows. Free and open source. No account needed.

Latest release: v1.1.9·See what's new →

macOS only:If Gatekeeper blocks the app, open System Settings → Privacy & Security and click “Open Anyway”.

macOS Requirements

  • macOS 12 Monterey or later
  • Apple Silicon (M1+) or Intel
  • ~40 MB disk space

Windows Requirements

  • Windows 10 or later (64-bit)
  • .exe (NSIS) or .msi installer available
  • ~45 MB disk space

Privacy

  • No telemetry or analytics
  • All data stored locally
  • No account required

Release History

See the Changelog for what changed in each release.

v1.1.9latest
Release notes
### OAuth 2.0 Enhancements - Expired tokens are now automatically refreshed when using Client Credentials grant — no more manually clicking "Get Access Token" before every request - Added **Additional Parameters** table in the OAuth2 form — send custom key-value pairs as body fields, headers, or query params to support providers like Azure AD (`resource`) and Auth0 (`audience`) - Added **JWT Decode** — inspect the header and payload of your access token directly in the auth panel - Added **Token History** — view and restore up to 5 previous tokens
v1.1.8
Release notes
### Fixed - Fixed import failure when importing Postman exports from Bruno - Fixed clicking a request in the sidebar incorrectly activating its example tab instead of the request tab - Sensitive credentials (bearer tokens, passwords, API keys, client IDs) are now redacted in the Collection Docs viewer
v1.1.7
Release notes
### Improved - Response data is now preserved when switching between tabs — no more lost responses after navigating away and back - Response body wraps by default for better readability; your wrap preference is remembered across new tabs - Smoother typing when renaming examples in the response panel ### Visual Refinements - Visual improvements to the request header table, including better alignment and spacing - Example rows in the sidebar use a subdued text style to visually distinguish them from request rows - Description column in request header table is hidden by default for a cleaner layout
v1.1.6
Release notes
### Security Hardening - Tightened Content Security Policy to restrict script and resource loading, reducing exposure to cross-site scripting - Removed external CDN dependency for core libraries — all dependencies are now bundled locally - Test and pre-request scripts now run exclusively in isolated Web Workers, preventing access to sensitive app internals ### Performance - Faster tab switching and reduced UI lag when working with multiple open tabs - Optimised deep-copy operations across the app for smoother request editing ### UI & Code Quality - Bearer token field now uses a password-style input with show/hide toggle for better security - Unified modal behaviour — consistent Escape-to-close, click-outside-to-close, and accessibility attributes across dialogs - Consolidated shared styling across authentication forms for a more consistent look
v1.1.1
Release notes
### Release Management - Added strict release validation and updated release automation ### Collections & Import Improvements - Added folder detail tabs with breadcrumb navigation and markdown description editing from the sidebar. - Expanded Postman import support to include collection auth, request/folder descriptions, test scripts, and binary file body mode.
v1.1.0
Release notes
### 🎨 Themes & Personalisation - **14 new built-in themes** — Dracula, Nord, Solarized, and 10 VS Code-inspired colour schemes - **Dedicated Themes page** — browse themes in a visual gallery with live miniature previews ### App Layout & Appearance - Refreshed island layout with rounded sidebar and content panels, inspired by IntelliJ's New UI - Tab bar no longer overflows — the environment switcher stays visible regardless of how many tabs are open ### 🔍 Sidebar & Environments - **Search in Collections** — click the search icon in the sidebar header to filter collections by name - **Search in Environments** — filter environments by name directly from the quick-switch dropdown - Context menus on Collections and History headers for quick actions (New Collection, New Folder, Clear History, etc.) ### Bug Fixes - Fixed auto-update reliability — slow downloads no longer block the update prompt - Fixed query parameters being dropped or duplicated in certain edge cases
v1.0.0
Release notes
First public release of Curlex — a fast, local-first, no-nonsense API client for macOS and Windows. ### Request Building - HTTP methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS - Query params and path parameters with type, required, and deprecated metadata - Request headers editor with key/value management - Body modes: none, raw (text, JSON, HTML, XML), form-data, URL-encoded, binary file upload, GraphQL - Raw body formatter with one-click prettify - Binary body mode with native file picker and base64 encoding - Per-request timeout configuration with ms / s / min units - Send and cancel support - Tab badge indicators showing active param, header, body, and auth counts ### Authentication - Auth types: None, Basic, Bearer token, API Key (header or query param), OAuth 1.0, OAuth 2.0, Inherit from collection - OAuth 1.0 with HMAC-SHA1, HMAC-SHA256, and PLAINTEXT signature methods - OAuth 2.0 grant types: Authorization Code, Authorization Code + PKCE, Client Credentials, Password, Implicit - PKCE code challenge with S256 and plain methods - Client authentication via basic auth header or credentials in body - Automatic token exchange, refresh token handling, and expiration tracking - Collection-level auth with per-request override or inheritance ### Response Viewer - Response body with syntax highlighting for JSON, XML, HTML, JavaScript, and more - JSON auto-formatting with prettify toggle - Line wrap toggle - Streaming progress indicator for large responses - Response headers tab — searchable and copyable - Cookies tab integrated with the cookie jar - Timeline tab showing redirect chain with per-hop method, status, and headers - Test results tab for script assertion output - JSONPath filter with live autocomplete suggestions - Find in response (Cmd/Ctrl+F) - PDF preview with zoom controls - Binary content viewer - Copy and save response body helpers - Status, time, and size metrics displayed inline on the toolbar ### Collections & Organisation - Nested folders within collections, with unlimited nesting - Add, rename, duplicate, delete, and move requests and folders - Drag-and-drop reordering in sidebar - Favourite/pin collections to the top of the sidebar - Collection-level auth and collection-level variables shared across all requests - Collection description with markdown editor - Full-text search across all request names ### Environments & Variables - Create, edit, and delete environments - Per-environment variable sets with default value, secret masking, description, and enabled/disabled toggle - Quick environment switcher in the status bar - Variable substitution using `{{variable_name}}` syntax in URLs, params, headers, body, and auth fields - Variable resolution order: collection variables → environment variables → dynamic built-ins - Variables inspector modal showing all resolved values in the context of the current request ### Dynamic Built-in Variables - UUIDs: `$guid`, `$randomUUID` - Timestamps: `$timestamp`, `$isoTimestamp`, `$randomDateFuture`, `$randomDatePast`, `$randomDateRecent` - Numbers: `$randomInt`, `$randomFloat` - Strings: `$randomAlphaNumeric`, `$randomAlpha`, `$randomHexadecimal`, `$randomWord`, `$randomWords` - People: `$randomEmail`, `$randomFirstName`, `$randomLastName` - Each invocation generates an independent value ### Scripting - Pre-request scripts: JavaScript executed before the request is sent - Test scripts: JavaScript executed after the response is received - `fc` scripting API: `fc.environment.get/set`, `fc.collectionVariables.get/set`, response assertions - Script output visible in the test results tab ### Collection Runner - Select and reorder requests before running - Configurable delay between requests - Retry failed requests with configurable retry count and delay - Stop on first failure option - Manual stop mid-run - Per-request status, timing, and test result breakdown in the run view - Persistent run history with timestamps, environment used, and pass/fail statistics - Export run results as PDF, HTML, or JUnit XML ### GraphQL - Dedicated GraphQL body mode with query editor and variables panel - Query syntax highlighting, prettify, and operation name support - Variable interpolation using `{{variable_name}}` inside GraphQL queries - Schema introspection with in-memory caching (5-minute TTL) - Autocompletion and inline validation against the fetched schema - Schema explorer and docs panel - WebSocket-based subscription support with real-time streaming ### Import & Export - Import from: cURL commands, OpenAPI/Swagger (v2 and v3), Postman (v2.1), YAML, Curlex native format - Export: collections, folders, individual requests, OpenAPI (JSON and YAML) - Keyboard shortcut: Cmd/Ctrl+O to open import ### Code Snippets - Generate ready-to-run code for: cURL, Fetch API, Axios, Node.js HTTP, Python requests, PHP cURL, Java OkHttp, Dart HTTP - Toggle auto-headers (no-cache, correlation UUID) in generated output ### Workspaces - Create, rename, and delete multiple independent workspaces - Each workspace has its own collections, environments, and git sync configuration - Quick workspace switcher in the app header ### Cookie Jar - Persistent cookie storage across requests - Cookie manager UI grouped by domain with add, edit, delete, and clear operations - Automatic cookie jar updates from Set-Cookie response headers - Quick access from the status bar ### Vault & Secrets - Encrypted secret storage for sensitive tokens and passwords - Vault setup flow with generated key and optional system keychain integration for key storage - Lock/unlock vault with master key - Add, update, delete, and toggle visibility of secrets - Export and import vault contents - Secrets available as variables across all requests ### Request History - All executed requests logged with timestamp, method, URL, and status - History panel accessible from the sidebar ### Response Examples - Save a snapshot of any request and its response as a named example - Examples stored with the request for documentation and testing reference ### Settings & Customisation - Theme: Dark, Light, or System (auto-detect) - Response panel layout: vertical (stacked) or horizontal (side-by-side) - Default redirect behaviour and maximum redirect limit - Auto-send no-cache header toggle - Auto-send UUID correlation header toggle - Editor font family and font size - Always discard unsaved changes on close option - TLS/SSL certificate management - Full keyboard shortcut reference with platform-specific display (Cmd vs Ctrl) - Log level configuration with log persistence