Free REST Client
Test API requests from your browser. Save requests locally. No login. No cloud sync.
Requests and saved collections stay in your browser. Nothing is uploaded to Balance On Hand.
Request editor
Requests use your browser's fetch. If a request works in Postman
but fails here, it's almost always CORS — browser tools follow CORS rules, Postman does not.
Environments
Define {{variable}} values per
environment. They're substituted into the URL, headers, params, and body before sending.
Enabled params are appended to the URL when sending.
Response
Generate code
Why some requests work in Postman but not here
This tool runs entirely in your browser using the fetch API. It can call HTTP and HTTPS APIs,
including localhost services — but browsers enforce CORS and certificate rules that desktop tools
like Postman don't. This is normal browser security, not a bug in the tool.
Requests usually work when: the API sends
Access-Control-Allow-Origin, local microservices have CORS enabled, and HTTPS certificates are
trusted by your browser.
Requests may be blocked when: the server doesn't send
Access-Control-Allow-Origin, the CORS preflight fails, a self-signed certificate isn't trusted,
or the API needs network/VPN access the browser doesn't have.
For local development only, a Spring Boot service can enable CORS, for example:
@CrossOrigin(origins = "https://balanceonhand.com") // or, for local-only testing: @CrossOrigin(origins = "*")
Your requests stay in your browser
Requests are sent directly from your browser to the API you enter. Saved requests, collections, and environments are stored only in this browser's local storage — there's no account, no cloud sync, and no tracking. Clear them any time with "Clear all".
Built by Balance On Hand
Free tools with no login, no upload, and no unnecessary friction — plus a cash-flow planning app that helps you see how bills, subscriptions, loans, income, and spending affect your future balance.