I was tired of json-server — so I built a free mock API tool (no signup needed)

#webdev #devtools #api #tutorial

Every frontend project I start hits the same wall.

I have a UI to build. I know what the API responses should look like. But the backend isn't ready yet.

So I spend 15–20 minutes doing the same setup ritual:

npm install -g json-server
# create db.json
# configure routes
# run json-server --watch db.json --port 3001

And that's the fast version. If I need CORS headers, custom status codes, or simulated delay, it gets longer.

I built MockBolt to remove that setup time entirely.

What MockBolt does

Paste JSON → click Generate → get a live public API URL.

That's it. No npm install. No terminal tab. No local port.

curl https://mockbolt.com/b/7f3d2c1a-9b8e-4f5a-b6d0-3e2c1f4a8b7d
# returns your JSON immediately

The endpoint:

Supports all HTTP methods (GET, POST, PUT, PATCH, DELETE)
Returns your JSON with the right status code
Has open CORS — works from any browser origin
Accepts custom response headers
Can simulate latency up to 10 seconds

Each mock gives you two URLs:

Public URL — share this with your frontend or teammates
Management URL — keep this private; edit payload, status code, methods, and delay anytime

No account. No email. No credit card. Free for 7 days, auto-renews with traffic.

A real example

Say I'm building a frontend that needs a /users endpoint but the backend isn't ready. In MockBolt:

1. Paste this JSON:

{
  "users": [
    { "id": 1, "name": "Alice", "role": "admin" },
    { "id": 2, "name": "Bob", "role": "viewer" }
  ],
  "total": 2
}

2. Select GET, click Generate Endpoint

3. Get a URL like https://mockbolt.com/b/e8bdb0ce-8ed9-44a8-adcc-b0af6a054443

4. Hit it immediately:

curl https://mockbolt.com/b/e8bdb0ce-8ed9-44a8-adcc-b0af6a054443
# {"users":[{"id":1,"name":"Alice","role":"admin"},{"id":2,"name":"Bob","role":"viewer"}],"total":2}

Done in under 30 seconds.

Testing error states and slow responses

MockBolt lets you set any status code from 100 to 599 and add a response delay.

Want to test how your app handles a 503 Service Unavailable? Set the status code, generate the endpoint, point your error-state tests at it.

Want to test loading spinners and skeleton screens? Set a 2000ms delay.

The copy-as-code panel also generates ready-to-run snippets in curl, fetch, axios, and Python requests — paste directly into your test file.

How I built it

Stack:

Backend: FastAPI (Python) + PostgreSQL
Frontend: React + TypeScript + Vite + Tailwind CSS
Deployed on AWS Lightsail behind Cloudflare

A few interesting decisions along the way:

Rate limiting behind Cloudflare — slowapi needs to read CF-Connecting-IP instead of request.client.host (which returns the Docker bridge IP behind Nginx). Took a couple of iterations to get this right.

Hit count accuracy — early on the counter was off because Cloudflare was caching GET responses. Fixed it with aggressive cache-busting headers: Cache-Control: no-cache, no-store, must-revalidate, max-age=0.

Anonymous management — instead of accounts, each mock gets a UUID secret token as the only credential. Tradeoff: if you lose the management URL you can't recover it. But it removes signup friction entirely and means zero user data to protect.

What's shipped since launch

I've shipped a lot since this article. Here's what MockBolt does now:

Request inspector (the big one)
Every request to your mock is logged — method, IP, country flag, query params,
request body, response time. Updates live via streaming as hits come in.
Free tier shows last 25 requests. Premium shows full history with CSV export.

Request replay
↩ button on every log row. Resends the exact request to your endpoint.
Useful when you tweak a handler and want to re-test without triggering a new real event.

Webhook testing
MockBolt turns out to be a great webhook testing tool too — point Stripe, GitHub,
or Shopify at your URL, trigger an event, see the full payload instantly.
Unlike webhook.site, you also control what goes back to the caller.

Error simulation

Random error rate: "return 500 on 20% of requests"
Header-triggered: "if X-Test: true header → return 422"

IP allowlist
Restrict which IPs can reach your endpoint.

Dynamic variables
{{uuid}}, {{timestamp}}, {{randomInt}}, {{name}} replaced at serve time.

Vault (anonymous accounts)
Create a vault with one click — no email, no password, just a key saved in your browser.
All mocks link to it automatically. Dashboard shows hit counts, expiry, payment history.

Activity-based TTL
Free mocks that get 10+ requests in 7 days auto-extend — they don't expire while active.

→ mockbolt.com — still free, still no signup