Open Post - Test APIs Without Leaving VS Code

Open Post: Test APIs Without Leaving VS Code

If you're tired of switching between your code editor and Postman, or concerned about your API credentials living in the cloud, I built something you might like.

Open Post is a fully offline REST & GraphQL API client that lives inside VS Code. No accounts, no cloud sync, no telemetry. Just you, your editor, and your APIs.

Why I Built This

I got tired of the constant context-switching. Write code in VS Code, test the API in Postman, copy the cURL command, switch back to VS Code, paste it somewhere... you know the drill.

Plus, I never felt comfortable with my API keys and tokens syncing to someone else's cloud. Call me paranoid, but I prefer my secrets to stay on my machine.

So I built Open Post with three goals:

1. Stay in VS Code — no more context-switching
2. Privacy first — everything stays local
3. Git-friendly — plain JSON files you can commit

Getting Started

Install from VS Code Marketplace:

https://marketplace.visualstudio.com/items?itemName=open-post.open-post

Step-by-step installation:

1. Open VS Code
2. Click the Extensions icon in the sidebar (or press Cmd+Shift+X / Ctrl+Shift+X)
3. Search for "Open Post"
4. Click Install on the extension by open-post
5. Once installed, press Cmd+Alt+P (Mac) or Ctrl+Alt+P (Windows/Linux)

The Open Post panel will open automatically. Now try your first request:

GET https://jsonplaceholder.typicode.com/posts/1

Hit Send or press Cmd+Enter. You'll get a formatted response with syntax highlighting, response time, and status code.

Features Worth Mentioning

Encrypted Secret Vault

Store API keys, tokens, and certificates in an AES-256-GCM encrypted vault. No external services needed.

1. Open the Vault tab
2. Create a vault with a master password
3. Add secrets: key="api-key", value="sk-abc123..."
4. Use {{api-key}} in your requests

The vault auto-resolves variables during requests, and you can store TLS certificates for mTLS authentication.

Environment Variables

Create environments (Dev, Staging, Prod) and use {{variable}} syntax anywhere:

URL:    {{base_url}}/users/{{user_id}}
Header: Authorization: Bearer {{token}}
Body:   { "api_key": "{{api_key}}" }

Variables follow a priority chain:

collection vars < global env < vault secrets < local env

Collections with Inheritance

Organize requests into collections with nested folders. Set auth at the collection level, and every request inherits it. Override at the folder or request level when needed.

Same goes for pre-request and test scripts — they cascade down the hierarchy.

Mock Servers

Spin up mock servers right inside VS Code:

• Define routes with custom or snapshot-based responses
• Auto-generated OpenAPI docs at /_openapi.json
• Interactive Swagger UI at /_swagger
• Request logging
• File-based responses

Perfect for frontend development when the backend isn't ready yet.

AI Integration (MCP)

Open Post supports the Model Context Protocol. Expose your collection requests as tools for AI clients like Claude Desktop, Cursor, or GitHub Copilot.

Enable the built-in Management MCP server, and your AI can:

• Create collections and requests
• Run API tests
• Start/stop mock servers
• Import/export data

Connect to http://127.0.0.1:3199/mcp and say:

• "Create a new collection called User API"
• "Run all requests in the Auth collection"

Code Export

Need to integrate an API call into your codebase? Click the </> button and get code in 14 languages:

cURL (Unix & Windows), PowerShell, JavaScript (Fetch & Axios), Python (Requests & http.client), Go, Java, C#, Ruby, PHP, Rust, Swift

Environment variables are resolved, auth headers are injected, and the code is ready to paste.

Authentication

Supports every auth type you'll need:

• Basic Auth
• Bearer Token
• API Key (header or query param)
• OAuth 2.0 (authorization code & client credentials)
• AWS Signature V4
• Digest Auth (RFC 7616)

All auth types support {{variable}} placeholders.

Body Types

JSON, Form Data, URL Encoded, Raw Text, XML, GraphQL, Binary

All text-based body types support inline comments that are automatically stripped before sending:

{
  "name": "John",
  // "email": "test@example.com",  // Temporarily disabled
  "age": 30
}

Pre-Request & Test Scripts

Automate workflows with JavaScript:

// Pre-request: set dynamic header
request.headers["X-Timestamp"] = Date.now().toString();

// Test: assert response
console.assert(response.status === 200, "Expected 200");
const body = response.json();
console.assert(body.id !== undefined, "Should have id");

Global Storage

Create global collections and environments in ~/.openpost/global/ that are shared across all workspaces. Changes sync automatically across VS Code windows.

Perfect for reusable collections you use across multiple projects.

Import & Export

• Postman v2.1 collections
• OpenAPI / Swagger specs (auto-generates collections)
• cURL commands
• Open Post JSON (native format)

Data Storage

All your data lives locally:

.openpost/                    ← per workspace
  ├── collections.json
  ├── environments.json
  ├── history.json
  └── config.json

~/.openpost/global/           ← shared across workspaces
  ├── collections.json
  ├── environments.json
  ├── vault.enc               ← encrypted vault
  └── config.json

No cloud sync. No telemetry. Commit .openpost/ to git to share with your team.

My Daily Workflow

Here's how I use it:

1. Create a global environment with base_url, api_key, auth_token
2. Create a collection for each microservice
3. Set collection-level auth (Bearer token with {{auth_token}})
4. Add requests using {{base_url}}/endpoint
5. Write pre-request scripts to refresh tokens
6. Use test scripts to extract IDs and set them as variables
7. Run the entire collection to test the full flow
8. Export to code when integrating into the app

Everything stays in sync across projects, and I never leave VS Code.

Simple vs Advanced Mode

Simple Mode (default) — Clean interface with just the essentials: requests, params, headers, body, auth.

Advanced Mode — Unlocks Mock+MCP servers, Vault, test scripts, and advanced settings. Requires a license key, but includes a built-in trial.

Installation

VS Code Marketplace:

https://marketplace.visualstudio.com/items?itemName=open-post.open-post

Open VSX Registry:

https://open-vsx.org/extension/open-post/open-post

GitHub:

https://github.com/openAPI-Studio/openAPI-Studio

Support the project:

https://ko-fi.com/openpost

Keyboard Shortcuts

• Open Open Post: Cmd+Alt+P (Mac) / Ctrl+Alt+P (Windows/Linux)
• Send Request: Cmd+Enter / Ctrl+Enter

Who Should Use This?

Open Post is great for:

• Privacy-conscious developers
• Teams using git for collaboration
• VS Code power users who hate context-switching
• Backend developers who need quick API testing
• DevOps engineers managing multiple environments
• API developers who want to mock endpoints
• AI enthusiasts exploring MCP integration

What's Coming

The team is working on:

• External vault providers (Azure Key Vault, AWS Secrets Manager)
• WebSocket support
• gRPC support
• Request chaining and workflows

Final Thoughts

Open Post isn't trying to replace Postman for everyone. It's for developers who value privacy, simplicity, and keeping their workflow inside VS Code.

If that sounds like you, give it a try. Install from the marketplace, press Cmd+Alt+P, and start making requests. No sign-up required.

Note: This is an actively developed project and there might be bugs. Any feedback, bug reports, or feature requests are greatly appreciated! Feel free to open an issue on GitHub or reach out.

Current Version: 1.3.40

Minimum VS Code: 1.85.0

License: Proprietary

Support Open Post on Ko-fi: https://ko-fi.com/openpost

---

Questions? Open an issue on GitHub

Quick Reference

Links:

• VS Code Marketplace
• Open VSX
• GitHub
• Ko-fi

Tags: #vscode #api #rest #graphql #tools #productivity #opensource