I've been building Requex.me for a while — a free, no-signup webhook testing tool. Yesterday I shipped what I think is the most useful feature yet: a hosted mock server.
Here's the problem it solves.
You're building a frontend. The backend team hasn't shipped the /orders endpoint yet. So you either block on them, spin up a local Express server that you have to keep running, or fake it with hardcoded data in your component. None of these are great.
The alternative I wanted: define a URL, tell it what to return, and move on.
What I built
Every mock server on Requex gets a stable HTTPS URL:
https://api.requex.me/mock/<your-server-id>/
From there, you define routes and responses from a UI. No code, no deploy, no Docker. Changes go live instantly.
What you can configure per route:
- HTTP method (GET, POST, PUT, PATCH, DELETE, or
ANYas a wildcard) - Status code (any valid HTTP status — 200, 201, 401, 422, 500...)
- Response body (JSON, XML, plain text, empty — returned as-is)
- Custom headers (
Content-Type, auth challenge headers, whatever you need) - Response delay in ms (0–30,000ms — useful for testing loading states and timeout handling)
URL path routing supports Express-style params:
/users/:id → matches /users/42, /users/abc
/orders/:id/items → matches /orders/99/items
The part I'm most proud of: conditional responses
This is where it gets genuinely useful. Each response can have conditions that gate when it fires — inspecting query params, headers, path params, or JSON body fields.
Real example: version-based routing on /api/data
# GET with ?version=v2 → fires the v2 response
curl https://api.requex.me/mock/<id>/api/data?version=v2
→ 200 {"version":"v2","data":[...]}
# Any other request → falls back to ANY response
curl https://api.requex.me/mock/<id>/api/data
→ 400 {"error":"version parameter required"}
Operators you can use: eq, neq, contains, startsWith, endsWith, regex, gt, lt, exists, notExists.
Match mode is configurable: ALL rules must pass, or ANY rule must pass.
Auth enforcement
If the real API requires auth, the mock should too. Otherwise auth bugs stay hidden until you're testing against production.
Supported auth modes (server-wide, enforced before any route matching):
- Bearer Token
- API Key (header or query param)
- Basic Auth
- HMAC Signature
- Custom (match any header, query param, or JSON body path against an expected value)
All comparisons use timingSafeEqual to avoid timing attacks. You can configure the failure status code (401 or 403) and an optional WWW-Authenticate challenge header.
When a hosted mock is better than a local one
Local mocks (Mockoon, json-server, etc.) are great when everything stays on your machine.
A hosted mock earns its place when:
- A teammate needs to hit the endpoint from their machine
- A CI pipeline needs a stable URL to run integration tests against
- A Postman collection is shared across the team
- An external webhook sender needs to POST to something real
Try it
Go to requex.me, sign in (free, takes about 10 seconds), and click Mock Servers. You'll have a live HTTPS endpoint in under two minutes.
Full feature docs: requex.me/docs/mock-server
Curious what features people would find most useful next. Thinking about response sequences (return different responses on repeated calls to the same route) and OpenAPI import. What would actually be useful for your workflow?
Top comments (0)