Docs
Get started with Tinspec.
Tinspec is a local-first API workbench — explore OpenAPI specs, send HTTP & gRPC requests, and chain them into runnable pipelines. Here's the quick start and the core concepts. Full reference docs are on the way.
Quick start
Your first five minutes
Open a folder
Point Tinspec at a folder of YAML collections — or start an empty one. Everything you save lives there as plain files you can commit next to the API they test. No account, no sign-in.
Bind a spec
Add an OpenAPI URL or file as a spec source. Endpoints resolve just-in-time and refresh when the spec changes, so you test against the current API — never a stale snapshot.
Send a request
Pick an endpoint, choose an environment, and send. Requests go out from a local engine inside the app, so localhost, native gRPC, and CORS-free calls all just work.
Chain & automate
Wire requests into a visual chain — extract a token from one response, feed it into the next. Add an auth provider once and Tinspec injects credentials for you.
Concepts
The vocabulary
Requests
A single HTTP or gRPC call with method, target, headers, body, and auth. Hand-authored or derived live from a spec.
Spec sources
An OpenAPI document (URL or file). Endpoints stay bound to it: re-resolving adds, removes, and updates them just-in-time.
Environments
Named variable sets — base URLs, IDs, secrets — swapped per run so the same request hits dev, staging, or prod.
Chains
An ordered graph of requests where later steps reference values extracted from earlier responses. Run all, run to a node, or test one.
Auth providers
A reusable, automated way to obtain credentials and inject them — by script or first-class identity providers — so you never paste a token.
gRPC
Import a .proto, pick a service and method, author the message as JSON, and send through the engine’s dynamic codec. Unary today.
Where your data lives
Collections, requests, and chains are plain YAML files in the folder you open — commit them alongside your code. A local SQLite database holds only run history and a rebuildable cache; deleting it loses nothing but history. Secrets are stored in your OS keychain, never in the files. See Privacy for what does and doesn't leave your machine.
Questions the docs don't cover yet?