A self-hosted, AI-powered API testing platform with a unified playground for REST, GraphQL, WebSocket, and gRPC — featuring 6-provider AI analysis, 27 assertion types, and zero recurring costs.
Cloud-locked, expensive, no AI, separate tools per protocol. API Qortex fixes all of that — on your own server, for free.
Postman charges $19/seat/month. Your test data lives on their servers. Enterprise plans cost thousands. → API Qortex: Self-hosted. $0 forever.
A test returns 401. Why? Expired token? Wrong scope? Missing header? You're on your own. → AI reads the response and tells you exactly why.
Postman for REST. GraphQL Playground. wscat for WebSocket. BloomRPC for gRPC. → One unified playground for all 4 protocols.
Switching tools means recreating every test manually. → Import from Postman, OpenAPI, HAR, cURL, Insomnia in one click.
Everyone has the same access. No roles, no permissions, no audit trail. → 4 roles, 20 permissions, full audit logging.
Need separate tools for security scanning and load testing. → Built-in security scanner, load tester, and SLA tracking.
Every feature solves a real problem. No bloat. Completed features ship today — pipeline items are coming next.
When tests fail, AI reads request, response, headers, and assertions — returns structured diagnosis with root cause, category, severity, and fix suggestion.
✓ BuiltREST with 8 body types. GraphQL with introspection. WebSocket with real-time messaging. gRPC with proto parser and all 4 call types.
✓ BuiltStatus, JSON path, array, header, body, performance, schema, custom, and regex — across 9 categories. Visual form builder, no code required.
✓ BuiltAuto-detect + 4-step wizard: Postman v2.0/v2.1, OpenAPI 3.x, Swagger 2.0, HAR, Insomnia, cURL. AI analyzes dependency chains during import.
✓ Built4 roles (Admin, Manager, Lead, Tester) with 20 granular permissions. Audit logging, environment management, SSE real-time execution.
✓ BuiltPostman-compatible pm.* API: pre/post scripts, CryptoJS, lodash, moment, uuid, btoa/atob, pm.sendRequest(), setNextRequest().
✓ Built110 articles across 9 categories. Upload your own docs (PDF, DOCX, MD, TXT). AI answers questions using your content with source citations.
✓ BuiltOne-click profiles: Quick Check, Standard, Thorough, Contract, Security, Performance — with 5 default policies and 27 configurable rules.
✓ BuiltHeadless test execution from command line. JUnit XML, HTML, and JSON reporters. GitHub Actions and GitLab CI examples included.
▸ In PipelineExport tests as YAML/JSON files organized by suite hierarchy. Version-control alongside code. Import back without data loss.
▸ In PipelineUpload an OpenAPI spec, AI generates complete test suites — positive, negative, edge case, and security tests with correct assertions.
▸ In PipelineWhen API response structure changes, AI auto-updates assertions with confidence scoring. Eliminates the #1 pain point in API testing.
▸ In PipelineEvery AI feature works with any provider. Run locally with Ollama for privacy, or use cloud providers for speed. Automatic failover between all 6.
Pass/fail/conditional verdict with confidence score, findings, and human-readable summary. Understands context beyond status codes.
Per-field quality analysis with dataQualityScore (0-100). Detects anomalies, wrong types, and format issues.
Root cause across 8 categories: auth, network, schema, validation, timeout, server, data, config. With severity and fix suggestions.
Multi-turn SSE streaming conversation about your API tests. Session persistence across reloads.
Describe what to test in plain English. AI generates complete test objects with assertions.
Coverage gaps, redundant tests, missing edge cases. Generates coverage score with recommendations.
Scores imported collections for quality. Identifies API groups, suggests test structure.
Configure priority chain of 6 providers. Rate-limited? Auto-switch. No API key? Silently skipped. Ollama = always available offline.
7 HTTP methods, 8 body types, 10 auth types, pre/post scripts, 7 dynamic variables
Query & mutation, schema introspection, variables panel, subscription support
Real-time messaging, JSON/Text toggle, connection tracking, full message log
Proto parser, 4 call types (unary, server/client/bidi streaming), metadata editor
10 screens from the live platform. Scroll horizontally to explore.
📸 Screenshot placeholders — replace with actual product screenshots
No Redis. No message queue. One npm install, one database file, one process.
127+ components, Monaco Editor, Recharts, shadcn/ui, SSE streaming
27 server actions, zero separate API server needed
Request execution, assertion evaluation, authentication, scripting, security scanning, load testing, variable resolution, policy enforcement
6 providers, priority chain with auto-failover, SSE streaming, no SDKs (native fetch)
32 models, single-file DB, type-safe queries, backup = copy one file
11 phases completed (130+ features). 5 more in the pipeline — transforming API Qortex into an AI-native automation platform.
Click any section to see complete details behind every number and feature claim.
Every assertion runs automatically on each test execution. Combine any number per test. Each type has a visual form builder — no code required.
| Category | Type | What It Checks |
|---|---|---|
| Status | status_code | Response status equals expected value (200, 404, etc.) |
| Status | status_in_range | Status falls within a numeric range (e.g., 200-299) |
| Status | status_not_equals | Status is NOT a specific value (e.g., not 500) |
| JSON Path | json_path_equals | Value at JSON path equals expected |
| JSON Path | json_path_exists | JSON path exists in response |
| JSON Path | json_path_not_empty | Value at path is not null/empty |
| JSON Path | json_path_type | Value is specific type (string, number, boolean, array, object) |
| JSON Path | json_path_greater_than | Numeric value exceeds threshold |
| JSON Path | json_path_less_than | Numeric value below threshold |
| JSON Path | json_path_contains | String/array at path contains value |
| Array | array_length | Array has exact/min/max items |
| Array | array_contains | Array includes specific value |
| Array | array_each_has_field | Every array item has a field |
| Array | array_sorted | Array is sorted (asc/desc) |
| Headers | header_exists | Header present in response |
| Headers | header_equals | Header matches expected string |
| Headers | header_contains | Header contains substring |
| Body | body_contains | Body contains specific string |
| Body | body_empty | Body is empty (for 204, DELETE) |
| Body | body_not_empty | Body has content |
| Body | body_regex | Body matches regex pattern |
| Perf | response_time | Completes within time threshold (ms) |
| Perf | response_size | Body size under threshold (bytes) |
| Schema | json_schema | Validates against JSON Schema (draft-07) |
| Custom | custom_assertion | JavaScript expression — any logic |
| Custom | regex_match | Named regex on any response part |
Configure a priority chain. If provider #1 fails, the system tries #2, then #3. Every AI feature uses this chain — zero per-feature configuration.
| Provider | Default Model | Speed | Cost | Notes |
|---|---|---|---|---|
| Ollama (Local) | llama3.1:8b, qwen3:8b | 40-90s | Free | 100% private. Data never leaves your machine. Needs 4GB+ VRAM GPU. |
| OpenAI | gpt-4o-mini | 2-5s | $$ | Industry standard. Best complex reasoning. |
| Anthropic | claude-sonnet-4 | 2-5s | $$ | Excellent structured output and code. |
| Groq | llama-3.3-70b | 0.5-2s | Free tier | Ultra-fast inference. 30 req/min free. |
| gemini-2.0-flash | 1-3s | Free tier | Generous free tier for high-volume use. | |
| Mistral | mistral-small | 1-3s | $ | Open-weight models, good cost-quality. |
Auth resolves with inheritance: Test → Suite → Project. Set once at project level, all tests inherit. Auto-refresh tokens on 401.
| Type | How It Works |
|---|---|
| Bearer Token | Authorization: Bearer <token> header. Most common for JWT-based APIs. |
| Basic Auth | Base64 encoded username:password. |
| API Key | Sends as header or query param. Configurable key name and placement. |
| OAuth 2.0 | Full flow: authorization code, client credentials, implicit grant. Token refresh. |
| Digest | Challenge-response with nonce. More secure than Basic. |
| NTLM | Windows domain authentication. 3-step handshake. |
| Hawk | HMAC-based with timestamp and nonce to prevent replay attacks. |
| AWS Sig v4 | Signs requests with AWS access key + secret for S3, Lambda, etc. |
| Custom | Any header(s) with custom values for proprietary auth. |
| Inherit | Inherits from parent (Suite or Project). Set once, apply everywhere. |
Presets are preconfigured assertion bundles. Select one and all rules apply. Switch between presets or use Custom Mode for per-rule toggles. 5 policies ship by default with org-wide enforcement.
| Preset | Rules Included | Best For |
|---|---|---|
| Quick Check | Status code + response time under 2s | Smoke tests, health checks |
| Standard | Status + JSON validations + headers + response time | Day-to-day testing, regression |
| Thorough | All 9 categories active — deep validation | Release candidates, critical paths |
| Contract | JSON Schema + field types + required fields | API contract testing, OpenAPI compliance |
| Security | Security headers, CORS, PII, auth tokens — 7 checks | Security audits, OWASP compliance |
| Performance | Response time p50/p90/p99 + payload size limits | Performance baselines, SLA verification |
4-step wizard: Upload → Analyze → Preview → Import. AI Import Analyzer scores quality and suggests improvements.
| Format | Versions | What Gets Imported |
|---|---|---|
| Postman | v2.0, v2.1 | Requests, folders (as suites), auth, variables, pre/post scripts |
| OpenAPI | 3.0, 3.1 | All endpoints, params, request bodies, response schemas, security |
| Swagger | 2.0 | Endpoints, params, definitions. Auto-converts to OpenAPI 3.x. |
| HAR | 1.2 | Recorded HTTP requests from browser DevTools. Headers, cookies, timing. |
| Insomnia | v4 | Requests, folders, environments, auth configurations. |
| cURL | Any | Parses cURL into method, URL, headers, body, auth. Paste from terminal. |
Write pre-request and post-response scripts using the familiar Postman pm.* API. Scripts run in a sandboxed JavaScript environment.
| Phase | Capabilities |
|---|---|
| Phase 1: Response | pm.response.json(), .text(), .code, .headers, .responseTime |
| Phase 2: Testing | pm.test("name", fn) + pm.expect(val) with .to.equal(), .to.have.property(), .to.be.a(), .to.include() |
| Phase 3: Utilities | CryptoJS (HMAC, SHA256, MD5), lodash (_.get, _.has, _.map, _.filter), moment(), uuid(), btoa/atob |
| Phase 4: Async | pm.sendRequest() for HTTP calls in scripts, pm.execution.setNextRequest() for dynamic ordering |
pm.* scripting API is compatible — existing test scripts workWhere Postman is stronger: Larger community, more mature ecosystem, collaboration features, cloud sync, and extensive marketplace.
A QA Manager who saw the gaps in existing tools and decided to build something better.