Sending Requests
The Request Builder is the central workspace for every HTTP request in Rostyman. It is organized into a top action bar, a URL bar row, an environment selector, and a set of sub-tabs that let you configure every aspect of the request before sending.
Method Selector
The method dropdown sits at the left end of the URL bar. Click it to choose from all seven standard HTTP methods, each rendered in its own color so you can identify them at a glance:
| Method | Color | Common Use |
|---|---|---|
| GET | Green | Retrieve a resource without side effects |
| POST | Orange | Create a new resource or submit data |
| PUT | Blue | Replace an existing resource completely |
| PATCH | Teal | Partially update a resource |
| DELETE | Red | Delete a resource |
| HEAD | Purple | Like GET but returns headers only (no body) |
| OPTIONS | Gray | Discover which methods and headers a server supports |
The selected method is always visible in the URL bar and is preserved when you save or switch tabs.
URL Bar
The URL bar accepts a full URL including scheme, host, path, and query string. It supports:
{{variable}}interpolation — any token wrapped in double curly braces is resolved against the active environment, collection variables, globals, and vault at send time. Unresolved variables are left as-is so you can spot missing definitions.- Autocomplete for saved URLs — as you type, Rostyman suggests URLs from your request history and saved requests in the current workspace.
- Inline variable highlighting — resolved variables appear in accent color; undefined variables appear in warning color.
Send Button
Click Send or press Ctrl+Enter (Cmd+Enter on macOS) to execute the request.
- While the request is in flight, the Send button shows a loading spinner.
- A visible X (cancel) button appears during loading — click it to abort the in-flight request immediately. This works for regular HTTP requests, SSE streams, and file downloads.
- Rostyman sends requests from the Electron main process, not the browser renderer, so there are no CORS restrictions.
Environment Selector
The environment selector dropdown sits next to the URL bar. It shows the currently active environment for this request's collection. Changing the environment here updates the active environment for the entire collection — all requests in that collection will resolve {{variables}} against the newly selected environment.
- Shows "No Environment" when no environment is selected.
- The active environment name is shown in muted text when one is selected.
- Variables are resolved in the following priority order (highest wins): environment variables → collection variables → globals/vault → built-in
{{$...}}variables.
Breadcrumb and Title Bar
Above the URL bar, a breadcrumb row shows the full path of the current request: Collection → Folder → Request Name.
- Click any breadcrumb segment to navigate to that collection or folder in a new tab.
- Double-click the request name to rename it inline (only for saved requests). Press Enter to confirm, Escape to cancel.
Save and Save As
The Save button (Ctrl+S) saves the current request back to the collection. For unsaved requests (new tabs), it opens the Save As dialog.
The Save As dropdown (chevron next to Save) always opens the Save As dialog regardless of whether the request is already saved. Use this to duplicate a request into a different collection or folder.
Save As Dialog
The Save As dialog lets you:
- Enter or edit the request name (required, up to 200 characters).
- Optionally add a description (click "+ Add description" to expand a textarea).
- Choose a destination — search and select a collection, then optionally expand it to pick a subfolder.
- Create a new collection inline without leaving the dialog (click "+ New collection").
- Create a new folder inside the selected location (click "+ New folder", only visible when a location is selected).
The Save button is disabled until both a name and a destination are selected.
Share Button
The Share button opens a small dropdown with two options:
| Option | Description |
|---|---|
| Copy as cURL | Generates a fully resolved cURL command (with auth headers injected) and copies it to clipboard |
| Copy URL | Copies the resolved request URL (variables substituted) to clipboard |
A separate Copy Link icon button (chain-link icon) next to Share copies the resolved URL directly in one click without opening the dropdown.
Sub-tabs
The request has ten sub-tabs. A green dot appears on a tab when it contains active content (at least one enabled parameter, a non-empty body, etc.), so you can tell at a glance which tabs have data without opening each one.
1. Params
Manage query string parameters as a key/value table.
| Column | Description |
|---|---|
| Enabled | Checkbox to include/exclude this parameter without deleting it |
| Key | Parameter name — supports {{variable}} interpolation |
| Value | Parameter value — supports {{variable}} interpolation |
| Description | Optional free-text description (shown as a tooltip in generated docs) |
| Delete | Remove this row |
- Click + Add parameter to append a new empty row.
- Ctrl+A selects all rows (useful for bulk enable/disable).
- Values are URL-encoded automatically before being appended to the URL — you do not need to percent-encode manually.
- Bulk edit toggle switches the table to a raw text editor where each line is
key=value. Useful for pasting parameter lists from elsewhere. - Parameters added here are merged with any inline query string already present in the URL bar.
2. Headers
Add custom request headers alongside auto-generated headers.
| Column | Description |
|---|---|
| Enabled | Checkbox to include/exclude this header |
| Key | Header name — supports {{variable}} interpolation |
| Value | Header value — supports {{variable}} interpolation |
| Description | Optional description |
| Delete | Remove this row |
- Auto-generated headers section — shown as a read-only list below the editable table. These are headers Rostyman adds automatically based on your body mode and auth type (e.g.,
Content-Type: application/json,Authorization: Bearer …). You cannot delete them here; they are controlled by the Body and Auth tabs. - When a body mode that implies a content type is selected (e.g., JSON raw body), a content-type suggestion appears. You can accept it or override it with a custom header.
- Bulk edit toggle switches to a raw text editor where each line is
Key: Value.
3. Body
Configure the request body. Choose one of these modes from the mode selector:
| Mode | Description |
|---|---|
| None | No request body (default for GET/HEAD/OPTIONS) |
| form-data | Multipart form data — supports both text fields and file uploads per field |
| x-www-form-urlencoded | URL-encoded key/value pairs — the classic HTML form submission format |
| raw | Free-text body with an optional content-type selector |
| binary | Upload a single file as the entire request body |
| GraphQL | GraphQL-specific editor with query, variables, and operation name fields |
Raw body content types
When raw mode is selected, choose a content-type hint from the dropdown on the right:
| Content Type | Sets Header | Editor Behavior |
|---|---|---|
| Text | text/plain | Plain text, no syntax highlighting |
| JSON | application/json | Monaco editor with JSON syntax highlighting and auto-format on paste |
| XML | application/xml | Monaco editor with XML syntax highlighting |
| HTML | text/html | Monaco editor with HTML syntax highlighting |
| JavaScript | application/javascript | Monaco editor with JS syntax highlighting |
The Monaco editor provides syntax highlighting, code folding, bracket matching, and Ctrl+/ for line comments. Paste JSON and it is auto-formatted to pretty-print. JSON validation errors are shown as red underlines in the gutter.
Binary mode
Click Select File to pick any file from your filesystem. The file name, size, and MIME type are shown. The file is sent as the raw request body with its detected content type. Useful for uploading images, PDFs, or other binary assets.
GraphQL mode
Three fields are available:
- Query — the GraphQL query or mutation document (Monaco editor with GraphQL syntax)
- Variables — JSON object of variables (Monaco editor)
- Operation Name — optional operation name when the document contains multiple operations
Rostyman sends GraphQL requests as POST with Content-Type: application/json and the body { "query": "...", "variables": {...}, "operationName": "..." }.
4. Auth
Configure authentication for this request. Select an auth type from the dropdown:
| Auth Type | Description |
|---|---|
| None | No authentication headers added |
| Inherit | Use the auth configured on the parent folder or collection |
| Bearer Token | Adds Authorization: Bearer <token> header. Token supports {{variable}} |
| Basic Auth | Adds Authorization: Basic <base64> from username and password fields |
| API Key | Adds a custom key to a header (e.g., X-API-Key) or as a query parameter |
| OAuth 2.0 | Full OAuth 2.0 flow with grant types: Authorization Code, Authorization Code + PKCE, Client Credentials, Password, Implicit. Cached tokens with auto-refresh |
| OAuth 1.0 | OAuth 1.0a signature with consumer key/secret and token key/secret |
| Digest | HTTP Digest authentication — username and password, challenge-response |
| Hawk | Hawk authentication — ID, key, algorithm (sha256/sha1), with optional ext and app fields |
| AWS Signature v4 | AWS SigV4 — access key, secret key, region, service name, with optional session token |
| NTLM | Windows NT LAN Manager — username, password, domain, workstation |
When Inherit is selected, the effective auth from the parent folder (or collection if no folder overrides) is shown as read-only text, so you always know what auth will actually be sent.
All auth field values support {{variable}} interpolation. Store tokens and secrets in environment variables or the Vault to avoid hardcoding credentials.
5. Scripts
Write JavaScript that runs before or after the request.
Pre-request script — runs before the request is sent. Use it to:
- Set or modify environment variables
- Generate dynamic values (timestamps, signatures, UUIDs)
- Conditionally change the request URL or headers
Post-request / Test script — runs after the response is received. Use it to:
- Write assertions about the response
- Extract values and store them in variables for chaining requests
- Log debugging information
Scripts use the rm.* API (not pm.*). Key methods:
// Variables
rm.environment.set('token', responseBody.access_token)
rm.environment.get('baseUrl')
rm.collectionVariables.set('key', 'value')
rm.globals.set('key', 'value')
// Tests
rm.test('Status is 200', () => {
rm.expect(rm.response.status).to.equal(200)
})
rm.test('Response has token', () => {
rm.expect(rm.response.json().access_token).to.be.a('string')
})
// Response access
rm.response.status // e.g. 200
rm.response.json() // parsed JSON body
rm.response.text() // raw body as string
rm.response.headers.get('Content-Type')
Console output from console.log() in scripts appears in the bottom console panel (toggle with Ctrl+`).
6. Cookies
Shows all cookies that will be sent with this request, drawn from the global Cookie Jar for the matching domain.
- Cookies are matched by domain (including subdomain matching) and path.
- Add cookie manually — click "+ Add" to create a cookie with name, value, domain, path, and optional flags.
- Delete a cookie — click the trash icon on any row to remove it from the jar.
- Edit a cookie — click any field to edit it inline.
Changes made here update the global Cookie Jar and affect all requests to the same domain.
7. History
Shows previous responses for this specific saved request, without leaving the request editor.
- Displays a list of recent runs with timestamp, HTTP status code, response time, and response size.
- Click any entry to load that response into the response viewer for inspection.
- Diff two responses — select any two entries to see a side-by-side diff of the response bodies.
- Trends sparkline — a small inline chart shows response time and status over the last N runs.
This is per-request history. Global request history across all requests is available in the History section (sidebar).
8. Code Snippets
Generate ready-to-paste code for the current request in 17 language/library combinations. Variables are resolved to their current values before generation. Auth headers are injected into the snippet automatically.
Shell:
- cURL
- HTTPie
- PowerShell
JavaScript:
fetch(browser)axios
Node.js:
fetch(Node.js 18+)
Python:
requestshttpx
Other languages:
- PHP (cURL extension)
- Go (
net/http) - Ruby (
net/http) - C# (
HttpClient) - Java (
HttpClient) - Kotlin (OkHttp)
- Swift (URLSession)
- Dart (
http) - Rust (
reqwest)
Each snippet is displayed in a Monaco editor with syntax highlighting. Click Copy to copy the entire snippet to clipboard.
9. Examples
Store multiple example request/response pairs for this request. Examples are used to document expected inputs and outputs and are displayed when the request is shared or published.
- Add example — click "+ Add Example" to create a new example from scratch, or save the current response directly using the Bookmark button in the response toolbar.
- Each example has its own:
- Name — e.g., "Success 200", "Not Found 404"
- Request data — params, headers, and body (independently editable per example)
- Response — status code, status text, response headers, and response body
- Delete example — click the trash icon on any example.
- Examples are saved to the database alongside the request.
10. Settings (Per-Request)
Override global and workspace-level settings for this specific request only.
| Setting | Default | Description |
|---|---|---|
| SSL Verification | (global setting) | Override the global SSL certificate verification setting for this request. Useful when one API uses a self-signed cert but others should remain verified. |
| Follow Redirects | (global setting) | Override the global redirect-following behavior for this request. |
| Timeout | (global setting) | Override the global HTTP timeout (in milliseconds) for this request. Set a higher value for long-running operations or a lower value to fail fast. |
When a per-request override is set, a small indicator badge appears on the Settings sub-tab to remind you the global default is not in effect.
Keyboard Shortcuts Reference
| Shortcut | Action |
|---|---|
Ctrl+Enter | Send request |
Ctrl+S | Save request |
Ctrl+N or Ctrl+T | New request tab |
Ctrl+W | Close current tab |
Ctrl+Tab | Next tab |
Ctrl+Shift+Tab | Previous tab |
Ctrl+1–Ctrl+9 | Jump to tab by index |
Ctrl+K | Open command palette |
Ctrl+O | Import collection or request |