HTTP workspace
Compose and send requests from restored local tabs, with native cancellation and full response body reads.
Rust + Tauri desktop client
Post APIs. Not your data.
PostNot is a free, local-first API client for focused HTTP workflows: native request execution, restored request tabs, resolved previews before send, collections, Playbooks, environments, OS-backed secrets, imports from Postman, OpenAPI, and cURL, redacted export flows, OAuth2 helpers, and saved request scripting.
Rust-native sending
SQLite-backed local data
OS-backed secret storage
PostNot is fully free and open source. It is also a fully AI-generated software project: the repository code was produced end-to-end by AI agents.
Local-first by default, with the same warm-paper and deep-green UI used in the desktop app.
Core workflow
Built for dense desktop API sessions
PostNot keeps request editing, multi-tab workspace state, history, imports, automation, and secrets close to the machine you are working on.
Resolved preview
Inspect the outgoing URL, query, headers, auth, and body before send, with private values masked.
Collections and folders
Save requests into collections and nested folders, then browse them with aligned tree guides, search, reorder, and drag-and-drop moves.
Playbooks
Run saved requests in order with per-step delays, stop-on-failure behavior, scripts, environments, history, and grouped run logs.
Environments
Use environments and {{variable}} substitution across requests, with autosave and keyboard save support.
Dynamic variables
Built-in values like $guid and $timestamp.
Secrets
Store secret environment values in the OS credential store instead of plain SQLite.
History
Inspect request history locally, collapse the Requests history panel, and restore a past request into a new tab.
Import and export
Import from Postman, OpenAPI 3, or cURL, export collections and environments, and export the active request as redacted cURL or PostNot JSON.
OAuth2 helpers
Fetch client-credentials bearer tokens from the request editor and optionally store them in the active environment as secrets.
Multipart and files
Attach local files to multipart requests without leaving the app workflow.
Scripts
Run inherited collection, folder, and request scripts around each send, including async helper HTTP calls and active environment variable updates. Read the scripting docs.
Interface
Current product screenshots
A quick look at the current UI across collections, Playbooks, environments, and settings. The request workspace is shown above.
Why PostNot
A smaller surface area, with the parts that matter
Local-first
Request data and app state live on your machine.
Desktop-native
Rust request execution and Tauri packaging instead of a browser-only shell.
Portable when you need it
Bring data in from Postman, OpenAPI, or cURL, keep working locally, and export it back out later.
Safer environment handling
Secrets stay out of SQLite, request previews mask private values, and request exports redact credential-looking fields by default.
Storage model
Privacy and persistence
- SQLite-backed app data lives under the Tauri app data directory on your system.
- Secret environment variables are stored in the operating system credential store.
- When requests use secret variables, history keeps unresolved {{variable}} references rather than resolved secret values.
- Single-request cURL and PostNot JSON exports redact credential-looking values by default, with an explicit full-export toggle.
Project status
Pre-1.0 and actively refined
The core workflow is already real and usable, including restored multi-tab request workspaces, nested collections, Playbooks, OpenAPI 3 import, OAuth2 token fetching, resolved request previews, redacted exports, and async scripting helpers. Current work is focused on broader scripting depth, additional polish, and updater channel decisions. Follow CHANGELOG.md and Releases for updates.