cd /news/developer-tools/api-client-supporting-agents-grpc-ka… Β· home β€Ί topics β€Ί developer-tools β€Ί article
[ARTICLE Β· art-61176] src=github.com β†— pub= topic=developer-tools verified=true sentiment=↑ positive

API client supporting Agents, gRPC, Kafka and MCP

Restura, a new open-source API client, launches supporting protocols including HTTP, GraphQL, gRPC, WebSocket, Kafka, MQTT, and MCP. The tool stores all data locally, requires no account, and is free with no paid tiers, aiming to provide a private alternative to Postman and Insomnia.

read7 min views1 publishedJul 15, 2026
API client supporting Agents, gRPC, Kafka and MCP
Image: source

Restura is one API client that speaks every protocol I actually use β€” HTTP, GraphQL, gRPC, WebSocket, SSE, Kafka, MQTT, and MCP. It stores everything locally, needs no account, and runs in the browser, as a native desktop app (macOS / Windows / Linux), or self-hosted in Docker behind your firewall. Free β€” not "free tier with the useful stuff locked," just free.

It started because I was tired of juggling four tools to debug one service, each with its own collection format and auth setup. Then Postman changed its pricing and Insomnia went cloud-first β€” syncing auth tokens, internal hostnames, and payload bodies to someone's server by default. That felt wrong, so Restura signs auth at the wire and keeps your data on your machine.

Protocol What works today
HTTP
REST / HTTP All methods, params, headers, body types, cookies, code gen
GQL
GraphQL Query builder, schema introspection, subscriptions
RPC
gRPC Unary, server streaming, reflection Β· client/bidi streaming desktop only
WS
WebSocket Connect, send/receive, full message history
IO
Socket.IO Connect, emit/listen events, acks
SSE
Server-Sent Events Live event stream viewer with reconnection
KFK
Kafka Produce / consume, SASL + TLS Β· desktop only
MQT
MQTT Publish / subscribe, QoS, TLS Β· desktop only
MCP
Model Context Protocol Proxy to any MCP server β€” and Restura can be one

Request scripting | Pre-request and test scripts in JavaScript, sandboxed in |

WorkflowsImport everythingEnvironments{{base_url}}

between staging and prod in one click.**Auth built-in*AI assistant Desktop only.*Private by default Restura signs auth at the wire and guards every outbound request β€” on both the web Worker and the desktop main process.

Desktop (Electron)β€” Keys wrapped by the OS keychain viasafeStorage

(macOS Keychain / Windows Credential Manager / libsecret), data sealed with AES-256-GCM. mTLS, custom CA certs, SOCKS proxies, PAC resolution, and TLS-verify-off all run through Node's TLS /net

stack.Web— Keys default to ephemeral in-memory (regenerated per session) so the key never sits beside the ciphertext; encrypted data won't survive a reload. mTLS, custom CA, SOCKS, and TLS-verify-off aren't available in the browser sandbox.Network— SSRF guards (RFC 1918, CGNAT, link-local, cloud-metadata, IPv6 ULA, IPv4-mapped IPv6) on every path; desktop adds a DNS-rebind guard at lookup time. AWS SigV4 is signed in the Worker / Electron handler — never the renderer — so the signature matches the exact bytes upstream receives.Sandbox— User scripts run in aQuickJSWASM VM with memory and time limits. No host bridge, no filesystem, no network.Privacy— No accounts, no cloud sync. Optional, opt-out error reporting (on by default) can be turned off in** Settings › Privacy**. Desktop routes errors toSentryvia a renderer→main IPC bridge; web routes them to a self-hosted Cloudflare Worker (/api/telemetry/error

). Either way: error message, stack, version, OS only β€” never request URLs, headers, bodies, secrets, or identity (sendDefaultPii: false

). Both paths gate onsettings.telemetry.errorsEnabled

and send nothing until checked. The only usage signal is anonymous aggregate session counts (desktop Sentry Release Health, gated by the same opt-out); the self-hosted server collects nothing. See.docs/adr/0027-telemetry-and-privacy-preserving-usage-analytics.md

See docs/adr/0004-security-hardening.md for the design rationale.

Prerequisites: Node.js 24+ and npm. Or skip the setup and open the web app directly.

git clone https://github.com/dipjyotimetia/restura.git
cd restura
npm install
npm run dev          # β†’ http://localhost:5173

One command boots the Vite dev server and the Cloudflare Worker proxy (via Miniflare).

Desktop app (build from source)

Prebuilt installers live on the releases page. To build locally:

npm run electron:dev              # development (live reload)

npm run electron:dist:mac         # macOS   β†’ DMG + ZIP  (x64 + arm64)
npm run electron:dist:win         # Windows β†’ NSIS + portable (x64 + ia32)
npm run electron:dist:linux       # Linux   β†’ AppImage + deb + rpm (x64)

Self-hosting (Docker)

Run the web app behind your firewall in a single Node container β€” no Cloudflare account required.

cp .env.example .env              # set WORKER_PROXY_TOKEN + ALLOWED_ORIGIN
docker compose up -d --build
curl -fs http://localhost:3000/health

See docs/SELF_HOSTING.md for the full operations guide β€” auth modes, internal-network access, reverse-proxy examples, healthchecks.

The same React SPA powers both targets. The only thing that differs is the transport layer, chosen at runtime by isElectron()

.

          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚          React SPA (renderer)        β”‚
          β”‚   Vite Β· React 19 Β· React Router v7  β”‚
          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                       β”‚             β”‚
                web    β”‚             β”‚   desktop
                       β–Ό             β–Ό
          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚   Cloudflare    β”‚  β”‚   Electron main       β”‚
          β”‚   Worker (Hono) β”‚  β”‚   Native IPC handlers β”‚
          β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                   β”‚                       β”‚
                   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β–Ό
                       Target API / Service

Protocol logic lives once in shared/protocol/

β€” SSRF validation, header policy, body construction, response shaping β€” and each backend supplies only a thin Fetcher

adapter. The Cloudflare Worker is never bundled into the desktop app. See docs/ARCHITECTURE.md for the full breakdown.

Project layout

src/
β”œβ”€β”€ features/
β”‚   β”œβ”€β”€ http/          # REST request builder & executor
β”‚   β”œβ”€β”€ grpc/          # gRPC client + server reflection
β”‚   β”œβ”€β”€ graphql/       # GraphQL builder + schema explorer
β”‚   β”œβ”€β”€ websocket/     # WebSocket client
β”‚   β”œβ”€β”€ socketio/      # Socket.IO client
β”‚   β”œβ”€β”€ sse/           # Server-Sent Events client
β”‚   β”œβ”€β”€ kafka/         # Kafka producer/consumer (desktop only)
β”‚   β”œβ”€β”€ mqtt/          # MQTT client (desktop only)
β”‚   β”œβ”€β”€ mcp/           # MCP client
β”‚   β”œβ”€β”€ ai/            # AI assistant (chat + request context)
β”‚   β”œβ”€β”€ ai-lab/        # LLM / prompt eval workbench (desktop only)
β”‚   β”œβ”€β”€ workflows/     # Request chaining + variable extraction
β”‚   β”œβ”€β”€ collections/   # Sidebar, runner, Postman/Insomnia import
β”‚   β”œβ”€β”€ environments/  # Environment variable manager
β”‚   β”œβ”€β”€ auth/          # Auth config (shared across protocols)
β”‚   β”œβ”€β”€ load-testing/  # Collection load/perf runner
β”‚   β”œβ”€β”€ mcp-server/    # Restura-as-MCP-server
β”‚   β”œβ”€β”€ registry/      # Lightweight service registry / request runner
β”‚   β”œβ”€β”€ contracts/     # Contract testing (provider / consumer)
β”‚   └── scripts/       # Script editor + QuickJS executor
β”‚
shared/protocol/       # Backend-agnostic protocol orchestrators
shared/capture/        # Browser-capture pipeline (used by the extension)
worker/                # Shared Hono app β€” Cloudflare Worker + self-hosted Node
electron/main/         # Electron main process + IPC handlers
extension/chrome/      # Browser capture extension (MV3)
extension/vscode/      # VS Code extension (OpenCollection support)
cli/                   # restura-cli β€” run collections in CI
Concern Choice
Build Vite 8 + @cloudflare/vite-plugin
UI React 19 Β· Tailwind CSS v4 Β· shadcn/ui Β· Radix UI
Routing React Router v7 (hash mode β€” works on file:// and https:// )
State Zustand v5 with persist middleware
Validation Zod v4
Editor Monaco Editor
Script VM QuickJS WASM (quickjs-emscripten )
Worker Hono on Cloudflare Pages Functions
Desktop Electron 42
Tests Vitest + React Testing Library + Playwright
npm run dev              # web dev server (port 5173)
npm run validate         # type-check + lint + tests (same as CI)
npm run test:run         # run tests once
npm run test:coverage    # coverage report
npm run lint             # Biome lint
npm run format           # Biome format

Every PR runs type-check (renderer + Electron main + Worker), lint, security audit, tests, build, and a Cloudflare Pages preview deploy β€” the URL is posted to the PR automatically.

This started as a personal tool and I'd genuinely love help making it better. Bug fixes, new protocol support, UI polish, docs, security hardening β€” all welcome.

git checkout -b fix/my-thing
npm run validate          # type-check + lint + tests β€” same gates as CI
git commit -m 'fix: my thing'

If you're thinking about adding a new protocol or something significant, open an issue first so we can talk through the approach. For smaller things, just send the PR. good first issue is a good place to start. See

CONTRIBUTING.mdfor branch naming and commit format, and

CODE_OF_CONDUCT.mdfor the code of conduct.

β€” guides, references, and how-tosDocumentationβ€” system design, security model, IPC internals** Architecture**β€” what's planned** Roadmap**β€” what's shipped** Changelog**β€” pipeline, supply-chain hardening, release runbook** CI/CD & Releases**β€” how to report vulnerabilities** Security**β€” capture HTTP/GraphQL/WebSocket/SSE/gRPC-web traffic from Chrome into a collection** Browser extension**β€” schema validation, Test Explorer, and inline send for OpenCollection files** VS Code extension**

MIT License Β· Hosted on Cloudflare Pages Β· Made by dipjyotimetia

If this saves you a context-switch, a ⭐ helps other developers find it.

── more in #developer-tools 4 stories Β· sorted by recency
── more on @restura 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain β€” perfect for shipping the agent you just read about.

$git push zahid main
β†’ Live at https://your-agent.zahid.host βœ“
Get free account β†’ Pricing
from €0/mo Β· no card required
LIVE [news/api-client-supportin…] indexed:0 read:7min 2026-07-15 Β· β€”