{"slug": "api-client-supporting-agents-grpc-kafka-and-mcp", "title": "API client supporting Agents, gRPC, Kafka and MCP", "summary": "Restura, a new open-source API client, launches supporting protocols including HTTP, GraphQL, gRPC, WebSocket, Kafka, MQTT, and MCP. The tool stores all data locally, requires no account, and is free with no paid tiers, aiming to provide a private alternative to Postman and Insomnia.", "body_md": "Restura is one API client that speaks every protocol I actually use — HTTP, GraphQL, gRPC, WebSocket, SSE, Kafka, MQTT, and MCP. It stores everything locally, needs no account, and runs in the browser, as a native desktop app (macOS / Windows / Linux), or self-hosted in Docker behind your firewall. Free — not \"free tier with the useful stuff locked,\" just free.\n\nIt started because I was tired of juggling four tools to debug one service, each with its own collection format and auth setup. Then Postman changed its pricing and Insomnia went cloud-first — syncing auth tokens, internal hostnames, and payload bodies to someone's server by default. That felt wrong, so Restura signs auth at the wire and keeps your data on your machine.\n\n| Protocol | What works today | |\n|---|---|---|\n`HTTP` |\nREST / HTTP | All methods, params, headers, body types, cookies, code gen |\n`GQL` |\nGraphQL | Query builder, schema introspection, subscriptions |\n`RPC` |\ngRPC | Unary, server streaming, reflection · client/bidi streaming desktop only |\n`WS` |\nWebSocket | Connect, send/receive, full message history |\n`IO` |\nSocket.IO | Connect, emit/listen events, acks |\n`SSE` |\nServer-Sent Events | Live event stream viewer with reconnection |\n`KFK` |\nKafka | Produce / consume, SASL + TLS · desktop only |\n`MQT` |\nMQTT | Publish / subscribe, QoS, TLS · desktop only |\n`MCP` |\nModel Context Protocol | Proxy to any MCP server — and Restura can be one |\n\nRequest scripting |\nPre-request and test scripts in JavaScript, sandboxed in\n|\n\n**Workflows****Import everything****Environments**`{{base_url}}`\n\nbetween staging and prod in one click.**Auth built-in****AI assistant*** Desktop only.***Private by default** Restura signs auth **at the wire** and guards every outbound request — on both the web Worker and the desktop main process.\n\n**Desktop (Electron)**— Keys wrapped by the OS keychain via`safeStorage`\n\n(macOS Keychain / Windows Credential Manager / libsecret), data sealed with AES-256-GCM. mTLS, custom CA certs, SOCKS proxies, PAC resolution, and TLS-verify-off all run through Node's TLS /`net`\n\nstack.**Web**— Keys default to ephemeral in-memory (regenerated per session) so the key never sits beside the ciphertext; encrypted data won't survive a reload. mTLS, custom CA, SOCKS, and TLS-verify-off aren't available in the browser sandbox.**Network**— SSRF guards (RFC 1918, CGNAT, link-local, cloud-metadata, IPv6 ULA, IPv4-mapped IPv6) on every path; desktop adds a DNS-rebind guard at lookup time. AWS SigV4 is signed in the Worker / Electron handler — never the renderer — so the signature matches the exact bytes upstream receives.**Sandbox**— User scripts run in a[QuickJS](https://bellard.org/quickjs/)WASM VM with memory and time limits. No host bridge, no filesystem, no network.**Privacy**— No accounts, no cloud sync. Optional, opt-out error reporting (on by default) can be turned off in** Settings › Privacy**. Desktop routes errors to[Sentry](https://sentry.io)via a renderer→main IPC bridge; web routes them to a self-hosted Cloudflare Worker (`/api/telemetry/error`\n\n). Either way: error message, stack, version, OS only — never request URLs, headers, bodies, secrets, or identity (`sendDefaultPii: false`\n\n). Both paths gate on`settings.telemetry.errorsEnabled`\n\nand send nothing until checked. The only usage signal is anonymous aggregate session counts (desktop Sentry Release Health, gated by the same opt-out); the self-hosted server collects nothing. See.`docs/adr/0027-telemetry-and-privacy-preserving-usage-analytics.md`\n\nSee [ docs/adr/0004-security-hardening.md](/dipjyotimetia/restura/blob/main/docs/adr/0004-security-hardening.md) for the design rationale.\n\n**Prerequisites:** Node.js 24+ and npm. Or skip the setup and [open the web app](https://restura.dev/) directly.\n\n```\ngit clone https://github.com/dipjyotimetia/restura.git\ncd restura\nnpm install\nnpm run dev          # → http://localhost:5173\n```\n\nOne command boots the Vite dev server **and** the Cloudflare Worker proxy (via Miniflare).\n\n**Desktop app (build from source)**\n\nPrebuilt installers live on the [ releases page](https://github.com/dipjyotimetia/restura/releases/latest). To build locally:\n\n```\nnpm run electron:dev              # development (live reload)\n\nnpm run electron:dist:mac         # macOS   → DMG + ZIP  (x64 + arm64)\nnpm run electron:dist:win         # Windows → NSIS + portable (x64 + ia32)\nnpm run electron:dist:linux       # Linux   → AppImage + deb + rpm (x64)\n```\n\n**Self-hosting (Docker)**\n\nRun the web app behind your firewall in a single Node container — no Cloudflare account required.\n\n```\ncp .env.example .env              # set WORKER_PROXY_TOKEN + ALLOWED_ORIGIN\ndocker compose up -d --build\ncurl -fs http://localhost:3000/health\n```\n\nSee [ docs/SELF_HOSTING.md](/dipjyotimetia/restura/blob/main/docs/SELF_HOSTING.md) for the full operations guide — auth modes, internal-network access, reverse-proxy examples, healthchecks.\n\nThe same React SPA powers both targets. The only thing that differs is the transport layer, chosen at runtime by `isElectron()`\n\n.\n\n```\n          ┌──────────────────────────────────────┐\n          │          React SPA (renderer)        │\n          │   Vite · React 19 · React Router v7  │\n          └────────────┬─────────────┬───────────┘\n                       │             │\n                web    │             │   desktop\n                       ▼             ▼\n          ┌─────────────────┐  ┌──────────────────────┐\n          │   Cloudflare    │  │   Electron main       │\n          │   Worker (Hono) │  │   Native IPC handlers │\n          └────────┬────────┘  └──────────┬────────────┘\n                   │                       │\n                   └───────────┬───────────┘\n                               ▼\n                       Target API / Service\n```\n\nProtocol logic lives once in `shared/protocol/`\n\n— SSRF validation, header policy, body construction, response shaping — and each backend supplies only a thin `Fetcher`\n\nadapter. The Cloudflare Worker is never bundled into the desktop app. See [docs/ARCHITECTURE.md](/dipjyotimetia/restura/blob/main/docs/ARCHITECTURE.md) for the full breakdown.\n\n**Project layout**\n\n```\nsrc/\n├── features/\n│   ├── http/          # REST request builder & executor\n│   ├── grpc/          # gRPC client + server reflection\n│   ├── graphql/       # GraphQL builder + schema explorer\n│   ├── websocket/     # WebSocket client\n│   ├── socketio/      # Socket.IO client\n│   ├── sse/           # Server-Sent Events client\n│   ├── kafka/         # Kafka producer/consumer (desktop only)\n│   ├── mqtt/          # MQTT client (desktop only)\n│   ├── mcp/           # MCP client\n│   ├── ai/            # AI assistant (chat + request context)\n│   ├── ai-lab/        # LLM / prompt eval workbench (desktop only)\n│   ├── workflows/     # Request chaining + variable extraction\n│   ├── collections/   # Sidebar, runner, Postman/Insomnia import\n│   ├── environments/  # Environment variable manager\n│   ├── auth/          # Auth config (shared across protocols)\n│   ├── load-testing/  # Collection load/perf runner\n│   ├── mcp-server/    # Restura-as-MCP-server\n│   ├── registry/      # Lightweight service registry / request runner\n│   ├── contracts/     # Contract testing (provider / consumer)\n│   └── scripts/       # Script editor + QuickJS executor\n│\nshared/protocol/       # Backend-agnostic protocol orchestrators\nshared/capture/        # Browser-capture pipeline (used by the extension)\nworker/                # Shared Hono app — Cloudflare Worker + self-hosted Node\nelectron/main/         # Electron main process + IPC handlers\nextension/chrome/      # Browser capture extension (MV3)\nextension/vscode/      # VS Code extension (OpenCollection support)\ncli/                   # restura-cli — run collections in CI\n```\n\n| Concern | Choice |\n|---|---|\n| Build | Vite 8 + `@cloudflare/vite-plugin` |\n| UI | React 19 · Tailwind CSS v4 · shadcn/ui · Radix UI |\n| Routing | React Router v7 (hash mode — works on `file://` and `https://` ) |\n| State | Zustand v5 with `persist` middleware |\n| Validation | Zod v4 |\n| Editor | Monaco Editor |\n| Script VM | QuickJS WASM (`quickjs-emscripten` ) |\n| Worker | Hono on Cloudflare Pages Functions |\n| Desktop | Electron 42 |\n| Tests | Vitest + React Testing Library + Playwright |\n\n```\nnpm run dev              # web dev server (port 5173)\nnpm run validate         # type-check + lint + tests (same as CI)\nnpm run test:run         # run tests once\nnpm run test:coverage    # coverage report\nnpm run lint             # Biome lint\nnpm run format           # Biome format\n```\n\nEvery PR runs type-check (renderer + Electron main + Worker), lint, security audit, tests, build, and a Cloudflare Pages preview deploy — the URL is posted to the PR automatically.\n\nThis started as a personal tool and I'd genuinely love help making it better. Bug fixes, new protocol support, UI polish, docs, security hardening — all welcome.\n\n```\ngit checkout -b fix/my-thing\n# make your changes\nnpm run validate          # type-check + lint + tests — same gates as CI\ngit commit -m 'fix: my thing'\n# open a PR\n```\n\nIf you're thinking about adding a new protocol or something significant, open an issue first so we can talk through the approach. For smaller things, just send the PR. [ good first issue](https://github.com/dipjyotimetia/restura/labels/good%20first%20issue) is a good place to start. See\n\n[CONTRIBUTING.md](/dipjyotimetia/restura/blob/main/CONTRIBUTING.md)for branch naming and commit format, and\n\n[CODE_OF_CONDUCT.md](/dipjyotimetia/restura/blob/main/CODE_OF_CONDUCT.md)for the code of conduct.\n\n— guides, references, and how-tos**Documentation**— system design, security model, IPC internals** Architecture**— what's planned** Roadmap**— what's shipped** Changelog**— pipeline, supply-chain hardening, release runbook** CI/CD & Releases**— how to report vulnerabilities** Security**— capture HTTP/GraphQL/WebSocket/SSE/gRPC-web traffic from Chrome into a collection** Browser extension**— schema validation, Test Explorer, and inline send for OpenCollection files** VS Code extension**\n\n**MIT License** · Hosted on Cloudflare Pages · Made by **dipjyotimetia**\n\nIf this saves you a context-switch, a ⭐ helps other developers find it.", "url": "https://wpnews.pro/news/api-client-supporting-agents-grpc-kafka-and-mcp", "canonical_source": "https://github.com/dipjyotimetia/restura", "published_at": "2026-07-15 21:56:14+00:00", "updated_at": "2026-07-15 22:25:20.311765+00:00", "lang": "en", "topics": ["developer-tools"], "entities": ["Restura", "Postman", "Insomnia", "Sentry", "Cloudflare", "QuickJS"], "alternates": {"html": "https://wpnews.pro/news/api-client-supporting-agents-grpc-kafka-and-mcp", "markdown": "https://wpnews.pro/news/api-client-supporting-agents-grpc-kafka-and-mcp.md", "text": "https://wpnews.pro/news/api-client-supporting-agents-grpc-kafka-and-mcp.txt", "jsonld": "https://wpnews.pro/news/api-client-supporting-agents-grpc-kafka-and-mcp.jsonld"}}