# API client supporting Agents, gRPC, Kafka and MCP

> Source: <https://github.com/dipjyotimetia/restura>
> Published: 2026-07-15 21:56:14+00:00

Restura is one API client that speaks every protocol I actually use — HTTP, GraphQL, gRPC, WebSocket, SSE, Kafka, MQTT, and MCP. It stores everything locally, needs no account, and runs in the browser, as a native desktop app (macOS / Windows / Linux), or self-hosted in Docker behind your firewall. Free — not "free tier with the useful stuff locked," just free.

It started because I was tired of juggling four tools to debug one service, each with its own collection format and auth setup. Then Postman changed its pricing and Insomnia went cloud-first — syncing auth tokens, internal hostnames, and payload bodies to someone's server by default. That felt wrong, so Restura signs auth at the wire and keeps your data on your machine.

| Protocol | What works today | |
|---|---|---|
`HTTP` |
REST / HTTP | All methods, params, headers, body types, cookies, code gen |
`GQL` |
GraphQL | Query builder, schema introspection, subscriptions |
`RPC` |
gRPC | Unary, server streaming, reflection · client/bidi streaming desktop only |
`WS` |
WebSocket | Connect, send/receive, full message history |
`IO` |
Socket.IO | Connect, emit/listen events, acks |
`SSE` |
Server-Sent Events | Live event stream viewer with reconnection |
`KFK` |
Kafka | Produce / consume, SASL + TLS · desktop only |
`MQT` |
MQTT | Publish / subscribe, QoS, TLS · desktop only |
`MCP` |
Model Context Protocol | Proxy to any MCP server — and Restura can be one |

Request scripting |
Pre-request and test scripts in JavaScript, sandboxed in
|

**Workflows****Import everything****Environments**`{{base_url}}`

between staging and prod in one click.**Auth built-in****AI assistant*** Desktop only.***Private by default** Restura signs auth **at the wire** and guards every outbound request — on both the web Worker and the desktop main process.

**Desktop (Electron)**— Keys wrapped by the OS keychain via`safeStorage`

(macOS Keychain / Windows Credential Manager / libsecret), data sealed with AES-256-GCM. mTLS, custom CA certs, SOCKS proxies, PAC resolution, and TLS-verify-off all run through Node's TLS /`net`

stack.**Web**— Keys default to ephemeral in-memory (regenerated per session) so the key never sits beside the ciphertext; encrypted data won't survive a reload. mTLS, custom CA, SOCKS, and TLS-verify-off aren't available in the browser sandbox.**Network**— SSRF guards (RFC 1918, CGNAT, link-local, cloud-metadata, IPv6 ULA, IPv4-mapped IPv6) on every path; desktop adds a DNS-rebind guard at lookup time. AWS SigV4 is signed in the Worker / Electron handler — never the renderer — so the signature matches the exact bytes upstream receives.**Sandbox**— User scripts run in a[QuickJS](https://bellard.org/quickjs/)WASM VM with memory and time limits. No host bridge, no filesystem, no network.**Privacy**— No accounts, no cloud sync. Optional, opt-out error reporting (on by default) can be turned off in** Settings › Privacy**. Desktop routes errors to[Sentry](https://sentry.io)via a renderer→main IPC bridge; web routes them to a self-hosted Cloudflare Worker (`/api/telemetry/error`

). Either way: error message, stack, version, OS only — never request URLs, headers, bodies, secrets, or identity (`sendDefaultPii: false`

). Both paths gate on`settings.telemetry.errorsEnabled`

and send nothing until checked. The only usage signal is anonymous aggregate session counts (desktop Sentry Release Health, gated by the same opt-out); the self-hosted server collects nothing. See.`docs/adr/0027-telemetry-and-privacy-preserving-usage-analytics.md`

See [ docs/adr/0004-security-hardening.md](/dipjyotimetia/restura/blob/main/docs/adr/0004-security-hardening.md) for the design rationale.

**Prerequisites:** Node.js 24+ and npm. Or skip the setup and [open the web app](https://restura.dev/) directly.

```
git clone https://github.com/dipjyotimetia/restura.git
cd restura
npm install
npm run dev          # → http://localhost:5173
```

One command boots the Vite dev server **and** the Cloudflare Worker proxy (via Miniflare).

**Desktop app (build from source)**

Prebuilt installers live on the [ releases page](https://github.com/dipjyotimetia/restura/releases/latest). To build locally:

```
npm run electron:dev              # development (live reload)

npm run electron:dist:mac         # macOS   → DMG + ZIP  (x64 + arm64)
npm run electron:dist:win         # Windows → NSIS + portable (x64 + ia32)
npm run electron:dist:linux       # Linux   → AppImage + deb + rpm (x64)
```

**Self-hosting (Docker)**

Run the web app behind your firewall in a single Node container — no Cloudflare account required.

```
cp .env.example .env              # set WORKER_PROXY_TOKEN + ALLOWED_ORIGIN
docker compose up -d --build
curl -fs http://localhost:3000/health
```

See [ docs/SELF_HOSTING.md](/dipjyotimetia/restura/blob/main/docs/SELF_HOSTING.md) for the full operations guide — auth modes, internal-network access, reverse-proxy examples, healthchecks.

The same React SPA powers both targets. The only thing that differs is the transport layer, chosen at runtime by `isElectron()`

.

```
          ┌──────────────────────────────────────┐
          │          React SPA (renderer)        │
          │   Vite · React 19 · React Router v7  │
          └────────────┬─────────────┬───────────┘
                       │             │
                web    │             │   desktop
                       ▼             ▼
          ┌─────────────────┐  ┌──────────────────────┐
          │   Cloudflare    │  │   Electron main       │
          │   Worker (Hono) │  │   Native IPC handlers │
          └────────┬────────┘  └──────────┬────────────┘
                   │                       │
                   └───────────┬───────────┘
                               ▼
                       Target API / Service
```

Protocol logic lives once in `shared/protocol/`

— SSRF validation, header policy, body construction, response shaping — and each backend supplies only a thin `Fetcher`

adapter. The Cloudflare Worker is never bundled into the desktop app. See [docs/ARCHITECTURE.md](/dipjyotimetia/restura/blob/main/docs/ARCHITECTURE.md) for the full breakdown.

**Project layout**

```
src/
├── features/
│   ├── http/          # REST request builder & executor
│   ├── grpc/          # gRPC client + server reflection
│   ├── graphql/       # GraphQL builder + schema explorer
│   ├── websocket/     # WebSocket client
│   ├── socketio/      # Socket.IO client
│   ├── sse/           # Server-Sent Events client
│   ├── kafka/         # Kafka producer/consumer (desktop only)
│   ├── mqtt/          # MQTT client (desktop only)
│   ├── mcp/           # MCP client
│   ├── ai/            # AI assistant (chat + request context)
│   ├── ai-lab/        # LLM / prompt eval workbench (desktop only)
│   ├── workflows/     # Request chaining + variable extraction
│   ├── collections/   # Sidebar, runner, Postman/Insomnia import
│   ├── environments/  # Environment variable manager
│   ├── auth/          # Auth config (shared across protocols)
│   ├── load-testing/  # Collection load/perf runner
│   ├── mcp-server/    # Restura-as-MCP-server
│   ├── registry/      # Lightweight service registry / request runner
│   ├── contracts/     # Contract testing (provider / consumer)
│   └── scripts/       # Script editor + QuickJS executor
│
shared/protocol/       # Backend-agnostic protocol orchestrators
shared/capture/        # Browser-capture pipeline (used by the extension)
worker/                # Shared Hono app — Cloudflare Worker + self-hosted Node
electron/main/         # Electron main process + IPC handlers
extension/chrome/      # Browser capture extension (MV3)
extension/vscode/      # VS Code extension (OpenCollection support)
cli/                   # restura-cli — run collections in CI
```

| Concern | Choice |
|---|---|
| Build | Vite 8 + `@cloudflare/vite-plugin` |
| UI | React 19 · Tailwind CSS v4 · shadcn/ui · Radix UI |
| Routing | React Router v7 (hash mode — works on `file://` and `https://` ) |
| State | Zustand v5 with `persist` middleware |
| Validation | Zod v4 |
| Editor | Monaco Editor |
| Script VM | QuickJS WASM (`quickjs-emscripten` ) |
| Worker | Hono on Cloudflare Pages Functions |
| Desktop | Electron 42 |
| Tests | Vitest + React Testing Library + Playwright |

```
npm run dev              # web dev server (port 5173)
npm run validate         # type-check + lint + tests (same as CI)
npm run test:run         # run tests once
npm run test:coverage    # coverage report
npm run lint             # Biome lint
npm run format           # Biome format
```

Every PR runs type-check (renderer + Electron main + Worker), lint, security audit, tests, build, and a Cloudflare Pages preview deploy — the URL is posted to the PR automatically.

This started as a personal tool and I'd genuinely love help making it better. Bug fixes, new protocol support, UI polish, docs, security hardening — all welcome.

```
git checkout -b fix/my-thing
# make your changes
npm run validate          # type-check + lint + tests — same gates as CI
git commit -m 'fix: my thing'
# open a PR
```

If you're thinking about adding a new protocol or something significant, open an issue first so we can talk through the approach. For smaller things, just send the PR. [ good first issue](https://github.com/dipjyotimetia/restura/labels/good%20first%20issue) is a good place to start. See

[CONTRIBUTING.md](/dipjyotimetia/restura/blob/main/CONTRIBUTING.md)for branch naming and commit format, and

[CODE_OF_CONDUCT.md](/dipjyotimetia/restura/blob/main/CODE_OF_CONDUCT.md)for the code of conduct.

— guides, references, and how-tos**Documentation**— system design, security model, IPC internals** Architecture**— what's planned** Roadmap**— what's shipped** Changelog**— pipeline, supply-chain hardening, release runbook** CI/CD & Releases**— how to report vulnerabilities** Security**— capture HTTP/GraphQL/WebSocket/SSE/gRPC-web traffic from Chrome into a collection** Browser extension**— schema validation, Test Explorer, and inline send for OpenCollection files** VS Code extension**

**MIT License** · Hosted on Cloudflare Pages · Made by **dipjyotimetia**

If this saves you a context-switch, a ⭐ helps other developers find it.
