Self-Hosted · AI-Powered · Free Forever

Build, Test & Trust
Your APIs with AI

32 assertion types, 9 assertion policy categories, Smart Import across 7 formats, 8 AI features, and a built-in practice API — all running locally on your machine.

Sign In
✓ 32 Assertion Types🛡️ 9 Policy Categories🤖 8 AI Features🔒 100% Self-Hosted📥 Smart Import (7 Formats)🔐 8-Role RBAC🔗 4-Level Scoping
API Qortex — Dashboard
APIQAPI Qortex
🏠 Home
📁 Projects
📊 Reports
API Playground
🤖 Ask Qortex
⚙️ Settings
Total Tests
0
Pass Rate
0%
Avg Response
0ms
Last Run
Run #34
Test Results — Last 12 Runs
Live — 142 tests · 13 suites · 92% pass rate
Features

Everything You Need for API Testing

🧪

Visual Test Builder

Create API tests without writing code. Point-and-click assertions, headers, auth, and body configuration with instant visual feedback.

📐

Project Hierarchy

Organize tests into Projects → Suites → Tests with categories. Full CRUD with drag-and-drop ordering and nested navigation.

32 Assertion Types

Status codes (3), JSON path (12), arrays (3), headers (3), body (4), performance (2), security (1), schema validation, and custom JavaScript across 10 categories.

🛡️

9 Policy Categories

Security, Performance, Validation, Data Quality, Auth, Headers, Schema, Body, Custom — auto-applied with preset bundles.

📝

Pre/Post Scripts

Postman-compatible: pm.variables, pm.environment, pm.collectionVariables, pm.response.json(), pm.test(), pm.expect().

🔗

Multi-Environment

Define Dev, Staging, Production variables per project. Switch environments instantly without editing tests.

🔐

9 Auth Types + Inheritance

Bearer, Basic, API Key, OAuth 2.0, Digest, Hawk, NTLM, AWS Sig V4. Project-to-test inheritance with 401 auto-refresh.

📊

Dashboard & Reports

Pass rate trends, response time percentiles, failure grouping, and exportable test reports.

👥

Team & Roles

Owner, Admin, Tester, Viewer roles with granular permissions and full audit log.

📥

Smart Import

7 formats (Postman, OpenAPI, Swagger, HAR, cURL, Insomnia, Bruno) with AI analysis, auto-detect, script extraction, and 4-step wizard.

🔗

4-Level Variable Scoping

Run > Suite > Project > Global — narrowest wins. Auto-extract tokens from responses, auto-refresh on 401, suite overrides.

🧪

QortexLab Practice API

Built-in companion API with 142 endpoints, 8 auth types, 13 modules. Learn, test, and demo without external dependencies.

🔐

Role-Based Access Control

8 roles (4 global + 4 project): Admin, Manager, Lead, Tester, Owner, Viewer — 20 granular permissions with cascade-safe deletes.

📊

Suite Run History

Independent per-suite run tracking with KPI cards, filter tabs, and side-by-side comparison with regression detection.

AI Engine

AI That Tells You Why Tests Fail

Not just pass/fail — intelligent root cause analysis that pinpoints exactly what went wrong and how to fix it.

Live AI Analysis Example

POST /auth/token returned 401Analyzing...

The AI analyzes the full request/response context, identifies the root cause, and provides actionable fix suggestions — automatically for every failed test.

Root Cause
The client_secret in the request body has been rotated. Current secret was issued on March 1st but the request uses a secret from February 15th.
AUTHMEDIUM
Suggested Fix
1. Retrieve the latest client_secret from your OAuth provider
2. Update the OAUTH_SECRET environment variable
3. Re-run the test suite to verify
🔍
AI Failure AnalysisAuto
Every failed test gets automatic root cause analysis, severity rating, category tags, and step-by-step fix suggestions.
⚖️
Intelligent VerdictAuto
AI reviews entire responses holistically — not just assertions — to catch subtle issues that rules miss.
📋
Field ObservationsAuto
Per-field data quality analysis — anomalies, missing values, format inconsistencies, unexpected patterns.
💡
Test SuggestionsOn-Demand
AI recommends additional test cases based on your API structure, response patterns, and existing coverage gaps.
💬
Product Knowledge ChatInteractive
Ask questions about your projects, test results, API patterns — AI knows your data and gives contextual answers.
📥
Smart Import AnalysisAuto
AI pre-analyzes imported collections — quality score, coverage gaps, auth detection, and recommendations before you import.
🆓
Free with GroqFree Tier
Powered by Groq cloud AI. No local GPU needed, no API costs — completely free. Or use Ollama for full local control.
🏠
Local LLM SupportPrivacy
Run all AI features locally with Ollama. 6 providers supported: Ollama, Groq, Google, Mistral, OpenAI, Anthropic.
Supported AI Providers
🏠 Ollama (Local) Groq (Free)🟢 OpenAI🟣 Anthropic🔵 Google Gemini
Assertions & Policies

32 Assertion Types + 28 Policy Rules

Visual assertion builder — no coding required. 9 policy categories with 28 pre-built rules. Enable once, protect every test automatically.

3
Status Code
equals · in range · not equals
10
JSON Path
exists · value · type · regex · contains · length · gt · lt · not null · in
3
Array
length · contains · item count
3
Headers
exists · value · contains
4
Body
contains · equals · empty · not empty
2
Performance
response time · size
1
Schema
JSON Schema validation
1
Custom JS
JavaScript expression
Quick Check (2)📋 Standard (5)🔍 Thorough (8)📜 Contract (7)🔒 Security (6)⏱️ Performance (4)

6 one-click presets — or switch to Custom Mode for full control over 9 categories and 28 individual rules

📡Response Basics4 rules

Status codes, content type, empty body detection

🔒Security7 rules

Stack traces, password leaks, private IPs, security headers

Performance2 rules

Response time thresholds, payload size limits

📦Body Content5 rules

Body contains, body equals, JSON path exists, JSON path contains, JSON path regex

📊Data Quality3 rules

Not-null checks on key fields, array item count validation

📋Headers2 rules

Header existence and value validation

🔐Auth Security3 rules

No leaked tokens, API keys, or PII patterns

📜Schema & Contract1 rule

JSON Schema v7 validation for contract testing

🧩Custom1 rule

Write any assertion in JavaScript

Smart Import

AI-powered import that auto-detects formats, analyzes quality, extracts variables, and configures auth — before you click Import.

📮
Postman
v2.0 + v2.1 Collections
📄
OpenAPI
3.x (JSON + YAML)
📋
Swagger
2.0 Specifications
🌐
HAR
HTTP Archive Format
🦋
Insomnia
Collections + Envs
💻
cURL
Command Import
📦
JSON
Raw Collections
📑
YAML
OpenAPI YAML Specs
🔍
Auto-Detect Format
Identifies Postman, OpenAPI, Swagger, HAR automatically from file content
🧠
AI Quality Analysis
Coverage score, endpoint gaps, auth detection, and recommendations before import
Script Extraction
Converts Postman pm.* scripts into variable extraction rules automatically
✨ 4-step wizard: Upload → AI Analyze → Preview → Import — conflict resolution included

What No One Else Has

Capabilities unique to API Qortex

Smart Execution

401 auto-refresh re-runs your login and retries. 429 auto-retry waits the Retry-After header. Test dependencies skip downstream tests on failure. Variable extraction chains tokens across tests automatically.

4-Level Variable Chaining
📚

Smart Knowledge Base

Upload your company's API docs (PDF, DOCX, MD). The RAG pipeline chunks, indexes, and makes them searchable via AI chat. Ask questions in plain English, get answers with source citations. 110 built-in articles included.

RAG Pipeline + 110 Articles
🔧

Smart Scripts

Full Postman-compatible pm.* API — bring your existing scripts, they just work. pm.test(), pm.expect(), CryptoJS, lodash, dateFns, uuid, pm.sendRequest() for auxiliary calls, and pm.execution.setNextRequest() for dynamic flow control.

Postman-Compatible + CryptoJS

8 Testing Categories, 40+ Sub-Types

One platform covers every type of API testing.

🧪
Functional
13 sub-types
CRUD, validation, error handling, pagination, filtering, sorting
🛡️
Security
OWASP Top 10
Injection, auth bypass, data exposure, rate limiting
Performance
Load & Stress
Response time, throughput, concurrency, spike testing
📐
Contract
Schema & OpenAPI
Schema validation, backward compatibility, type checking
📡
Monitoring
Uptime & SLA
Health checks, availability, latency monitoring
🔗
Integration
Workflow & Chain
Multi-step workflows, data passing, dependency testing
🌐
Protocol
gRPC · GraphQL · WS
Multi-protocol support beyond REST APIs
🔄
Automation
CI/CD · Schedules
Automated pipelines, scheduled runs, webhook triggers

Enterprise-Ready Features

📅
Schedules
Cron-based test scheduling with timezone support and email notifications.
🔗
Webhooks & CI/CD
Trigger test runs from GitHub Actions, GitLab CI, Jenkins, or any webhook.
📜
Contract Testing
Validate APIs against OpenAPI specs — catch breaking changes before deploy.
🛡️
Security Scanning
OWASP-based security checks — injection, auth bypass, data exposure.
📈
Performance Testing
Concurrent request simulation with percentile response time analysis.
📡
API Monitoring
Uptime monitoring, SLA tracking, and alerting for production APIs.
🐳
Docker Deployment
Deploy with Docker Compose on any VPS. Persistent volumes, auto-restart, health checks.
📋
Audit Trail
Every create, update, delete logged with user, timestamp, entity type, and action.
🔗
Test Dependencies
dependsOn chains ensure execution order. skipIfDepFailed skips downstream tests.

Built on Modern Technologies

Next.js 16React 19TypeScript 5Prisma + PostgreSQLTailwind CSSshadcn/uiZustandFramer MotionSSE StreamingJWT AuthGroq AIOllamaDockerLlama 3.1

Ready to Transform Your API Testing?

Get started in under a minute. Self-hosted. AI-powered.

Sign In