API Interceptor, Mocker and Tester Documentation

Intercept. Mock. Test. Master your API flows.

API Pilot presents the API Interceptor, Mocker and Tester extension — a powerful browser tool that allows you to intercept, mock, and test API requests directly from your browser. This documentation covers how to use both the GUI editor and the JSON editor for advanced configurations.

Getting Started
Guest Access & Limits
Core Concepts
Using the GUI Editor
Using the JSON Editor
API Tester
Concurrency Tester
Environments
Rule JSON Schema Reference
Static Mocking
Dynamic Response Modification
Examples
Troubleshooting

Getting Started

Install the API Pilot: Interceptor, Mocker & Tester extension from the Chrome Web Store or Firefox Add-ons.
Click the extension icon to open the sidebar.
Use the global toggle to enable/disable all interception rules.
Click "Add Rule" to create your first interceptor rule.

Guest Access & Limits

You can use API Pilot without creating an account (Guest Access). However, to ensure fair usage and sustainability, Guest Access has specific limits:

Feature	Guest Limit
Interceptor Rules	Max 3 active rules
API History	Max 20 recent requests (FIFO)
Saved Requests	Max 5 saved API calls
Environments	Max 1 environment
Concurrency Testing	Enabled (Standard limits apply)
cURL Import	Enabled

Upgrade to Pro to unlock unlimited rules, history, and environments.

Core Concepts

Rule Types (Actions)

Action Type	Description
MOCK	Return a custom response instead of making the actual network request
REDIRECT	Redirect the request to a different URL
MODIFY_HEADERS	Modify request or response headers

Mock Types

Mock Type	Description
STATIC	Return a fixed JSON/text response
DYNAMIC	Intercept the real response and conditionally modify specific fields

Route Matching

Route Type	Description	Example
WILDCARD	Use `*` as a wildcard	`/api/users/*` matches `/api/users/123`
EXACT	Match the exact path	`/api/users/me`
REGEX	Use regular expressions	`^/api/v[0-9]+/users`

Using the GUI Editor

The GUI editor provides a user-friendly interface for creating and editing rules.

Basic Configuration

Name: A descriptive name for your rule (e.g., "Mock User Profile API")
Active Status: Toggle to enable/disable the rule
Hosts: Add one or more domains (e.g., api.example.com, localhost:3000)
- Click "Current Host" to auto-add the current tab's domain
Method: HTTP method to match (ANY, GET, POST, PUT, DELETE, PATCH, OPTIONS)
Resource Type: Type of resource (xmlhttprequest, fetch, script, etc.)
Route Match: Select Wildcard, Exact Match, or Regular Expression
Route Pattern: The URL path pattern to match

Mock Response Configuration

When using the Mock Response action:

Modify Response Body: If unchecked, the original response passes through (useful for latency only)
Mocking Type: Choose Static JSON or Dynamic Rule
Status Code: HTTP status code to return (200, 404, 500, etc.)
Delay (ms): Simulate network latency
Response Headers: Add custom headers to the response
Response Body: The JSON content to return

Using the JSON Editor

For power users, the JSON Editor provides full control over rule configuration. Switch to the "JSON Source" tab in the rule editor to access it.

Benefits of JSON Editor

Copy/paste rules between environments
Bulk edit complex configurations
Access all schema options not exposed in GUI
Version control your rules

API Tester

The API Tester allows you to make HTTP requests directly from the extension, similar to Postman or Insomnia.

Key Features

Quick Actions: GET, POST, PUT, DELETE, etc.
cURL Import: Paste a cURL command to instantly populate the tester.
History: Access your recent request history (Limit: 20 for Guests).
Saved Requests: Save frequently used requests for quick access (Limit: 5 for Guests).

Usage

Open the "Tester" tab.
Enter the URL and select the method.
Add Headers, Params, or Body as needed.
Click "Send".
View the Response (Status, Time, Size, Body, Headers).

Concurrency Tester

The Concurrency Tester allows you to load test API endpoints by sending multiple requests simultaneously.

Usage

Open the "Concurrency" tab (or switch mode in Tester).
Configure the request (URL, Method, Body).
Set Concurrent Requests: Number of parallel requests to send (e.g., 10, 50).
Click "Start Test".
Analyze results:
- Success/Fail Rates
- Average Duration
- Min/Max Duration
- Detailed Logs

Environments

Environments allow you to manage sets of variables (e.g., {{api_url}}, {{token}}) that can be used across the extension.

Managing Environments

Go to Settings > Environments.
Create a new Environment (Guest Limit: 1).
Add variables (Key-Value pairs).
Select the active environment from the dropdown in the Tester or Rule Editor.

Using Variables

Use the double curly brace syntax {{variable_name}} in:

URLs
Headers (Key and Value)
Body (JSON/Text)

Example: URL: {{api_url}}/users Header: Authorization: Bearer {{auth_token}}

Rule JSON Schema Reference

Complete Rule Structure

{
  "id": "uuid-string",
  "dnrId": 1,
  "name": "My API Mock Rule",
  "active": true,
  "hosts": ["api.example.com", "localhost:3000"],
  "method": "GET",
  "resourceType": "xmlhttprequest",
  "routeType": "WILDCARD",
  "route": "/api/users/*",
  "actionType": "MOCK",
  "actionPayload": {
    // Payload varies by actionType
  }
}

Field Reference

Field	Type	Required	Description
`id`	string (UUID)	Yes	Unique identifier (auto-generated)
`dnrId`	number	No	Internal ID for browser's declarativeNetRequest API
`name`	string	Yes	Human-readable rule name
`active`	boolean	Yes	Whether the rule is enabled
`hosts`	string	Yes	Array of domains to match (min: 1)
`method`	enum	Yes	`ANY`, `GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `OPTIONS`
`resourceType`	enum	Yes	`xmlhttprequest`, `fetch`, `script`, `stylesheet`, `image`, `media`, `websocket`, `other`
`routeType`	enum	Yes	`WILDCARD`, `EXACT`, `REGEX`
`route`	string	Yes	URL path pattern to match
`actionType`	enum	Yes	`MOCK`, `REDIRECT`, `MODIFY_HEADERS`
`actionPayload`	object	Yes	Configuration specific to the action type

Mock Payload Schema

{
  "statusCode": 200,
  "delay": 0,
  "contentType": "application/json",
  "mockType": "STATIC",
  "modifyResponse": true,
  "body": "{ \"message\": \"Hello\" }",
  "responseHeaders": [
    {
      "id": "uuid",
      "key": "X-Custom-Header",
      "value": "custom-value",
      "enabled": true
    }
  ]
}

Field	Type	Default	Description
`statusCode`	number	200	HTTP response status code
`delay`	number	0	Response delay in milliseconds
`contentType`	string	`application/json`	Content-Type header value
`mockType`	enum	`STATIC`	`STATIC` or `DYNAMIC`
`modifyResponse`	boolean	true	If false, passes through original response (only applies delay)
`body`	string \| array	`"{}"`	Static: JSON string. Dynamic: Array of rule items
`responseHeaders`	array	`[]`	Custom response headers

Redirect Payload Schema

{
  "destination": "https://new-api.example.com/endpoint",
  "isRegexSubstitution": false
}

Field	Type	Default	Description
`destination`	string (URL)	Required	Target URL to redirect to
`isRegexSubstitution`	boolean	false	Use regex capture groups in destination

Static Mocking

Static mocking returns a fixed response for every matching request.

Example: Static Mock Rule

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "name": "Mock User Profile",
  "active": true,
  "hosts": ["api.myapp.com"],
  "method": "GET",
  "resourceType": "xmlhttprequest",
  "routeType": "WILDCARD",
  "route": "/api/users/*",
  "actionType": "MOCK",
  "actionPayload": {
    "statusCode": 200,
    "delay": 500,
    "contentType": "application/json",
    "mockType": "STATIC",
    "modifyResponse": true,
    "body": "{\"id\": 1, \"name\": \"John Doe\", \"email\": \"john@example.com\", \"role\": \"admin\"}",
    "responseHeaders": []
  }
}

Dynamic Response Modification

Dynamic mocking intercepts the real API response and modifies it based on conditions. This is powerful for testing edge cases without changing backend code.

Dynamic Rule Structure

When mockType is DYNAMIC, the body field contains an array of rule items:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [
        // Conditions to check
      ],
      "modifications": [
        // Changes to apply if conditions match
      ]
    }
  ]
}

Condition Schema

Each condition checks a specific field in the response:

{
  "field": "path.to.field",
  "operator": "$eq",
  "value": "expected_value"
}

Available Operators

Operator	Description	Example Value
`$eq`	Equal to	`"admin"`
`$ne`	Not equal to	`"guest"`
`$gt`	Greater than	`100`
`$lt`	Less than	`50`
`$gte`	Greater than or equal	`18`
`$lte`	Less than or equal	`65`
`$contains`	Array contains value	`"premium"`
`$regex`	Matches regular expression	`"^user_.*"`
`$or`	Logical OR (uses `children`)	See nested example
`$and`	Logical AND (uses `children`)	See nested example

Modification Schema

Each modification defines what to change:

{
  "field": "path.to.field",
  "action": "SET",
  "value": "new_value"
}

Modification Actions

Action	Description
`SET`	Set or update a field value
`DELETE`	Remove a field from the response

Field Path Notation

Access nested fields using dot notation:

name → { "name": "value" }
user.profile.email → { "user": { "profile": { "email": "value" } } }
items.0.id → First item in array (index-based access)

Examples

Example 1: Force Premium User

Override the user's subscription status to "premium":

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [],
      "modifications": [
        { "field": "subscription.plan", "action": "SET", "value": "premium" },
        {
          "field": "subscription.expiresAt",
          "action": "SET",
          "value": "2030-12-31"
        }
      ]
    }
  ]
}

Example 2: Conditional Modification

Only modify if the user is not already an admin:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [{ "field": "user.role", "operator": "$ne", "value": "admin" }],
      "modifications": [
        { "field": "user.role", "action": "SET", "value": "admin" },
        {
          "field": "user.permissions",
          "action": "SET",
          "value": ["read", "write", "delete", "admin"]
        }
      ]
    }
  ]
}

Example 3: Multiple Conditions (AND)

Modify only if user is active AND has more than 100 points:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [
        { "field": "user.status", "operator": "$eq", "value": "active" },
        { "field": "user.points", "operator": "$gt", "value": 100 }
      ],
      "modifications": [
        { "field": "user.badge", "action": "SET", "value": "gold" }
      ]
    }
  ]
}

Note: Multiple items in the query array are implicitly AND-ed together.

Example 4: OR Conditions

Modify if user is either "admin" OR "moderator":

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [
        {
          "operator": "$or",
          "children": [
            { "field": "role", "operator": "$eq", "value": "admin" },
            { "field": "role", "operator": "$eq", "value": "moderator" }
          ]
        }
      ],
      "modifications": [
        { "field": "canModerate", "action": "SET", "value": true }
      ]
    }
  ]
}

Example 5: Nested AND within OR

Complex condition: (status = "active" AND type = "premium") OR (isVIP = true)

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [
        {
          "operator": "$or",
          "children": [
            {
              "operator": "$and",
              "children": [
                { "field": "status", "operator": "$eq", "value": "active" },
                { "field": "type", "operator": "$eq", "value": "premium" }
              ]
            },
            { "field": "isVIP", "operator": "$eq", "value": true }
          ]
        }
      ],
      "modifications": [
        { "field": "accessLevel", "action": "SET", "value": "full" }
      ]
    }
  ]
}

Example 6: Delete Fields

Remove sensitive data from response:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [],
      "modifications": [
        { "field": "user.password", "action": "DELETE" },
        { "field": "user.ssn", "action": "DELETE" },
        { "field": "user.creditCard", "action": "DELETE" }
      ]
    }
  ]
}

Example 7: Array Contains Check

Check if user has a specific role in their roles array:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [
        {
          "field": "user.roles",
          "operator": "$contains",
          "value": "beta_tester"
        }
      ],
      "modifications": [
        { "field": "features.experimental", "action": "SET", "value": true }
      ]
    }
  ]
}

Example 8: Regex Matching

Check if email matches a pattern:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [
        {
          "field": "user.email",
          "operator": "$regex",
          "value": "@company\\.com$"
        }
      ],
      "modifications": [
        { "field": "user.isEmployee", "action": "SET", "value": true }
      ]
    }
  ]
}

Example 9: Multiple Rule Items

Apply different modifications based on different conditions:

{
  "mockType": "DYNAMIC",
  "body": [
    {
      "query": [{ "field": "plan", "operator": "$eq", "value": "free" }],
      "modifications": [{ "field": "plan", "action": "SET", "value": "pro" }]
    },
    {
      "query": [{ "field": "trialDaysLeft", "operator": "$lte", "value": 0 }],
      "modifications": [
        { "field": "trialDaysLeft", "action": "SET", "value": 30 },
        { "field": "trialExpired", "action": "SET", "value": false }
      ]
    }
  ]
}

Example 10: Simulate Error Response

Force an error status with static mock:

{
  "actionType": "MOCK",
  "actionPayload": {
    "statusCode": 500,
    "delay": 0,
    "mockType": "STATIC",
    "modifyResponse": true,
    "body": "{\"error\": \"Internal Server Error\", \"message\": \"Database connection failed\"}"
  }
}

Example 11: Simulate Slow Response

Test loading states with delay only (no body modification):

{
  "actionType": "MOCK",
  "actionPayload": {
    "statusCode": 200,
    "delay": 5000,
    "mockType": "STATIC",
    "modifyResponse": false
  }
}

Example 12: Redirect to Local Development

Redirect production API calls to local server:

{
  "actionType": "REDIRECT",
  "actionPayload": {
    "destination": "http://localhost:3001/api/v1/users",
    "isRegexSubstitution": false
  }
}

Troubleshooting

Rule Not Matching

Check hosts: Ensure the domain is in the hosts array
Check route pattern: Test your pattern matches the URL
Check method: Ensure the HTTP method matches
Check resource type: For fetch/XHR requests, use xmlhttprequest or fetch

Dynamic Rules Not Working

Verify JSON syntax: Ensure body is valid JSON array
Check field paths: Use exact property names with dot notation
Verify operator: Ensure the operator matches the value type

Extension Not Intercepting

Global toggle: Ensure the global interceptor is enabled
Rule active: Ensure the specific rule is active
Refresh page: Some rules require a page refresh to take effect
Check console: Look for "API Pilot" logs in browser console

Quick Reference Card

Operators

Operator	Description
`$eq`, `$ne`	Equal / Not Equal
`$gt`, `$lt`	Greater / Less Than
`$gte`, `$lte`	Greater / Less Than or Equal
`$contains`	Array contains value
`$regex`	Regex match
`$or`, `$and`	Logical operators (use children)

Modification Actions

Action	Description
`SET`	Set or update field value
`DELETE`	Remove field from response

Field Path Examples

Path	Description
`user.name`	`{ user: { name: "X" } }`
`items.0.id`	First item's id
`data.results.count`	Nested object access

API Pilot: Interceptor, Mocker & Tester - Your gateway to API testing excellence.