Real-shaped responses with real auth — so the frontend ships in parallel with the backend.

Apinizer mocks are real proxies — they enforce auth, branch on the request, and land in the same audit log as production. Build the UI before the upstream is ready, then promote in place.

Request a demo Read the docs

VerbsGET · POST · PUT · PATCH · DELETE · HEAD · OPTIONS · TRACE
BranchingHeader · JSONPath · query · JWT claim · cookie
BootstrapBlank or import OpenAPI

Capabilities · deep dive

Four properties that make a mock production-grade.

Real auth, real audit, condition-driven branching, and a one-step OpenAPI bootstrap. Apinizer mocks don't lie about what production will feel like — and they promote in place when the upstream is ready.

01 · EXAMPLES PER STATUS

Every status code gets a real-shaped body.

200 is the easy part. The hard part is 422 with a useful field name, 409 with a duplicate-key message, 503 with a retry hint. Apinizer lets you author a body for every status code your real API will return — so the frontend can build error UI before backend is even started.

Author a body for any HTTP status — 2xx, 4xx, 5xx
Per-example content type — JSON, XML, plain text
Custom response headers with variable resolution at request time
Every HTTP verb supported: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE

200
4xx errors
5xx errors
headers
content-type

Mock editor with status tabs (200, 422, 409, 503) and two example bodies — a successful payment init and a 422 validation error.

02 · CONDITION-DRIVEN ROUTING

Branch on the actual request — same engine as live policies.

Need the mock to return an error only when a specific scenario header is sent? Apinizer evaluates each example's condition against the live request — header, JSONPath body match, query parameter, JWT claim, cookie. The first match wins.

Conditions over header / path / query / JSONPath / JWT claim / cookie
Operators: eq, neq, contains, regex, gt / lt, in, isEmpty
First match wins — falls back to the default example
Same condition engine that powers gateway policies in production

header match
JSONPath
JWT claim
regex

Condition list evaluating an incoming request — the X-Test-Scenario header matches, returning a 402 PAYMENT_REQUIRED example body.

03 · OPENAPI IMPORT

Drop a spec. Get every path scaffolded.

Hand Apinizer your openapi.yaml and it scaffolds every path, every operation, every example, every response header — in one step. Edit afterward in the Designer's OpenAPI editor, the same surface used by real proxies.

Two creation modes: Blank — build by hand, or Import OpenAPI
Examples copied straight from the spec's `examples` field
Headers copied from the spec's `headers` field
Promote any path to a real proxy when the upstream is ready

openapi.yaml
Designer editor
promote in place

OpenAPI import flow — spec dropped in, 47 operations scaffolded across GET/POST/PATCH paths with example counts.

04 · SAME GATEWAY PIPELINE

A mock is a proxy. Just one without an upstream.

QA traffic that goes through real OAuth flows, real throttle limits, real audit logs — that catches the bugs prod will hit. Apinizer mocks pass the entire gateway pipeline; the only difference is that the upstream call is replaced with a condition-driven example pick.

OAuth 2.0 / JWT / API key / mTLS — test real auth flows against real Identity Manager
Throttling, quotas, IP allow-lists — exercise real limits in QA
Every call audit-logged and indexed in Elasticsearch
Promote in place — replace the mock with a real upstream, the URL stays the same

OAuth in QA
audit
promote
no URL change

Same lane for AI

Mock APIs work the same way for AI traffic — author a Mock as an OpenAI-compatible endpoint and an agent can practice against it through the same gateway.