API Reference
API Reference
MockLab exposes a REST API for programmatic access to all features — capturing webhooks, reading collected requests, managing mock collections, and triggering WebSocket events. All endpoints require authentication via an API key.
Authentication
Include your API key in the Authorization header for all API requests.
You can find your API key in the MockLab dashboard under Account → API Keys.
API keys are scoped to your account. Pro plan users can generate multiple API keys with limited permissions.
Base URL
Webhook Inspector
| Method | Endpoint | Description |
|---|---|---|
| GET | /endpoints | List all your webhook endpoints |
| POST | /endpoints | Create a new webhook endpoint |
| GET | /endpoints/{id} | Get a single endpoint's metadata |
| DELETE | /endpoints/{id} | Delete an endpoint and all its captured requests |
| GET | /endpoints/{id}/requests | List captured requests (supports ?limit, ?offset, ?from) |
| GET | /endpoints/{id}/requests/{reqId} | Get a single captured request (headers, body, timing) |
| DELETE | /endpoints/{id}/requests | Clear all captured requests for an endpoint |
| POST | /requests/{reqId}/replay | Replay a captured request to a target URL |
Mock REST API
| Method | Endpoint | Description |
|---|---|---|
| GET | /collections | List all mock collections |
| POST | /collections | Create a new collection with an optional schema |
| GET | /collections/{id} | Get collection metadata and schema |
| PUT | /collections/{id}/schema | Replace the schema and regenerate all records |
| DELETE | /collections/{id} | Delete a collection and all its records |
| GET | /m/{userId}/{resource} | List records (public, no auth required — CORS enabled) |
| GET | /m/{userId}/{resource}/{id} | Get a single record by ID (public) |
| POST | /m/{userId}/{resource} | Create a record (public) |
| PUT | /m/{userId}/{resource}/{id} | Replace a record (public) |
| PATCH | /m/{userId}/{resource}/{id} | Update record fields (public) |
| DELETE | /m/{userId}/{resource}/{id} | Delete a record (public) |
WebSocket Mock
| Method | Endpoint | Description |
|---|---|---|
| GET | /ws-projects | List all WebSocket mock projects |
| POST | /ws-projects | Create a new WS project |
| GET | /ws-projects/{id} | Get project metadata, scenario mode, and connection URL |
| PATCH | /ws-projects/{id} | Update project name or scenario mode |
| DELETE | /ws-projects/{id} | Delete a project and disconnect all clients |
| GET | /ws-projects/{id}/events | List all events defined on a project |
| POST | /ws-projects/{id}/events | Create a new event definition |
| PUT | /ws-projects/{id}/events/{evId} | Replace an event definition |
| DELETE | /ws-projects/{id}/events/{evId} | Delete an event definition |
| POST | /ws-projects/{id}/events/{evId}/trigger | Trigger an event immediately (with optional payload override) |
| GET | /ws-projects/{id}/connections | List currently connected clients |
| GET | /ws-projects/{id}/schedules | List all schedules |
| POST | /ws-projects/{id}/schedules | Create a new schedule |
| PATCH | /ws-projects/{id}/schedules/{schId} | Start, pause, or update a schedule |
| DELETE | /ws-projects/{id}/schedules/{schId} | Delete a schedule |
Rate limits
| Plan | API calls / min | Webhook captures / month | WS concurrent connections |
|---|---|---|---|
| Free | 30 / min | 1,000 | 5 |
| Pro | 300 / min | 100,000 | 50 |
Rate limit headers are included in every API response: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (Unix timestamp).
When exceeded, the API returns 429 Too Many Requests.
Error responses
All API errors return a consistent JSON envelope:
{
"error": true,
"code": "RESOURCE_NOT_FOUND", // Machine-readable error code
"message": "Endpoint not found.", // Human-readable description
"status": 404 // HTTP status code
} | Status | Code | Meaning |
|---|---|---|
| 400 | VALIDATION_ERROR | Request body is missing a required field or has an invalid value |
| 401 | UNAUTHORIZED | Missing or invalid API key in the Authorization header |
| 403 | FORBIDDEN | Your plan does not support this operation (e.g. chaos mode on Free) |
| 404 | RESOURCE_NOT_FOUND | The requested resource ID does not exist |
| 409 | CONFLICT | A resource with the same name already exists |
| 429 | RATE_LIMIT_EXCEEDED | You've exceeded the API rate limit for your plan |
| 500 | INTERNAL_SERVER_ERROR | An unexpected error occurred on the MockLab server |
Can't find what you're looking for? Contact us or open the dashboard and use the in-app chat. We typically respond within a few hours.