Your APIs. Your AI. Your rules.
The first API client with an embedded MCP server. Connect Claude, Cursor, or Windsurf to your API workspace — AI helps you build, test, and debug, but never sees your real data. Native macOS. End-to-end encrypted.
AI That Never Sees Your Real Data
RESTK's schema extraction engine strips credentials, tokens, and PII before anything reaches AI. Your AI assistant reasons about structure and types — never your actual data. Every AI interaction is logged in a full audit trail.
{
"email": "[email protected]",
"api_key": "sk-live-abc123",
"balance": 42850.00
}{
"email": "[email protected]",
"api_key": "[REDACTED]",
"balance": 12345.67
}27+ MCP Tools. Zero Configuration.
Connect Claude Code, Claude Desktop, Cursor, or Windsurf in one step. RESTK's embedded MCP server starts automatically and exposes:
Build
Create requests, collections, folders, environments
Execute
Send requests, run cURL, re-execute with overrides
Analyze
Performance analysis, error patterns, schema inference
Test
Generate test scripts, compare responses, assertions
Import
Bring in Postman, OpenAPI, Insomnia, cURL collections
Audit
Every AI action logged — who did what, when
Plus 9 MCP resources and 4 AI prompts. Works with any MCP-compatible client.
Everything You Need From an API Client
Authentication (12 methods)
OAuth 2.0 (with PKCE), JWT, API Key, Basic, Digest, AWS SigV4, Hawk, NTLM, OAuth 1.0, Bearer, Inherited, No Auth
GraphQL
Dedicated editor with schema introspection, autocomplete, variables panel, and operation selection
Scripting & Testing (Nova Engine)
Pre/post-request JavaScript scripts. Test assertions, variable manipulation, pass/fail reporting
Environments & Variables
Multiple environments, {{variable}} substitution, hierarchical resolution, secret variables (hidden from AI)
Import From Anything
Postman, OpenAPI/Swagger, Insomnia, cURL, RESTK native — auto-detected, drag & drop
Request History
Auto-captured, searchable, restore from history, per-request timeline
Team-Ready. Enterprise-Secure.
Real-time sync with three-way merge conflict resolution. 4-tier RBAC. E2E encrypted with AES-256-GCM workspace-level keys. SQLCipher local database.
| Layer | Protection |
|---|---|
| Local Storage | SQLCipher encrypted database |
| Sync Transport | AES-256-GCM end-to-end encryption |
| AI Integration | Schema extraction + credential redaction |
| Access Control | 4-tier RBAC (Owner, Manager, Editor, Viewer) |
| Updates | EdDSA-signed via Sparkle |
Not Electron. Not a Web App.
Built with native technologies from the ground up. Multi-tab, multi-window, Cmd+P command palette, dark/light themes. Feels like a Mac app because it is one.
How RESTK Compares
| Feature | RESTK | Postman | Bruno | Insomnia |
|---|---|---|---|---|
| Native App | Swift | Electron | Tauri | Electron |
| AI Integration | Embedded MCP (local) | Cloud AI | MCP Client only | |
| Privacy | Zero real data to AI | Cloud-first | ||
| E2E Encryption | Workspace-level | Enterprise ($$$) | ||
| Audit Trail | Built-in | Enterprise only | ||
| GraphQL | Full | Full | Basic | Basic |
| Price | Free | $14/mo | Free | Freemium |
Want a detailed breakdown? See the full comparison
Coming This Month
Runner
Execute preset collections with scheduling and results tracking
Git File Sync
Bi-directional Git sync with conflict resolution. Version control your API collections.
CLI
restk-cli for import, export, diff, and headless execution
The API client built for the AI era.
Native performance. Embedded MCP. End-to-end encrypted. Free during beta.