Collections
Organize and manage your API requests with collections that support authentication, variables, and scripts.
Collections are the top-level organizational unit in RESTK, containing folders and requests. They help you group related API endpoints and share common settings across all items.
Quick Start
Create a Collection
Click New Collection in the sidebar and give it a name like "User API" or "Payment Service".
Add Folders and Requests
Organize your API endpoints by creating folders and requests inside the collection.
Configure Shared Settings
Set up authentication, variables, and scripts that all requests in the collection can use.
Start Testing
Send requests and see them inherit the collection's configuration automatically.
Creating Collections
To create a collection:
- Click + New Collection in the sidebar
- Enter a unique name
- Optionally add a description
- Click Create
Works Offline
Collections can be created offline and will sync automatically when you reconnect.
To duplicate a collection:
- Right-click on a collection
- Select Duplicate
- All folders, requests, auth settings, variables, and scripts are copied
Overview Tab
The Overview tab shows you a snapshot of your collection's contents.
What you'll see:
- Total request and folder counts
- HTTP method distribution with colored method badges and counts
- 5 most recently updated requests with time-ago formatting
- Collection created date
AI Integration
The Overview tab includes an AI Integration section where you can share your collection structure with AI assistants. This makes it easy to provide context about your API endpoints when working with AI tools.
Authentication
Collections can define authentication that applies to all requests set to "Inherit".
Setting Up Auth
Open the Auth Tab
Select your collection and navigate to the Auth tab.
Choose Auth Type
Select from Bearer Token, Basic Auth, API Key, JWT, OAuth 2.0, OAuth 1.0, Digest, AWS Signature V4, Hawk, NTLM, or None.
Enter Credentials
Fill in the required fields for your auth type.
Save
Changes save automatically.
Auth Types
| Type | Use Case | Fields |
|---|---|---|
| Bearer Token | OAuth 2.0, API tokens | Token |
| Basic Auth | Username/password | Username, Password |
| API Key | API key in header or query | Key Name, Key Value, Location |
| JWT | Custom JWT generation | Secret, Algorithm, Payload |
| OAuth 2.0 | Authorization Code, Client Credentials | Grant type, Client ID, Client Secret, URLs |
| OAuth 1.0 | Legacy OAuth APIs | Consumer Key, Consumer Secret, Token, Token Secret |
| Digest | HTTP Digest auth | Username, Password |
| AWS Signature V4 | AWS APIs | Access Key, Secret Key, Region, Service |
| Hawk | Hawk HTTP auth | Hawk ID, Hawk Key, Algorithm |
| NTLM | Windows APIs | Username, Password, Domain |
Credential Storage
Auth credentials are stored securely on your device using the macOS Keychain. Each team member manages their own credentials locally.
No Inherit at Collection Level
Collections support all 11 auth types (Bearer Token, Basic Auth, API Key, JWT, OAuth 2.0, OAuth 1.0, Digest, AWS Sig V4, Hawk, NTLM, and None). The "Inherit" option is not available at the collection level since collections are the top of the hierarchy.
Using Variables in Auth
You can use variables in any auth field:
{{api_token}}
This lets you store tokens in environment or collection variables and reference them in your auth configuration.
Variables
Variables let you reuse values across requests without hardcoding them.
Adding Variables
Open Variables Tab
Navigate to the Variables tab in your collection.
Add Variable
Click Add Variable and enter:
- Key: Variable name — must start with a letter or underscore, followed by ASCII letters, numbers, or underscores
- Value: The value to use
- Type: Default or Secret (masked display)
Use in Requests
Reference variables using {{variable_name}} syntax in any request field.
Variable Types
Default Variables
- Visible values
- Used for URLs, API versions, etc.
Secret Variables
- Masked display (••••••)
- Only key and enabled status sync — values stay local per user
- Each team member sets their own secret values
- Used for tokens, passwords
Variable Priority
When multiple levels define the same variable, this order applies: Runtime → Request → Folder → Collection → Environment
Common Variables
baseUrl = "https://api.example.com"
apiVersion = "v1"
apiKey = "your-api-key-here"
Scripts
Scripts let you automate tasks before and after requests using JavaScript.
Pre-request Scripts
Run before any request in the collection.
Common uses:
- Generate timestamps
- Set dynamic authentication
- Calculate request values
// Set a timestamp variable
nova.variable.set("timestamp", Date.now());
// Log to console
console.log("Collection pre-request running");
Post-response Scripts
Run after receiving a response.
Common uses:
- Extract data from responses
- Run tests and assertions
- Set variables for subsequent requests
// Test the response
nova.test("Status is 200", function() {
nova.expect(nova.response.status).toBe(200);
});
// Extract and save data
const data = nova.response.json();
nova.variable.set("userId", data.id);
Script Execution Order
Collection Pre-request
Runs first
Folder Pre-request
Runs second (if request is in a folder)
Request Pre-request
Runs third
HTTP Request
Request is sent
Request Post-response
Runs fourth
Folder Post-response
Runs fifth (if request is in a folder)
Collection Post-response
Runs last
Settings
Configure request behavior for the entire collection. Settings defined at the collection level apply to all requests that don't override them.
Timeout
Set request timeouts in seconds. Three separate timeout values are available:
| Timeout | Description | Default |
|---|---|---|
| Connection | Time to establish the connection | 30s |
| Response | Time to receive the first byte | 30s |
| Total | Total time for the entire request | 30s |
Timeouts inherit through the hierarchy: system defaults → collection → request. A request-level timeout overrides the collection setting.
Security
- SSL Certificate Verification — toggle to enable or disable
- TLS Version — select the minimum TLS version
- Client Certificate — toggle for client certificate authentication
SSL Verification
The SSL verification toggle exists in the UI but may not affect actual network behavior in all cases. Keep this enabled for production use.
Redirects
- Follow Redirects — enabled by default
- Max Redirect Count — default is 5
Importing Collections
RESTK supports importing from other API tools.
Import from Postman
Click Import
Click Import in the collections view.
Select File
Choose a Postman Collection JSON file (v2.1 format).
Preview
Review the collection name, request count, and folder structure.
Confirm
Click Import to add it to your workspace.
Import from cURL
Paste a cURL command to create a new request:
curl -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-H "Authorization: Bearer token123" \
-d '{"name": "John"}'
Multi-File Import
You can import multiple files at once by dragging them into the import view. When importing multiple files, choose a mode:
- Separate Collections — each file becomes its own collection
- Merged — all files are combined into a single collection
The import view shows progress for each file and a summary when complete.
What's Preserved on Import
- Request name and description
- URL and HTTP method
- Headers and query parameters
- Request body
- Authentication settings
- Pre-request and post-response scripts (Postman
pm.*scripts are auto-converted tonova.*by default)
Managing Collections
Renaming
- Click the collection name in the detail view
- Edit the name
- Changes save automatically
Deleting
- Right-click on the collection
- Select Delete
- Confirm (this deletes all folders and requests inside)
Permanent Action
Deleting a collection also removes all folders and requests inside it. This cannot be undone.
Reordering
Drag and drop collections to reorder them in the sidebar. Collections can only be reordered at the root level (they cannot be nested inside other collections). Your custom order syncs across all devices.
Permissions
Collection editing is governed by your workspace role:
| Role | View | Edit | Export | Manage Members | Delete Workspace |
|---|---|---|---|---|---|
| Viewer | Yes | — | — | — | — |
| Editor | Yes | Yes | Yes | — | — |
| Manager | Yes | Yes | Yes | Yes | — |
| Owner | Yes | Yes | Yes | Yes | Yes |
Tips
- Use descriptive names: "Payment API" is better than "API"
- Set up auth once: Configure collection auth and all requests can inherit it
- Organize with folders: Group related endpoints in folders for better organization
- Share common variables: Put frequently used values in collection variables
- Add pre-request scripts: Generate timestamps, tokens, or dynamic data automatically
- Test in post-response scripts: Validate responses and extract data for subsequent requests