π New
- You can now choose how a response body is displayed using the new format selector in the response toolbar, with options for JSON, XML, HTML, YAML, JavaScript, Markdown, Raw, Hex, and Base64. (#3312)
- Variables now support an array data type, so scripts can store and retrieve real arrays with
.first()and.last()instead of having them flattened to comma-joined strings. (#3444)
β¨ Improvements
- The API Docs publishing flow now shows Copy link and View actions in the success toast, the empty-state primary button highlights the most useful next step, and the Components Library in the API Design sidebar is collapsed by default. (#3435)
π Fixes
- Secret vault references in OAuth 2.0 and JWT Bearer auth fields now resolve correctly when sending requests, instead of being passed as literal template strings to the token endpoint. (#3434)
- The Run via CLI command generated by the collection runner now uses the environment name instead of its internal ID for local projects, so the copied command works when you run it. (#3419)
- Keyboard shortcuts rebound to punctuation keys such as semicolons, periods, slashes, and brackets now fire correctly after being configured in the desktop appβs shortcut settings. (#3396)
- A security vulnerability in the desktop appβs git integration has been patched, and remote URLs are now validated to allow only standard schemes such as https, http, and ssh. (#3383)
π New
- You can now collapse the Collections sidebar to give your request editor more room, and restore it with a click or Cmd/Ctrl+B. (#3313)
- A new Keyboard Shortcuts page in Settings on desktop lets you view all available shortcuts, reassign any of them directly in the list, and reset everything to defaults. (#3098)
β¨ Improvements
- Script errors in pre- and post-request scripts now show line numbers and column positions in the Response panel, DevTools console, and Collection Runner, so you can pinpoint mistakes faster. (#3310)
π Fixes
- Changing a team memberβs role no longer fails with an error when the member has been invited but has not yet logged in. (#3346)
π New
- You can now delete all variables at once from the Environment, Global, and Collection variable tables using the new Delete All button, which asks for confirmation before clearing. (#2985)
- Users who are not signed in now see a notification banner with a Sign in option, giving advance notice that a free account will soon be required. (#3303)
β¨ Improvements
- When a mandatory update is detected while the desktop app is running, the download now starts automatically so you can install it without any extra steps. (#3319)
π Fixes
- Fixed a bug where the Clone repository modal immediately closed after clicking Clone from the project switcher. (#3188)
- The collection runner now executes requests in the same order they appear in the sidebar, including reorders made by dragging. (#3301)
- Fixed a regression on desktop where the sign-in notification banner remained visible after logging in. (#3338)
- Fixed the embedded terminal on desktop appearing as a blank panel, so it now correctly renders text using the appβs current light or dark theme. (#3282)
- Fixed Quick Share links returning errors for visitors - shared links now load reliably. (#3278)
- Fixed three Postman scripting issues: skipped tests no longer silently discard their function body, response body assertions now require an exact match instead of a substring match, and false warnings about unsupported Postman APIs have been removed. (#3028)
- Fixed the desktop auto-update getting stuck on an error state after a download completed, by adding a verification step between download and success. (#3328)
π Fixes
- Deleted specs, components, and linked specs in API Design no longer reappear in the sidebar after a page reload. (#3239)
- Using βSave as newβ on an HTTP or GraphQL request now carries all Settings overrides, including SSL verification, redirect policy, and timeout, over to the duplicate. (#3221)
- Pre-request scripts that call rq.collectionVariables.set(), unset(), or clear() on a standalone request no longer abort the send with an error - the call is silently skipped and the request proceeds normally. (#3197)
- Collection variables defined on a parent or ancestor folder are now visible to pre-request and post-response scripts, matching what you already see in the URL and header preview. (#3225)
- Importing Postman collections now correctly infers the raw body content type from the Content-Type header when Postmanβs format hint is missing, and the Body tab shows a warning when your selected body language and Content-Type header disagree. (#3219)
π New
- You can now sign in to your Git provider with an OAuth device-code flow, in addition to a personal access token. (#3154)
β¨ Improvements
- The API Client sidebar now shows a Git status indicator for Git-backed projects. (#3158)
- Improved keyboard navigation across the app. (#3072)
- Extended the scripting API with
rq.response.headersaccessors, and brought Safe-mode scripts to parity forrq.response.to.have.jsonSchemaand the JSON body helpers. (#3170, #3175, #3177)
π Fixes
- Example βTry itβ now resolves collection-level variables. (#3169)
- Collection variable default values are now applied when exporting a collection to OpenAPI. (#3180)
- Older Requestly exports that omitted query parameters, headers, or enabled flags now import correctly. (#3167)
- Fixed an error when using βGo to sourceβ after the source specification had been deleted. (#3168)
- AI requests are now rate-limited per user to keep the service responsive. (#3198)
π New
- You can now create private, scoped share links for a single endpoint or folder in your published API docs, with optional password protection and an expiry, and revoke them at any time. (#3082)
- You can now connect a GitLab account with a personal access token for Git-backed projects. (#3074)
β¨ Improvements
- Large collection trees that span multiple projects now scroll smoothly. (#3124)
π Fixes
- Fixed a freeze in single-line fields when a value containing line breaks was entered. (#3103)
- Fixed Requestly-format imports that could fail to save, and the app now shows the actual reason when an import fails. (#3117)
- Generated code snippets now render multipart file fields as file uploads. (#3109)
- Fixed local projects occasionally reporting data as corrupted after a transient read failure; these reads are now retried. (#3116)
- AI features now redact request and response bodies before any data leaves your machine for quality evaluation. (#3119)
π New
- You can now right-click items in the sidebar tree and open tabs to rename, duplicate, delete, and run other actions from a context menu. (#2966)
- You can now copy, cut, and paste requests and folders, within a collection or across collections, using the right-click menu and the usual keyboard shortcuts. (#2983)
- You can now add descriptions to requests and examples across every protocol, and they render in your published API docs. (#3010)
β¨ Improvements
- The request history list now loads and scrolls smoothly even with thousands of entries, and history search no longer stutters as you type. (#2972, #2961)
- The Collection Runner and large request lists feel more responsive thanks to reduced re-rendering. (#2969, #2962)
π Fixes
- The desktop app now opens external links only over secure HTTPS connections and restricts in-app navigation to trusted origins, protecting you against malicious links. (#3089)
- Desktop vault files are now readable only by their owner, so your stored secrets stay private on shared machines. (#3001)
- Fixed a freeze in the API specification editor caused by an infinite render loop in the governance flow. (#3065)
- The desktop terminal now closes its sessions when you delete a project, and new terminal sessions are limited to local projects. (#3031)
- Fixed a server-side issue where saving role or permission changes at the same time could fail. (#3018)
- Added safeguards that limit the number of concurrent import tasks per user and project, keeping imports reliable under load. (#3046)
π New
- When importing an OpenAPI file, you can now choose to create a collection, an API specification, or both together in a single step. (#2973)
π Fixes
- On Windows, the sign-in dialog now stays open and offers a βCopy the URLβ option when your default browser fails to launch, so you can complete the login without getting stuck. (#2894)
- Pasting a cURL command whose URL contains unencoded spaces now imports correctly instead of being rejected. (#3027)
- Importing a Postman collection now correctly preserves query parameters defined in request examples. (#2899)
- Signing up with an email and password now requires at least 8 characters, preventing accounts with weak credentials from being created. (#3016)
- Adding a new route in the Mock Server now automatically selects it so you can start editing immediately, and the rule row controls are visually aligned. (#2893)
π New
- If your organization is subject to data-residency restrictions, you now see a clear compliance notice on sign-in with a sign-out option, instead of hitting an unexpected error. (#2963)
π Fixes
- Importing a Postman data-export ZIP no longer shows a false error for the archive metadata file bundled by Postman, and imports that finish with warnings now display a βWhat needs attentionβ summary instead of a generic success message. (#2931)
- Fixed a server-side issue that caused login failures and widespread errors when multiple users signed in at the same time. (#2991)
π New
- You can now click βView changelogβ in the desktop update notification to read what changed before restarting to install the update. (#2904)
π Fixes
- Fixed security issues in the desktop vault where a crash during startup could erase your stored secrets, vault folders were readable by other users on shared machines, and crafted symbolic links could affect files outside the vault. (#2891)
- When adding a team member or resending an invitation fails, you now see the specific reason from the server instead of a generic error message. (#2956)
- Fixed a bug in the desktop terminal where commands installed via login-profile tools (such as Homebrew, nvm, or Volta) were not found, and fixed a separate issue where the cursor would jump unexpectedly when resizing the terminal panel. (#2958)
- Fixed an error that prevented βUpdate Collectionsβ from applying content changes when syncing a collection from an API specification. (#2949)
π New
- You can now open an embedded terminal in the Dev Tools panel of the desktop app, with support for multiple concurrent sessions in tabs. (#2863)
- Each operation in the published API docs reader now has its own shareable URL, so you can link teammates directly to a specific endpoint. (#2922)
β¨ Improvements
- Press Mod+K while viewing published API docs to jump straight to the outline search field. (#2940)
- Published API docs now render oneOf and anyOf schema compositions with clearly labeled sections, making complex request and response shapes easier to read. (#2934)
- Schema property descriptions in published API docs now render markdown formatting, so code snippets, bold text, and links display as intended instead of as raw markup. (#2928)
- Published API docs now correctly display response headers and link sections, and resolve schemas that are defined at the top level of your spec. (#2927)
π Fixes
- Proxy settings now show a clear validation error for out-of-range port numbers, automatically remove any http:// or https:// prefix you type in the host field, and require both username and password when authentication is turned on. (#2846)
- Fixed an issue where triggering a scheduled run returned a permissions error immediately after signing in. (#2918)
β¨ Improvements
- Collection imports now show a real progress bar with live status instead of a bare spinner. (#2787)
- Invalid project names are now flagged with a clear message before you create or rename a project, instead of failing afterward. (#2892)
- Legacy Postman scripts that use deprecated variables now keep working in the default safe sandbox, with a deprecation warning instead of a silent error. (#2912)
- In published API docs, the outline now highlights and follows the section you are reading as you scroll. (#2917)
π Fixes
- Markdown editing is now readable in light mode, with syntax markers that match your theme. (#2859)
π New
- Scripts gain a full request-execution namespace with setNextRequest, skipRequest, runRequest, and location. (#2849)
- Scripts can now clear request headers for Postman parity. (#2832)
- Scripts can now clear environment, global, and collection variables for Postman parity. (#2854)
- Bulk-delete mock routes by path prefix. (#2811)
β¨ Improvements
π New
- Request capture now follows redirect hops and handles Digest/NTLM challenges and GraphQL introspection. (#2746)
- Create multiple mock routes at once, including their nested responses and rules. (#2759)
- Stash your Git changes from a new stash view, with indicators shown across the app. (#2774)
β¨ Improvements
- Scripts can now modify request headers in both scripting engines. (#2783)
- The Git sidebar panel is tidier with collapsible sections, a change-count badge, and clearer error messages. (#2775)
π Fixes
- Importing a partial Requestly export now re-parents orphaned items so nothing goes missing. (#2782)
π New
- Cloning a repository now discovers and sets up any Requestly project it contains automatically. (#2768)
- Resolve merge conflicts with a new two-way conflict resolution view. (#2769)
β¨ Improvements
- Scripts now run on a faster, more reliable safe-mode engine, including full support on Windows. (#2731)
π Fixes
π New
- DevTools now captures OAuth token fetches that the app makes on your behalf. (#2697)
- A new Git Providers settings page lets you connect accounts, and you can enter or update a personal access token mid-operation when authentication is needed. (#2735)
- Create, switch, and pick Git branches directly from a branch picker. (#2736)
- Browse and select GitHub repositories from a built-in repo picker. (#2737)
β¨ Improvements
- Search your projects and see them sorted alphabetically. (#2739)
π New
- Added App Settings rows to configure eight default behaviors for HTTP and GraphQL requests. (#2390)
- Added rq.sendRequest in scripts for parity with Postmanβs pm.sendRequest. (#2582)
- Added several quality-of-life improvements to the WebSocket and Socket.IO editors. (#2531)
β¨ Improvements
- Importers now show clearer, more accurate reasons when an import fails. (#2227)
π Fixes
β¨ Improvements
- You now get a success toast when switching environments. (#2425)
- The active history entry is now highlighted and its font matches collections. (#2421)
- Template variables are now highlighted in HTTP and GraphQL examples. (#2435)
- MQTT expanded timeline messages now show the retain flag. (#2433)
π Fixes
π New
- HTTP and GraphQL requests now have a per-request Settings tab with values that can inherit from parent levels. (#2379)
- Manage reusable message-body templates in a dedicated Message Templates library. (#2363)
π Fixes
- Fixed sending GET requests with a body over HTTP/2. (#2388)
- Switching authorization type now correctly drops stale fields from the previous type. (#2377)
- The Vault now surfaces the real reason when an operation fails. (#2380)
- The WSDL import button now enables only when the URL matches a valid pattern as you type. (#2355)
π New
- Save and reuse WebSocket and Socket.IO examples. (#2285)
- gRPC proto file content now persists across sessions and syncs to the cloud. (#2314)
π Fixes
- Fixed gRPC stream panel preview, trailer overflow, and reflection method reset issues. (#2209)
- Saving an HTTP, GraphQL, or gRPC request as new now keeps it in the right collection. (#2325)
- GraphQL Send is now blocked when the query body is empty. (#2337)
- URL-bar encoding is preserved when you toggle a query parameter on or off. (#2333)
π New
- Reuse saved message templates, beautify XML, and get clearer connection-state feedback in realtime clients. (#2277)
β¨ Improvements
- Added a Skip link to onboarding. (#2311)
π Fixes
- Discarding or saving variable edits no longer leaves phantom rows behind. (#2292)
- The authorization info banner now shows the correct text when an API key is placed in query params. (#2293)
- URL fragments are now stripped from query-parameter parsing so they no longer pollute your params. (#2299)
- Validation errors are now shown verbatim when saving, so you know exactly what went wrong. (#2305)
π New
- Build and send Socket.IO requests with a dedicated editor. (#2202)
- Import environment variables directly from a .env file. (#2254)
- Save and reuse MQTT examples on both cloud and local projects. (#2261)
- Import and export WebSocket and Socket.IO requests in Requestlyβs native format. (#2278)
π Fixes
π New
- Added the MQTT request editor with message, topics, authorization, properties, and last will tabs. (#2047)
- Added a keyboard shortcuts modal you can open from the Help menu or with Cmd+/. (#2131)
β¨ Improvements
- gRPC service discovery now supports importing a proto file. (#2156)
- gRPC requests now support pre and post scripts and per-protocol editor autocompletion. (#2125)
π Fixes
π New
- Send and inspect gRPC requests with the new gRPC support. (#1917)
β¨ Improvements
- Environments are now sorted alphabetically in the selector. (#1949)
- Clearer drag-and-drop indicators when reordering collections. (#1962)
- Bottom panel dock preferences now persist across sessions. (#1963)
π Fixes
- The app now reloads automatically instead of erroring after a new version is deployed. (#1811)
π New
- The Requestly CLI now supports running cloud collections. (#1591)
- Added five new authentication types for securing your requests. (#1784)
- Authenticate requests using JWT Bearer tokens with configurable payload directives. (#1834)
β¨ Improvements
- Collection trees now remember expansion state per project and added a collapse-all button. (#1795)
π Fixes
π New
- Run your collections from the command line with the new Requestly CLI. (#1541)
- Authenticate requests with OAuth 2.0, including a token service and orchestration. (#1596)
- Use non-interactive OAuth 2.0 grants with automatic token refresh. (#1648)
- Sign requests with OAuth 1.0 directly from the Authorization tab. (#1572)
β¨ Improvements
- Added contextual help hints across the API client. (#1659)
π Fixes
- Older imported records without an explicit type now correctly default to HTTP requests. (#1674)
π New
- An app-wide cookie jar lets you manage cookies with a Postman-style experience. (#1622)
- Import much larger files, with the limit raised from 30 MB to 100 MB. (#1550)
- Import API definitions from SoapUI projects. (#1531)
- Import an exported Requestly project archive directly. (#1602)
β¨ Improvements
π New
- Use npm packages directly in your scripts, with search and one-click install. (#1467)
β¨ Improvements
- Postman imports now translate npm and jsr package requires in scripts. (#1520)
- The package library now always shows its split layout for a steadier view. (#1502)
π Fixes
- The package library Save button now matches the size of other editors. (#1509)
π New
- Run bulk operations on examples and import them from supported formats. (#1296)
- Create examples instantly from the sidebar and save them from a new dropdown. (#1348)
β¨ Improvements
- Persisted example tabs now show a βTry itβ button in place of Send. (#1358)
- Redesigned confirmation dialogs for clearer, more readable prompts. (#1316)

