HTTPS/TLS Support¶
Enable HTTPS for your mock servers to test secure connections locally. API Dev Studio generates self-signed certificates for each project.
Enabling HTTPS¶
- Select your project
- Click the Settings icon (⚙️)
- Toggle Enable HTTPS on
- Certificate is generated automatically
- Click View Trust Instructions for setup
Your server will now run on https://localhost:{port} instead of http://localhost:{port}.
Trusting the Certificate¶
Browsers and API clients won't trust self-signed certificates by default. You'll see warnings like "Your connection is not private" or "SSL certificate problem".
To fix this, you need to trust the certificate on your system:
Windows¶
- Click View Trust Instructions in Project Settings
- Copy the certificate file path
- Double-click the certificate file
- Click Install Certificate
- Select Local Machine → Next
- Choose Place all certificates in the following store
- Click Browse → Select Trusted Root Certification Authorities
- Click Next → Finish
- Restart your browser
macOS¶
- Click View Trust Instructions in Project Settings
- Copy the certificate file path
- Open Keychain Access app
- Drag the certificate file into System keychain
- Find the certificate (search for "API Dev Studio")
- Double-click → Expand Trust section
- Set When using this certificate to Always Trust
- Close and enter your password
- Restart your browser
Linux¶
- Click View Trust Instructions in Project Settings
- Copy the certificate file path
- Copy certificate to system trust store:
- For Firefox: Import certificate in Settings → Privacy & Security → Certificates → View Certificates → Import
Certificate Details¶
Each project gets its own self-signed certificate:
- Algorithm: RSA 2048-bit
- Valid for: 365 days from generation
- Common Name:
localhost - Subject Alternative Names:
localhost,127.0.0.1,::1
View certificate details in Project Settings: - Fingerprint (SHA-256) - Expiration date - File location
Auto-Renewal¶
Certificates are valid for 1 year. API Dev Studio will warn you when a certificate is about to expire. To renew:
- Open Project Settings
- Toggle Enable HTTPS off
- Toggle Enable HTTPS on
- A new certificate is generated
- Re-trust the new certificate following the steps above
Deleting Certificates¶
To remove a project's certificate:
- Open Project Settings
- Toggle Enable HTTPS off
- Click Delete Certificate (if shown)
Certificate files are stored in: %APPDATA%\api-dev-studio\projects\{project-id}\certs\
Testing HTTPS Endpoints¶
Using Browser¶
Visit https://localhost:{port}/your-endpoint directly. If you've trusted the certificate, you won't see any warnings.
Using cURL¶
# Trust the certificate
curl https://localhost:3001/api/users
# Or skip verification (not recommended)
curl -k https://localhost:3001/api/users
Using Postman¶
- Go to Settings → Certificates
- Click Add Certificate
- Set Host:
localhost:{port} - Select the certificate file from Project Settings
- Enable the certificate
Troubleshooting¶
"NET::ERR_CERT_AUTHORITY_INVALID" in browser¶
The certificate hasn't been trusted yet. Follow the trust instructions for your OS above.
"curl: (60) SSL certificate problem"¶
Either trust the certificate system-wide, or use curl -k to skip verification (for testing only).
Certificate expired¶
Certificates are valid for 1 year. Generate a new certificate by toggling HTTPS off and back on.
Can't find certificate file¶
- Open Project Settings
- Certificate path is shown under "Certificate Status"
- Copy the path and open it in File Explorer
Security Notes¶
- Development only: Self-signed certificates are for local development only
- Not for production: Use a real certificate (Let's Encrypt, etc.) for production
- Don't share certificates: Each project should have its own certificate
- Trust implications: Trusting a certificate means your system will accept it as valid