π New
- You can now delete all variables at once from the Environment, Global, and Collection variable tables using the new Delete All button, which asks for confirmation before clearing. (#2985)
- Users who are not signed in now see a notification banner with a Sign in option, giving advance notice that a free account will soon be required. (#3303)
β¨ Improvements
- When a mandatory update is detected while the desktop app is running, the download now starts automatically so you can install it without any extra steps. (#3319)
π Fixes
- Fixed a bug where the Clone repository modal immediately closed after clicking Clone from the project switcher. (#3188)
- The collection runner now executes requests in the same order they appear in the sidebar, including reorders made by dragging. (#3301)
- Fixed a regression on desktop where the sign-in notification banner remained visible after logging in. (#3338)
- Fixed the embedded terminal on desktop appearing as a blank panel, so it now correctly renders text using the appβs current light or dark theme. (#3282)
- Fixed Quick Share links returning errors for visitors - shared links now load reliably. (#3278)
- Fixed three Postman scripting issues: skipped tests no longer silently discard their function body, response body assertions now require an exact match instead of a substring match, and false warnings about unsupported Postman APIs have been removed. (#3028)
- Fixed the desktop auto-update getting stuck on an error state after a download completed, by adding a verification step between download and success. (#3328)
π Fixes
- Deleted specs, components, and linked specs in API Design no longer reappear in the sidebar after a page reload. (#3239)
- Using βSave as newβ on an HTTP or GraphQL request now carries all Settings overrides, including SSL verification, redirect policy, and timeout, over to the duplicate. (#3221)
- Pre-request scripts that call rq.collectionVariables.set(), unset(), or clear() on a standalone request no longer abort the send with an error - the call is silently skipped and the request proceeds normally. (#3197)
- Collection variables defined on a parent or ancestor folder are now visible to pre-request and post-response scripts, matching what you already see in the URL and header preview. (#3225)
- Importing Postman collections now correctly infers the raw body content type from the Content-Type header when Postmanβs format hint is missing, and the Body tab shows a warning when your selected body language and Content-Type header disagree. (#3219)
π New
- You can now sign in to your Git provider with an OAuth device-code flow, in addition to a personal access token. (#3154)
β¨ Improvements
- The API Client sidebar now shows a Git status indicator for Git-backed projects. (#3158)
- Improved keyboard navigation across the app. (#3072)
- Extended the scripting API with
rq.response.headersaccessors, and brought Safe-mode scripts to parity forrq.response.to.have.jsonSchemaand the JSON body helpers. (#3170, #3175, #3177)
π Fixes
- Example βTry itβ now resolves collection-level variables. (#3169)
- Collection variable default values are now applied when exporting a collection to OpenAPI. (#3180)
- Older Requestly exports that omitted query parameters, headers, or enabled flags now import correctly. (#3167)
- Fixed an error when using βGo to sourceβ after the source specification had been deleted. (#3168)
- AI requests are now rate-limited per user to keep the service responsive. (#3198)
π New
- You can now create private, scoped share links for a single endpoint or folder in your published API docs, with optional password protection and an expiry, and revoke them at any time. (#3082)
- You can now connect a GitLab account with a personal access token for Git-backed projects. (#3074)
β¨ Improvements
- Large collection trees that span multiple projects now scroll smoothly. (#3124)
π Fixes
- Fixed a freeze in single-line fields when a value containing line breaks was entered. (#3103)
- Fixed Requestly-format imports that could fail to save, and the app now shows the actual reason when an import fails. (#3117)
- Generated code snippets now render multipart file fields as file uploads. (#3109)
- Fixed local projects occasionally reporting data as corrupted after a transient read failure; these reads are now retried. (#3116)
- AI features now redact request and response bodies before any data leaves your machine for quality evaluation. (#3119)
π New
- You can now right-click items in the sidebar tree and open tabs to rename, duplicate, delete, and run other actions from a context menu. (#2966)
- You can now copy, cut, and paste requests and folders, within a collection or across collections, using the right-click menu and the usual keyboard shortcuts. (#2983)
- You can now add descriptions to requests and examples across every protocol, and they render in your published API docs. (#3010)
β¨ Improvements
- The request history list now loads and scrolls smoothly even with thousands of entries, and history search no longer stutters as you type. (#2972, #2961)
- The Collection Runner and large request lists feel more responsive thanks to reduced re-rendering. (#2969, #2962)
π Fixes
- The desktop app now opens external links only over secure HTTPS connections and restricts in-app navigation to trusted origins, protecting you against malicious links. (#3089)
- Desktop vault files are now readable only by their owner, so your stored secrets stay private on shared machines. (#3001)
- Fixed a freeze in the API specification editor caused by an infinite render loop in the governance flow. (#3065)
- The desktop terminal now closes its sessions when you delete a project, and new terminal sessions are limited to local projects. (#3031)
- Fixed a server-side issue where saving role or permission changes at the same time could fail. (#3018)
- Added safeguards that limit the number of concurrent import tasks per user and project, keeping imports reliable under load. (#3046)
π New
- When importing an OpenAPI file, you can now choose to create a collection, an API specification, or both together in a single step. (#2973)
π Fixes
- On Windows, the sign-in dialog now stays open and offers a βCopy the URLβ option when your default browser fails to launch, so you can complete the login without getting stuck. (#2894)
- Pasting a cURL command whose URL contains unencoded spaces now imports correctly instead of being rejected. (#3027)
- Importing a Postman collection now correctly preserves query parameters defined in request examples. (#2899)
- Signing up with an email and password now requires at least 8 characters, preventing accounts with weak credentials from being created. (#3016)
- Adding a new route in the Mock Server now automatically selects it so you can start editing immediately, and the rule row controls are visually aligned. (#2893)
π New
- If your organization is subject to data-residency restrictions, you now see a clear compliance notice on sign-in with a sign-out option, instead of hitting an unexpected error. (#2963)
π Fixes
- Importing a Postman data-export ZIP no longer shows a false error for the archive metadata file bundled by Postman, and imports that finish with warnings now display a βWhat needs attentionβ summary instead of a generic success message. (#2931)
- Fixed a server-side issue that caused login failures and widespread errors when multiple users signed in at the same time. (#2991)
π New
- You can now click βView changelogβ in the desktop update notification to read what changed before restarting to install the update. (#2904)
π Fixes
- Fixed security issues in the desktop vault where a crash during startup could erase your stored secrets, vault folders were readable by other users on shared machines, and crafted symbolic links could affect files outside the vault. (#2891)
- When adding a team member or resending an invitation fails, you now see the specific reason from the server instead of a generic error message. (#2956)
- Fixed a bug in the desktop terminal where commands installed via login-profile tools (such as Homebrew, nvm, or Volta) were not found, and fixed a separate issue where the cursor would jump unexpectedly when resizing the terminal panel. (#2958)
- Fixed an error that prevented βUpdate Collectionsβ from applying content changes when syncing a collection from an API specification. (#2949)
π New
- You can now open an embedded terminal in the Dev Tools panel of the desktop app, with support for multiple concurrent sessions in tabs. (#2863)
- Each operation in the published API docs reader now has its own shareable URL, so you can link teammates directly to a specific endpoint. (#2922)
β¨ Improvements
- Press Mod+K while viewing published API docs to jump straight to the outline search field. (#2940)
- Published API docs now render oneOf and anyOf schema compositions with clearly labeled sections, making complex request and response shapes easier to read. (#2934)
- Schema property descriptions in published API docs now render markdown formatting, so code snippets, bold text, and links display as intended instead of as raw markup. (#2928)
- Published API docs now correctly display response headers and link sections, and resolve schemas that are defined at the top level of your spec. (#2927)
π Fixes
- Proxy settings now show a clear validation error for out-of-range port numbers, automatically remove any http:// or https:// prefix you type in the host field, and require both username and password when authentication is turned on. (#2846)
- Fixed an issue where triggering a scheduled run returned a permissions error immediately after signing in. (#2918)
β¨ Improvements
- Collection imports now show a real progress bar with live status instead of a bare spinner. (#2787)
- Invalid project names are now flagged with a clear message before you create or rename a project, instead of failing afterward. (#2892)
- Legacy Postman scripts that use deprecated variables now keep working in the default safe sandbox, with a deprecation warning instead of a silent error. (#2912)
- In published API docs, the outline now highlights and follows the section you are reading as you scroll. (#2917)
π Fixes
- Markdown editing is now readable in light mode, with syntax markers that match your theme. (#2859)
π New
- Scripts gain a full request-execution namespace with setNextRequest, skipRequest, runRequest, and location. (#2849)
- Scripts can now clear request headers for Postman parity. (#2832)
- Scripts can now clear environment, global, and collection variables for Postman parity. (#2854)
- Bulk-delete mock routes by path prefix. (#2811)
β¨ Improvements
π New
- Request capture now follows redirect hops and handles Digest/NTLM challenges and GraphQL introspection. (#2746)
- Create multiple mock routes at once, including their nested responses and rules. (#2759)
- Stash your Git changes from a new stash view, with indicators shown across the app. (#2774)
β¨ Improvements
- Scripts can now modify request headers in both scripting engines. (#2783)
- The Git sidebar panel is tidier with collapsible sections, a change-count badge, and clearer error messages. (#2775)
π Fixes
- Importing a partial Requestly export now re-parents orphaned items so nothing goes missing. (#2782)
π New
- Cloning a repository now discovers and sets up any Requestly project it contains automatically. (#2768)
- Resolve merge conflicts with a new two-way conflict resolution view. (#2769)
β¨ Improvements
- Scripts now run on a faster, more reliable safe-mode engine, including full support on Windows. (#2731)
π Fixes
π New
- DevTools now captures OAuth token fetches that the app makes on your behalf. (#2697)
- A new Git Providers settings page lets you connect accounts, and you can enter or update a personal access token mid-operation when authentication is needed. (#2735)
- Create, switch, and pick Git branches directly from a branch picker. (#2736)
- Browse and select GitHub repositories from a built-in repo picker. (#2737)
β¨ Improvements
- Search your projects and see them sorted alphabetically. (#2739)
π New
- Added App Settings rows to configure eight default behaviors for HTTP and GraphQL requests. (#2390)
- Added rq.sendRequest in scripts for parity with Postmanβs pm.sendRequest. (#2582)
- Added several quality-of-life improvements to the WebSocket and Socket.IO editors. (#2531)
β¨ Improvements
- Importers now show clearer, more accurate reasons when an import fails. (#2227)
π Fixes
β¨ Improvements
- You now get a success toast when switching environments. (#2425)
- The active history entry is now highlighted and its font matches collections. (#2421)
- Template variables are now highlighted in HTTP and GraphQL examples. (#2435)
- MQTT expanded timeline messages now show the retain flag. (#2433)
π Fixes
π New
- HTTP and GraphQL requests now have a per-request Settings tab with values that can inherit from parent levels. (#2379)
- Manage reusable message-body templates in a dedicated Message Templates library. (#2363)
π Fixes
- Fixed sending GET requests with a body over HTTP/2. (#2388)
- Switching authorization type now correctly drops stale fields from the previous type. (#2377)
- The Vault now surfaces the real reason when an operation fails. (#2380)
- The WSDL import button now enables only when the URL matches a valid pattern as you type. (#2355)
π New
- Save and reuse WebSocket and Socket.IO examples. (#2285)
- gRPC proto file content now persists across sessions and syncs to the cloud. (#2314)
π Fixes
- Fixed gRPC stream panel preview, trailer overflow, and reflection method reset issues. (#2209)
- Saving an HTTP, GraphQL, or gRPC request as new now keeps it in the right collection. (#2325)
- GraphQL Send is now blocked when the query body is empty. (#2337)
- URL-bar encoding is preserved when you toggle a query parameter on or off. (#2333)
π New
- Reuse saved message templates, beautify XML, and get clearer connection-state feedback in realtime clients. (#2277)
β¨ Improvements
- Added a Skip link to onboarding. (#2311)
π Fixes
- Discarding or saving variable edits no longer leaves phantom rows behind. (#2292)
- The authorization info banner now shows the correct text when an API key is placed in query params. (#2293)
- URL fragments are now stripped from query-parameter parsing so they no longer pollute your params. (#2299)
- Validation errors are now shown verbatim when saving, so you know exactly what went wrong. (#2305)
π New
- Build and send Socket.IO requests with a dedicated editor. (#2202)
- Import environment variables directly from a .env file. (#2254)
- Save and reuse MQTT examples on both cloud and local projects. (#2261)
- Import and export WebSocket and Socket.IO requests in Requestlyβs native format. (#2278)
π Fixes
π New
- Added the MQTT request editor with message, topics, authorization, properties, and last will tabs. (#2047)
- Added a keyboard shortcuts modal you can open from the Help menu or with Cmd+/. (#2131)
β¨ Improvements
- gRPC service discovery now supports importing a proto file. (#2156)
- gRPC requests now support pre and post scripts and per-protocol editor autocompletion. (#2125)
π Fixes
π New
- Send and inspect gRPC requests with the new gRPC support. (#1917)
β¨ Improvements
- Environments are now sorted alphabetically in the selector. (#1949)
- Clearer drag-and-drop indicators when reordering collections. (#1962)
- Bottom panel dock preferences now persist across sessions. (#1963)
π Fixes
- The app now reloads automatically instead of erroring after a new version is deployed. (#1811)
π New
- The Requestly CLI now supports running cloud collections. (#1591)
- Added five new authentication types for securing your requests. (#1784)
- Authenticate requests using JWT Bearer tokens with configurable payload directives. (#1834)
β¨ Improvements
- Collection trees now remember expansion state per project and added a collapse-all button. (#1795)
π Fixes
π New
- Run your collections from the command line with the new Requestly CLI. (#1541)
- Authenticate requests with OAuth 2.0, including a token service and orchestration. (#1596)
- Use non-interactive OAuth 2.0 grants with automatic token refresh. (#1648)
- Sign requests with OAuth 1.0 directly from the Authorization tab. (#1572)
β¨ Improvements
- Added contextual help hints across the API client. (#1659)
π Fixes
- Older imported records without an explicit type now correctly default to HTTP requests. (#1674)
π New
- An app-wide cookie jar lets you manage cookies with a Postman-style experience. (#1622)
- Import much larger files, with the limit raised from 30 MB to 100 MB. (#1550)
- Import API definitions from SoapUI projects. (#1531)
- Import an exported Requestly project archive directly. (#1602)
β¨ Improvements
π New
- Use npm packages directly in your scripts, with search and one-click install. (#1467)
β¨ Improvements
- Postman imports now translate npm and jsr package requires in scripts. (#1520)
- The package library now always shows its split layout for a steadier view. (#1502)
π Fixes
- The package library Save button now matches the size of other editors. (#1509)
π New
- Run bulk operations on examples and import them from supported formats. (#1296)
- Create examples instantly from the sidebar and save them from a new dropdown. (#1348)
β¨ Improvements
- Persisted example tabs now show a βTry itβ button in place of Send. (#1358)
- Redesigned confirmation dialogs for clearer, more readable prompts. (#1316)

