API Benchmark
GitHub

Documentation

Everything you need to know about the API Benchmark App.

How it Works

The API Benchmark App uses Autocannon, a high-performance HTTP/1.1 benchmarking tool, to run load tests on your endpoints. When you start a test, the following happens:

  1. Your browser triggers a Next.js Server Action with your configuration.
  2. The server validates the URL for security (SSRF protection).
  3. An in-memory instance of Autocannon is spawned within the serverless environment.
  4. The test runs for the specified duration with the chosen concurrency.
  5. Results are aggregated and returned as JSON to your browser for instant visualization.

Authentication & Custom Headers

Testing protected endpoints is easy with custom header support. This allows you to include API keys, session tokens, or other credentials in your requests.

Testing Bearer Tokens

To test an endpoint requiring a JWT, set the header name to Authorization and the value to Bearer [your_token_here].

Private Endpoints

Benchmark internal or protected services by providing necessary environment-specific headers.

Custom Agents

Set custom User-Agent or other metadata headers to bypass simple bot detection or for tracking.

Data Export

Need the raw data for your own reports? You can export any benchmark result to CSV format.

  • Individual Tests: Click "Export CSV" on the results page to get latency percentiles and throughput metrics.
  • Comparison Data: Exporting from Comparison Mode generates a consolidated file with side-by-side metrics for all tested endpoints.

Security & Safety

SSRF Protection

We block all requests to internal IP ranges (10.x.x.x, 192.168.x.x, etc.) and localhost. This prevents the tool from being used to scan or attack private networks.

Sequential Execution

In Comparison Mode, tests are run one after another. This ensures that the serverless function doesn't hit resource limits and that metrics remain accurate by avoiding bandwidth contention.

Limitations

Serverless Constraints

Since this app is deployed on Vercel Serverless Functions, there are natural limits to duration and concurrency.

Duration

Max 290 Seconds

Longer tests may require higher serverless timeout settings.

Concurrency

Max 100 Connections

High concurrency may hit CPU limits on small serverless instances.

Frequently Asked Questions

Is my data stored?

No. This application is completely stateless. We do not use a database or store any test results. Results only exist in your browser's memory after retrieval.

Why can't I test localhost?

The test is performed by our server, not your browser. Our server cannot reach "localhost" on your machine. Additionally, blocking localhost is a standard security practice to prevent SSRF.

Can I use this for production stress testing?

No. This tool is designed for quick benchmarks and comparisons. For large-scale stress testing, you should use dedicated tools like k6, JMeter, or distributed load generators.