Apinizer Example Services
REST, SOAP, WebSocket, gRPC ve SSL/TLS endpoint'leri saglayan API Gateway test servisi.
1. REST - HTTP Method Endpoints (httpbin compatible)
Gelen istegi echo eder. Headers, args, body, origin IP doner.
GET /get
Istek bilgilerini JSON olarak doner.
curl http:///get
Response: {"args":{},"headers":{"Host":"..."},"origin":"...","url":"..."}
POST /post
POST body'sini echo eder.
curl -X POST -H "Content-Type: application/json" -d '{"name":"test"}' http:///post
PUT /put
curl -X PUT -H "Content-Type: application/json" -d '{"id":1}' http:///put
PATCH /patch
curl -X PATCH -H "Content-Type: application/json" -d '{"field":"val"}' http:///patch
DELETE /delete
curl -X DELETE http:///delete
ANY /anything/{path}
Herhangi bir HTTP method ve path kabul eder, echo eder.
curl http:///anything/my/custom/path
curl -X POST -d '{"x":1}' http:///anything
2. REST - Request Inspection
GET /headers
Tum istek header'larini doner.
curl http:///headers
GET /ip
Client IP adresini doner.
curl http:///ip
GET /user-agent
User-Agent header'ini doner.
curl http:///user-agent
3. REST - Authentication
httpbin Authentication
GET /basic-auth/{user}/{passwd}
HTTP Basic Auth. Basarili: 200, basarisiz: 401.
curl -u testuser:testpass http:///basic-auth/testuser/testpass
Response: {"authenticated":true,"user":"testuser"}
GET /hidden-basic-auth/{user}/{passwd}
Hidden Basic Auth. Basarisizda 404 doner (401 degil).
curl -u testuser:testpass http:///hidden-basic-auth/testuser/testpass
GET /bearer
Bearer token dogrulama.
curl -H "Authorization: Bearer my-token-123" http:///bearer
GET /digest-auth/{qop}/{user}/{passwd}
HTTP Digest Auth (MD5). QOP: auth veya auth-int.
curl --digest -u testuser:testpass http:///digest-auth/auth/testuser/testpass
GET /digest-auth/{qop}/{user}/{passwd}/{algorithm}
Digest Auth - belirli algoritma secimi (MD5, SHA-256, SHA-512).
curl --digest -u testuser:testpass http:///digest-auth/auth/testuser/testpass/SHA-256
GET /digest-auth/{qop}/{user}/{passwd}/{algorithm}/{stale_after}
Digest Auth - stale nonce destegi.
curl --digest -u testuser:testpass http:///digest-auth/auth/testuser/testpass/MD5/3
Apinizer Custom Authentication
Varsayilan kullanici: user1 / P@ssW@rd!
GET /auth/authenticateWithHeader
Header-based auth. Headers: username, password
curl -H "username: user1" -H "password: P@ssW@rd!" http:///auth/authenticateWithHeader
GET /auth/authenticateWithBase64
Base64 token auth. Header: Token: Basic base64(user:pass)
curl -H "Token: Basic dXNlcjE6UEBzc1dAcmQh" http:///auth/authenticateWithBase64
GET /auth/authenticateWithQueryParam
Query parameter auth. Params: username, password
curl "http:///auth/authenticateWithQueryParam?username=user1&password=P@ssW@rd!"
GET /auth/authenticateWithPathParam/{username}/{password}
Path parameter auth.
curl http:///auth/authenticateWithPathParam/user1/P@ssW@rd!
POST /auth/authenticateWithBody
JSON body auth.
curl -X POST -H "Content-Type: application/json" -d '{"username":"user1","password":"P@ssW@rd!"}' http:///auth/authenticateWithBody
POST /auth/authenticateWithForm
Multipart form auth.
curl -X POST -F "username=user1" -F "password=P@ssW@rd!" http:///auth/authenticateWithForm
POST /auth/authenticateWithXWwwForm
x-www-form-urlencoded auth.
curl -X POST -d "username=user1&password=P@ssW@rd!" http:///auth/authenticateWithXWwwForm
GET /apinizer/convertBase64
JWT token body'sini decode eder. Query param: token
curl "http:///apinizer/convertBase64?token=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4ifQ.xxx"
Client Certificate Info
GET /cert-info
Client sertifika bilgilerini doner. Headers: X-Client-Cert, X-Client-Verify, X-Client-Subject-DN, X-Client-Issuer-DN
curl -H "X-Client-Verify: SUCCESS" -H "X-Client-Subject-DN: CN=test" http:///cert-info
GET /cert-info/hello
Client cert info hello endpoint.
4. REST - Response Formats
GET /html
HTML response doner.
curl http:///html
GET /json
JSON response doner.
curl http:///json
GET /xml
XML response doner.
curl http:///xml
GET /robots.txt
curl http:///robots.txt
GET /deny
Deny mesaji doner (robots.txt test).
GET /encoding/utf8
UTF-8 karakter ornekleri (unicode, emoji, CJK, Arapca).
curl http:///encoding/utf8
5. REST - Status Codes & Redirects
ANY /status/{codes}
Belirtilen HTTP status code'u doner. GET/POST/PUT/PATCH/DELETE destekler.
curl -o /dev/null -w "%{http_code}" http:///status/418
curl -X POST http:///status/201
GET /cache
Cache/ETag testi. If-Modified-Since veya If-None-Match varsa 304, yoksa 200 + ETag.
curl -v http:///cache
GET /cache/{value}
Cache-Control: max-age={value} ile cache response.
curl -v http:///cache/3600
GET /etag/{etag}
ETag validation. If-None-Match/If-Match header test.
curl -H "If-None-Match: my-etag" http:///etag/my-etag
GET/POST /response-headers?key=value
Query param'lari response header olarak ekler.
curl -v "http:///response-headers?X-Custom=test&Server=mock"
GET /redirect/{n}
n kere redirect zinciri.
curl -L http:///redirect/3
GET /relative-redirect/{n}
Relative URL ile redirect zinciri.
curl -L http:///relative-redirect/3
GET /absolute-redirect/{n}
Absolute URL ile redirect zinciri.
curl -L http:///absolute-redirect/3
ANY /redirect-to?url={url}&status_code={code}
Belirtilen URL'ye redirect. GET/POST/PUT/PATCH/DELETE.
curl -L "http:///redirect-to?url=http://example.com&status_code=302"
6. REST - Cookies
GET /cookies
Gonderilen tum cookie'leri doner.
curl -b "name=value" http:///cookies
GET /cookies/set?name=value
Query param'lari cookie olarak set eder.
curl -c - "http:///cookies/set?session=abc123&lang=en"
GET /cookies/set/{name}/{value}
Tek cookie set eder.
curl -c - http:///cookies/set/token/xyz
GET /cookies/delete?name
Belirtilen cookie'leri siler (expires=past).
curl -c - "http:///cookies/delete?session&lang"
7. REST - Dynamic Data
GET /bytes/{n}
n byte rastgele data doner (max 100KB). Encoding: /bytes/{n}/{encoding}
curl http:///bytes/1024 --output -
curl http:///bytes/1024/gzip --output - | gunzip
Desteklenen encoding'ler: /gzip, /deflate, /br, /zstd
GET /stream-bytes/{n}
n byte rastgele data stream eder. Encoding: /stream-bytes/{n}/{encoding}
curl http:///stream-bytes/2048
Desteklenen encoding'ler: /gzip, /deflate, /br, /zstd
ANY /delay/{delay}
Belirtilen saniye kadar bekler, sonra echo response doner (max 10s). GET/POST/PUT/PATCH/DELETE.
curl http:///delay/3
GET /drip?duration={s}&numbytes={n}&code={c}&delay={d}
Belirtilen sure boyunca veriyi damla damla gonderir.
curl "http:///drip?duration=3&numbytes=10&code=200&delay=1"
GET /range/{numbytes}
Range request destekli response. Accept-Ranges + Content-Range header.
curl -H "Range: bytes=0-99" http:///range/1024
GET /stream/{n}
n satir JSON stream (NDJSON). Her satir ayri JSON objesi.
curl http:///stream/5
GET /base64/{value}
Base64 decode eder.
curl http:///base64/SGVsbG8gV29ybGQ=
Response: Hello World
GET /uuid
Rastgele UUID doner.
curl http:///uuid
Response: {"uuid":"550e8400-..."}
GET /links/{n}/{offset}
n adet HTML link iceren sayfa. Offset opsiyonel.
curl http:///links/10
8. REST - Images
GET /image
Accept header'a gore image doner (png, jpeg, svg, webp).
curl -H "Accept: image/png" http:///image --output img.png
GET /image/png |
/image/jpeg |
/image/svg |
/image/webp
Belirtilen formatta image doner.
curl http:///image/png --output test.png
9. REST - Compression (httpbin compat)
httpbin uyumlu compression endpoint'leri. Donulen JSON body kendisi hakkinda bilgi icerir.
GET /gzip
Gzip ile sikistirilmis JSON response.
curl --compressed http:///gzip
Response: {"gzipped":true,"method":"GET","origin":"..."}
GET /deflate
Deflate ile sikistirilmis JSON response.
curl --compressed http:///deflate
GET /brotli
Brotli ile sikistirilmis JSON response.
curl --compressed http:///brotli
GET /zstd
Zstandard ile sikistirilmis JSON response.
curl -H "Accept-Encoding: zstd" http:///zstd --output - | zstd -d
10. Encoding Test (Advanced Content-Encoding)
Manuel compression. Spring auto-compression kapali. Her endpoint kendi encoding'ini uygular. Gateway content-encoding policyleri test icin tasarlanmistir.
Text Encoding
| Path | Encoding | Aciklama |
|---|
| /encoding-test/text/identity | identity | Sikistirilmamis text |
| /encoding-test/text/gzip | gzip | Gzip text |
| /encoding-test/text/deflate | deflate | Deflate text |
| /encoding-test/text/br | brotli | Brotli text |
| /encoding-test/text/zstd | zstd | Zstandard text |
curl --compressed http:///encoding-test/text/gzip
Text UTF-8 Encoding
| Path | Encoding | Aciklama |
|---|
| /encoding-test/text-utf8/identity | identity | UTF-8 text, sikistirilmamis |
| /encoding-test/text-utf8/gzip | gzip | UTF-8 text, gzip |
| /encoding-test/text-utf8/deflate | deflate | UTF-8 text, deflate |
| /encoding-test/text-utf8/br | brotli | UTF-8 text, brotli |
| /encoding-test/text-utf8/zstd | zstd | UTF-8 text, zstd |
curl --compressed http:///encoding-test/text-utf8/gzip
JSON UTF-8 Encoding
GET /encoding-test/json-utf8/{encoding}
JSON UTF-8 response. encoding: gzip, deflate, br, zstd, identity
curl --compressed http:///encoding-test/json-utf8/gzip
Corrupted Encoding (Bozuk/Hatali)
Gateway'in hatali encoding durumlarini nasil handle ettigini test eder.
| Path | Senaryo | Aciklama |
|---|
| /encoding-test/corrupted/plain-as-gzip | Plain as Gzip | Duz metin ama Content-Encoding: gzip header'i var |
| /encoding-test/corrupted/corrupted-gzip | Corrupted Gzip | Bozuk gzip data |
| /encoding-test/corrupted/gzip-as-br | Gzip as Brotli | Gzip data ama Content-Encoding: br header'i var |
| /encoding-test/corrupted/double-single | Double as Single | Cift sikistirilmis ama tek encoding header'i var |
| /encoding-test/corrupted/empty-ce | Empty CE | Sikistirilmis body ama Content-Encoding header'i bos |
| /encoding-test/corrupted/empty-body | Empty Body | Content-Encoding header var ama body bos |
curl -v http:///encoding-test/corrupted/plain-as-gzip
Chained Encoding (Zincirleme Sikistirma)
Birden fazla encoding uygulanmis response. Content-Encoding: enc1, enc2
| Path | Chain | Aciklama |
|---|
| /encoding-test/chained/gzip-deflate | gzip, deflate | Gzip sonra deflate |
| /encoding-test/chained/gzip-br | gzip, br | Gzip sonra brotli |
| /encoding-test/chained/gzip-gzip | gzip, gzip | Cift gzip |
| /encoding-test/chained/br-gzip | br, gzip | Brotli sonra gzip |
| /encoding-test/chained/deflate-gzip | deflate, gzip | Deflate sonra gzip |
curl -v http:///encoding-test/chained/gzip-deflate
No-Transform (Cache-Control: no-transform)
Proxy/gateway'in content'i degistirmemesi gereken response'lar.
| Path | Encoding |
|---|
| /encoding-test/no-transform/gzip | gzip + no-transform |
| /encoding-test/no-transform/deflate | deflate + no-transform |
| /encoding-test/no-transform/br | brotli + no-transform |
| /encoding-test/no-transform/zstd | zstd + no-transform |
| /encoding-test/no-transform/identity | identity + no-transform |
curl -v --compressed http:///encoding-test/no-transform/gzip
Vary Header
| Path | Aciklama |
|---|
| /encoding-test/vary/gzip | Vary: Accept-Encoding + gzip |
| /encoding-test/vary/deflate | Vary + deflate |
| /encoding-test/vary/br | Vary + brotli |
| /encoding-test/vary/zstd | Vary + zstd |
| /encoding-test/vary/identity | Vary + identity |
Special HTTP Status + Encoding
| Path | Status | Encoding |
|---|
| /encoding-test/304/gzip | 304 | gzip |
| /encoding-test/304/deflate | 304 | deflate |
| /encoding-test/304/br | 304 | brotli |
| /encoding-test/304/zstd | 304 | zstd |
| /encoding-test/206/gzip | 206 | gzip |
| /encoding-test/206/deflate | 206 | deflate |
| /encoding-test/206/br | 206 | brotli |
| /encoding-test/206/zstd | 206 | zstd |
| /encoding-test/206/identity | 206 | identity |
curl -v http:///encoding-test/304/gzip
Chunked Transfer + Encoding
| Path | Encoding |
|---|
| /encoding-test/chunked/gzip | chunked + gzip |
| /encoding-test/chunked/deflate | chunked + deflate |
| /encoding-test/chunked/br | chunked + brotli |
| /encoding-test/chunked/zstd | chunked + zstd |
curl -v --compressed http:///encoding-test/chunked/gzip
Large Response + Encoding
Buyuk response boyutu ile encoding testi.
| Path | Boyut | Encoding |
|---|
| /encoding-test/large/1mb/identity | 1 MB | identity |
| /encoding-test/large/1mb/gzip | 1 MB | gzip |
| /encoding-test/large/1mb/deflate | 1 MB | deflate |
| /encoding-test/large/1mb/br | 1 MB | brotli |
| /encoding-test/large/1mb/zstd | 1 MB | zstd |
| /encoding-test/large/10mb/identity | 10 MB | identity |
| /encoding-test/large/10mb/gzip | 10 MB | gzip |
| /encoding-test/large/10mb/deflate | 10 MB | deflate |
| /encoding-test/large/10mb/br | 10 MB | brotli |
| /encoding-test/large/10mb/zstd | 10 MB | zstd |
| /encoding-test/large/100mb/identity | 100 MB | identity |
| /encoding-test/large/100mb/gzip | 100 MB | gzip |
| /encoding-test/large/100mb/deflate | 100 MB | deflate |
| /encoding-test/large/100mb/br | 100 MB | brotli |
| /encoding-test/large/100mb/zstd | 100 MB | zstd |
curl --compressed http:///encoding-test/large/1mb/gzip --output /dev/null -w "Size: %{size_download}, Time: %{time_total}s"
Content-Length Correct/Wrong
| Path | Aciklama |
|---|
| /encoding-test/content-length/gzip/correct | Dogru Content-Length + gzip |
| /encoding-test/content-length/gzip/wrong | Yanlis Content-Length + gzip |
| /encoding-test/content-length/br/correct | Dogru Content-Length + brotli |
| /encoding-test/content-length/br/wrong | Yanlis Content-Length + brotli |
| /encoding-test/content-length/deflate/correct | Dogru Content-Length + deflate |
| /encoding-test/content-length/deflate/wrong | Yanlis Content-Length + deflate |
Transfer-Encoding
| Path | Aciklama |
|---|
| /encoding-test/transfer-encoding/gzip | Transfer-Encoding: gzip |
| /encoding-test/transfer-encoding/deflate | Transfer-Encoding: deflate |
Q-Value & Download
GET /encoding-test/qvalue
Accept-Encoding quality value testi. En yuksek q-value encoding'i secilir.
curl -H "Accept-Encoding: gzip;q=0.5, br;q=1.0, deflate;q=0.1" http:///encoding-test/qvalue
GET /encoding-test/download/{fileType}/{encoding}
Dosya indirme + encoding. fileType: txt, json, xml, bin. encoding: gzip, deflate, br, zstd, identity
curl http:///encoding-test/download/json/gzip --output test.json.gz
Request Encoding Echo
POST /encoding-test/request/echo
Request body'sini decompress edip echo eder. Content-Encoding header'ina gore otomatik decompression yapar.
echo "hello" | gzip | curl -X POST -H "Content-Encoding: gzip" -H "Content-Type: text/plain" --data-binary @- http:///encoding-test/request/echo
11. REST - Echo Endpoints
POST /echo/request
Request body'sini decompress edip JSON meta bilgisiyle echo eder.
curl -X POST -H "Content-Type: application/json" -d '{"test":true}' http:///echo/request
POST /echo/request/raw
Request body'sini ham byte olarak echo eder.
curl -X POST -d 'raw data here' http:///echo/request/raw
POST /echo/headers
Request header'larini echo eder.
curl -X POST -H "X-Custom: test" http:///echo/headers
POST /echo/multipart
Multipart form data'yi echo eder.
curl -X POST -F "name=test" -F "file=@/path/to/file" http:///echo/multipart
12. REST - Server-Sent Events (SSE)
GET /sse
text/event-stream. Periyodik SSE event'ler gonderir.
curl -N http:///sse
Response: data: {"id":1,"message":"SSE event","timestamp":"..."}\n\n
GET /sse/{encoding}
Encoding ile SSE stream: gzip, deflate, br, zstd
curl -N --compressed http:///sse/gzip
13. REST - File Upload & Download
File Upload
POST /test/fileUpload
Tek dosya upload. Form field: file
curl -F "file=@/path/to/file.txt" http:///test/fileUpload
POST /test/multipart
Multipart upload: dosya + metadata. Fields: file, name, description
curl -F "file=@photo.jpg" -F "name=photo" -F "description=test" http:///test/multipart
POST /test/multipartMultiple
Birden fazla dosya upload. Field: files (multiple)
curl -F "files=@file1.txt" -F "files=@file2.txt" http:///test/multipartMultiple
File Download (Uploaded Files)
GET /test/downloadFile/{fileName}
Daha once upload edilen dosyayi indir.
curl http:///test/downloadFile/file.txt --output file.txt
Static File Download (Encoding Variants)
JPG, PDF, TXT, BIN dosyalari farkli encoding'lerle indir. Her dosya tipi icin: identity, gzip, deflate, br, zstd
| Base Path | Dosya Tipi | Encoding Variants |
|---|
| /download/jpg | JPEG image | /identity, /gzip, /deflate, /br, /zstd (veya encoding'siz: /download/jpg) |
| /download/pdf | PDF document | /identity, /gzip, /deflate, /br, /zstd |
| /download/txt | Text file | /identity, /gzip, /deflate, /br, /zstd |
| /download/bin | Binary file | /identity, /gzip, /deflate, /br, /zstd |
curl http:///download/jpg --output photo.jpg
curl http:///download/pdf/gzip --output doc.pdf.gz
curl http:///download/txt/br --output text.txt.br
14. REST - User CRUD API
In-memory user store. Sunucu restart'inda sifirlenir.
GET /api/user/
Tum kullanicilari listele.
curl http:///api/user/
GET /api/user/{id}
ID ile kullanici getir (path param).
curl http:///api/user/1
GET /api/user?id={id}
ID ile kullanici getir (query param).
curl "http:///api/user?id=1"
GET /api/getUserByUserInQueryParam?user={json}
JSON user objesi ile arama.
curl "http:///api/getUserByUserInQueryParam?user=%7B%22name%22:%22John%22%7D"
POST /api/user/
Yeni kullanici olustur.
curl -X POST -H "Content-Type: application/json" -d '{"name":"John","surname":"Doe","email":"john@test.com"}' http:///api/user/
PUT /api/user/{id}
Kullaniciyi guncelle.
curl -X PUT -H "Content-Type: application/json" -d '{"name":"Jane","surname":"Doe"}' http:///api/user/1
PATCH /api/user/{id}
Kullaniciyi kismi guncelle.
curl -X PATCH -H "Content-Type: application/json" -d '{"email":"new@test.com"}' http:///api/user/1
DELETE /api/user/{id}
Kullaniciyi sil.
curl -X DELETE http:///api/user/1
DELETE /api/user/
Tum kullanicilari sil.
curl -X DELETE http:///api/user/
15. REST - Contact API (OpenAPI/Swagger)
Swagger UI ile tanimlanan OpenAPI uyumlu CRUD.
GET /openapi/contacts/
Tum contactlari listele. Pagination: ?page=0&size=10
curl http:///openapi/contacts/
GET /openapi/contacts/{contactId}
Contact getir (path param).
curl http:///openapi/contacts/1
POST /openapi/contacts
Yeni contact olustur.
curl -X POST -H "Content-Type: application/json" -d '{"firstName":"Ali","lastName":"Veli","email":"ali@test.com","phone":"+901234567890"}' http:///openapi/contacts
PUT /openapi/contacts/{contactId}
Contact guncelle.
curl -X PUT -H "Content-Type: application/json" -d '{"firstName":"Ali","lastName":"Yilmaz"}' http:///openapi/contacts/1
DELETE /openapi/contacts/{contactId}
Contact sil.
curl -X DELETE http:///openapi/contacts/1
16. REST - Encode/Decode
POST /api/enc/
Body'yi Base64 ile encode eder.
curl -X POST -H "Content-Type: text/plain" -d 'Hello World' http:///api/enc/
POST /api/dec/
Base64 encoded body'yi decode eder.
curl -X POST -H "Content-Type: text/plain" -d 'SGVsbG8gV29ybGQ=' http:///api/dec/
17. REST - Test Utilities
GET /test/test/hello
Basit hello endpoint. Her istekte counter artar.
curl http:///test/test/hello
PATCH /test/test/patch
Basit PATCH test endpoint.
curl -X PATCH http:///test/test/patch
GET /test/test/helloWait?wait={ms}
Belirtilen ms kadar bekler, sonra response doner. Latency testi.
curl "http:///test/test/helloWait?wait=2000"
GET /test/multipleHeaders
Birden fazla header iceren response.
curl -v http:///test/multipleHeaders
18. REST - Client/Edge Case Test
HTTP client ve gateway edge case testleri.
GET /response/plain
Sikistirilmamis plain JSON response.
curl http:///response/plain
GET /response/chunked/stream
Chunked streaming - zamanlama ile parcalar halinde gonderir.
curl -N http:///response/chunked/stream
GET /status/304
304 Not Modified + gzip Content-Encoding header (body yok).
curl -v http:///status/304
GET /status/304-with-body
304 + spec-ihlali body (edge case testi).
curl -v http:///status/304-with-body
GET /status/206
206 Partial Content + gzip.
curl -v http:///status/206
GET /large/gzip-bomb
Gzip bomb - kucuk compressed, 100MB decompressed. Gateway gzip-bomb korumasi testi.
curl --compressed http:///large/gzip-bomb --output /dev/null -w "Size: %{size_download}"
GET /vary/none
Vary header olmadan response.
curl -v http:///vary/none
GET /vary/wildcard
Vary: * (wildcard) ile response.
curl -v http:///vary/wildcard
GET /range/10kb/gzip
Range request + gzip encoding.
curl -H "Range: bytes=0-1023" http:///range/10kb/gzip
GET /stream/plain
Plain byte stream - zamanlama ile parcalar halinde gonderir.
curl -N http:///stream/plain
19. SOAP / WSDL Endpoint
SOAP /service/student-details
SOAP 1.1 StudentDetailsService. MTOM enabled. Namespace: http://www.apinizer.com/xml/school
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:sch="http://www.apinizer.com/xml/school">
<soapenv:Header/>
<soapenv:Body>
<sch:StudentDetailsRequest>
<sch:name>John</sch:name>
</sch:StudentDetailsRequest>
</soapenv:Body>
</soapenv:Envelope>
curl -X POST -H "Content-Type: text/xml" -d '@request.xml' http:///service/student-details
20. WebSocket Endpoints
Port 10090 uzerinden erisilebilir. Ayrica port 10091'de bagimsiz WebSocket servisi de calisir (ayni path'ler).
WS ws://{host}:{port}/websocket
Ana WebSocket endpoint. Text mesaj gonder/al. Echo + timestamp doner.
wscat -c ws:///websocket
// JavaScript:
const ws = new WebSocket('ws:///websocket');
ws.onmessage = (e) => console.log(e.data);
ws.send('Hello!');
WS ws://{host}:{port}/channel-websocket/socket/{channelName}/{tenantId}
Kanal bazli WebSocket. Path parametreleri ile kanal ve tenant belirtilir.
wscat -c ws:///channel-websocket/socket/notifications/tenant1
WS ws://{host}:{port}/ws/socket.io/
Socket.io uyumlu WebSocket endpoint.
wscat -c ws:///ws/socket.io/
Dedicated WebSocket (Port 10091): Ayni endpoint'ler port 10091 uzerinden de erisilebilir:
wscat -c ws://:10091/websocket
21. gRPC Endpoints (Port 50052)
gRPC HelloService - 4 RPC pattern. Port:
50052
Proto:
hello.proto indir |
Adres:
:50052
gRPC hello.HelloService/SayHello
Unary RPC - Tek istek, tek yanit.
grpcurl -plaintext -d '{"name":"World"}' :50052 hello.HelloService/SayHello
Response: {"message":"Hello World"}
gRPC hello.HelloService/SayHelloServerStream
Server Streaming - Tek istek, 5 ardisik yanit.
grpcurl -plaintext -d '{"name":"World"}' :50052 hello.HelloService/SayHelloServerStream
gRPC hello.HelloService/SayHelloClientStream
Client Streaming - Birden fazla istek, tek yanit.
grpcurl -plaintext -d '{"name":"A"} {"name":"B"}' :50052 hello.HelloService/SayHelloClientStream
gRPC hello.HelloService/SayHelloBiStream
Bidirectional Streaming - Iki yonlu stream.
grpcurl -plaintext -d '{"name":"A"} {"name":"B"}' :50052 hello.HelloService/SayHelloBiStream
22. BadSSL - SSL/TLS Test Scenarios (Ports 10001-10040)
| Port | Senaryo | Aciklama | Ornek | Sertifika |
|---|
| 10001 | EXPIRED | Suresi dolmus SSL sertifikasi |
curl -k https://:10001/ |
server.crt |
| 10002 | WRONG_HOST | Farkli hostname icin verilmis sertifika |
curl -k https://:10002/ |
server.crt |
| 10003 | SELF_SIGNED | Self-signed sertifika |
curl -k https://:10003/ |
server.crt |
| 10004 | UNTRUSTED_ROOT | Guvenilmeyen root CA |
curl --cacert test-root-ca.crt https://:10004/ |
server.crt | untrusted-ca.crt |
| 10005 | REVOKED | Revoke edilmis sertifika |
curl -k https://:10005/ |
server.crt |
| 10006 | INCOMPLETE_CHAIN | Eksik sertifika zinciri |
curl -k https://:10006/ |
server.crt |
| 10007 | SHA1 | SHA-1 imzali sertifika |
curl -k https://:10007/ |
server.crt |
| 10008 | SHA256 | SHA-256 imzali |
curl -k https://:10008/ |
server.crt |
| 10009 | SHA384 | SHA-384 imzali |
curl -k https://:10009/ |
server.crt |
| 10010 | SHA512 | SHA-512 imzali |
curl -k https://:10010/ |
server.crt |
| 10011 | RSA512 | 512-bit RSA key (zayif) |
curl -k https://:10011/ |
server.crt |
| 10012 | RSA1024 | 1024-bit RSA key |
curl -k https://:10012/ |
server.crt |
| 10013 | RSA2048 | 2048-bit RSA key (standart) |
curl -k https://:10013/ |
server.crt |
| 10014 | RSA4096 | 4096-bit RSA key |
curl -k https://:10014/ |
server.crt |
| 10015 | RSA8192 | 8192-bit RSA key |
curl -k https://:10015/ |
server.crt |
| 10016 | ECC256 | 256-bit ECC key |
curl -k https://:10016/ |
server.crt |
| 10017 | ECC384 | 384-bit ECC key |
curl -k https://:10017/ |
server.crt |
| 10018 | TLS_V1_0 | Sadece TLS 1.0 |
curl -k --tls-max 1.0 https://:10018/ |
- |
| 10019 | TLS_V1_1 | Sadece TLS 1.1 |
curl -k --tls-max 1.1 https://:10019/ |
- |
| 10020 | TLS_V1_2 | Sadece TLS 1.2 |
curl -k --tlsv1.2 https://:10020/ |
- |
| 10021 | TLS_V1_3 | Sadece TLS 1.3 |
curl -k --tlsv1.3 https://:10021/ |
- |
| 10022 | RC4 | RC4 cipher (zayif) |
curl -k --ciphers RC4 https://:10022/ |
- |
| 10023 | THREE_DES | 3DES cipher (zayif) |
curl -k https://:10023/ |
- |
| 10024 | NULL_CIPHER | NULL cipher (sifreleme yok) |
curl -k https://:10024/ |
- |
| 10025 | DH480 | 480-bit DH |
curl -k https://:10025/ |
- |
| 10026 | DH512 | 512-bit DH |
curl -k https://:10026/ |
- |
| 10027 | DH1024 | 1024-bit DH |
curl -k https://:10027/ |
- |
| 10028 | DH2048 | 2048-bit DH |
curl -k https://:10028/ |
- |
| 10029 | SUPERFISH | Superfish CA |
curl -k https://:10029/ |
server.crt |
| 10030 | EDELLROOT | eDellRoot CA |
curl -k https://:10030/ |
server.crt |
| 10031 | DSDTESTPROVIDER | DSDTestProvider CA |
curl -k https://:10031/ |
server.crt |
| 10032 | MOZILLA_OLD | Mozilla Old TLS (1.0/1.1/1.2) |
curl -k https://:10032/ |
- |
| 10033 | MOZILLA_INTERMEDIATE | Mozilla Intermediate (1.2/1.3) |
curl -k https://:10033/ |
- |
| 10034 | MOZILLA_MODERN | Mozilla Modern (sadece 1.3) |
curl -k --tlsv1.3 https://:10034/ |
- |
| 10035 | HSTS | HSTS header |
curl -kI https://:10035/ |
- |
| 10036 | NO_COMMON_NAME | CN olmayan sertifika |
curl -k https://:10036/ |
server.crt |
| 10037 | NO_SUBJECT | Subject olmayan sertifika |
curl -k https://:10037/ |
server.crt |
| 10038 | SANS_1000 | 1000 SAN iceren sertifika |
curl -k https://:10038/ |
server.crt |
| 10039 | EXTENDED_VALIDATION | EV sertifikasi |
curl -k https://:10039/ |
- |
| 10040 | CLIENT_CERT (mTLS) | Client sertifikasi ZORUNLU |
curl -k --cert client.crt --key client.key https://:10040/ |
client.p12 (badssl) |
client.crt |
client.key |
23. Apinizer Keystore/Truststore & Downloads
Ana uygulama keystore ve truststore (JKS format).
Proto dosyasi (gRPC servis tanimi)
24. Proxy Body Integrity
Proxy'nin body'yi bozup bozmadigi testleri. Echo + MD5 hash ile dogrulama.
Large JSON Body
POST /proxy-test/body/large-json/echoBuyuk JSON body echo — body + size + MD5 doner
POST /proxy-test/body/large-json/verifyBuyuk JSON body verify — sadece size + MD5 (body echo yok)
Binary Body
POST /proxy-test/body/binary/echoBinary body echo — oldugu gibi geri doner, X-Received-Size/MD5 header'da
POST /proxy-test/body/binary/verifyBinary body verify — sadece metadata
Empty Body
POST /proxy-test/body/empty/echoEmpty body echo — Content-Length:0 kontrolu
POST /proxy-test/body/empty/204204 No Content — body yok, CL yok
GET /proxy-test/body/empty/200200 OK + Content-Length:0 — bos body
Multipart & Form
POST /proxy-test/body/multipart/echomultipart/form-data echo — part metadata + file MD5
POST /proxy-test/body/form/echox-www-form-urlencoded echo — double-encode kontrolu
Body Generator
GET /proxy-test/body/generate?size=1024&type=jsonConfigurable body generator (json|text|binary)
25. Proxy Header Passthrough
Proxy'nin header'lari duzgun iletip iletmedigi testleri.
GET /proxy-test/headers/echoTum gelen header'lari JSON echo
GET /proxy-test/headers/hop-by-hopHop-by-hop header'lar (Connection, Keep-Alive, Trailer...) — proxy silmeli
GET /proxy-test/headers/duplicateDuplicate header'lar (3x Set-Cookie, 2x X-Custom, 2x Link)
GET /proxy-test/headers/large-value?size=8192Buyuk header degeri (default 8KB)
GET /proxy-test/headers/many?count=50Cok sayida header (default 50)
GET /proxy-test/headers/mirrorX-* header mirror — gelen X- header'lari response'a yansitir
GET /proxy-test/headers/forwardedProxy header echo (X-Forwarded-For, X-Real-IP, Via...)
GET /proxy-test/headers/special-charsOzel karakter iceren header degerleri (UTF-8, semicolon, comma, quoted)
26. Proxy Timeout & Slow Response
Proxy timeout davranisi, yarim body iletimi testleri.
GET /proxy-test/timeout/slow-header?delay=5000Slow header — belirtilen sure header gondermeden bekler
GET /proxy-test/timeout/slow-body?chunkDelay=1000&chunks=10Slow body — header hemen, body yavas (chunked)
GET /proxy-test/timeout/slow-body-with-length?chunkDelay=1000&chunks=5Slow body + Content-Length — partial body leak testi
GET /proxy-test/timeout/delay?ms=3000Configurable delay (ms granularite)
GET /proxy-test/timeout/slow-first-byte?delay=5000Slow first byte — ilk byte gec, sonra hizli
GET /proxy-test/timeout/incompleteIncomplete response — CL:1000 deyip 10 byte gonderir
27. Proxy URL Handling
URL encoding/decoding, path traversal, query parametre sirasi testleri.
GET /proxy-test/url/echoURL bilgileri echo (URI, query string, params)
GET /proxy-test/url/tr/şığüöıçTurkce karakterli path
GET /proxy-test/url/unicode/{path}Unicode path (emoji, CJK)
GET /proxy-test/url/double-encoded/{path}Double-encoded URL testi (%2520 vb.)
GET /proxy-test/url/query-order?c=3&a=1&b=2Query param sirasi koruma testi
GET /proxy-test/url/long?key=very-long-value...Uzun URL testi (8KB+)
GET /proxy-test/url/path/safePath traversal target (/path/../safe)
GET /proxy-test/url/encode-test?value=şığüöıçURL encode/decode round-trip
GET /proxy-test/url/semicolon/{path}Semicolon in path (;jsessionid vb.)
28. Proxy Connection & Redirect
Redirect Location header rewrite, backend error handling testleri.
Redirect
GET /proxy-test/connection/redirect/absolute301 Redirect — absolute URL (backend URL leak testi)
GET /proxy-test/connection/redirect/relative302 Redirect — relative URL
GET /proxy-test/connection/redirect/307307 Temporary Redirect — method preservation
GET /proxy-test/connection/redirect/308308 Permanent Redirect — method preservation
GET /proxy-test/connection/redirect/internal-hostRedirect with internal hostname — hostname leak testi
GET /proxy-test/connection/redirect/targetRedirect target (chain sonu)
Error & Connection
GET /proxy-test/connection/error/502502 Bad Gateway simulasyonu
GET /proxy-test/connection/error/503?retryAfter=30503 Service Unavailable + Retry-After
GET /proxy-test/connection/error/504504 Gateway Timeout simulasyonu
GET /proxy-test/connection/expect-continueExpect: 100-continue test
GET /proxy-test/connection/closeConnection: close response
29. Proxy CORS
CORS preflight ve header passthrough testleri.
GET /proxy-test/cors/simpleSimple CORS — Access-Control-Allow-Origin: *
GET /proxy-test/cors/specific-originOrigin-specific CORS — Origin header'ini yansitir
GET /proxy-test/cors/credentialsCORS + credentials — Allow-Credentials: true
OPTIONS/GET /proxy-test/cors/preflightCORS preflight — full Access-Control-* header seti
OPTIONS/POST /proxy-test/cors/preflight-postPOST preflight — custom header'li POST icin preflight
30. Proxy Cookie Handling
Multi Set-Cookie, path/domain rewrite, cookie passthrough testleri.
GET /proxy-test/cookies/multi-set5 ayri Set-Cookie header (HttpOnly, Secure, SameSite...)
GET /proxy-test/cookies/path-specificPath-specific cookie'ler (/, /proxy-test, /proxy-test/cookies...)
GET /proxy-test/cookies/domain-leakDomain cookie — backend domain leak testi
GET /proxy-test/cookies/echoCookie echo — gelen cookie'leri JSON doner
GET /proxy-test/cookies/special-valuesOzel karakterli cookie degerleri (URL-encoded, JSON, bos)
31. Proxy Content-Type & Charset
Charset donusumu, content negotiation, Content-Type edge case'leri.
Charset Variants
GET /proxy-test/content-type/charset/utf-8UTF-8 — standart (Turkce + CJK + emoji)
GET /proxy-test/content-type/charset/iso-8859-9ISO-8859-9 (Latin-5 Turkce) — proxy UTF-8 varsayip bozar mi?
GET /proxy-test/content-type/charset/windows-1254windows-1254 (Turkce Windows charset)
GET /proxy-test/content-type/charset/iso-8859-1ISO-8859-1 (Latin-1) — aksanli Avrupa karakterleri
Content-Type Edge Cases
GET /proxy-test/content-type/no-content-typeContent-Type olmadan response — proxy default ekler mi?
GET /proxy-test/content-type/mismatch/json-as-xmlCT: application/json ama body XML
GET /proxy-test/content-type/mismatch/xml-as-jsonCT: text/xml ama body JSON
GET /proxy-test/content-type/bom/utf-8BOM (Byte Order Mark) + UTF-8 JSON
GET /proxy-test/content-type/binaryapplication/octet-stream binary response
GET /proxy-test/content-type/ndjsonapplication/x-ndjson (Newline Delimited JSON)
GET /proxy-test/content-type/multipart-mixedmultipart/mixed response (JSON + text + XML parts)
Content Negotiation
GET /proxy-test/content-type/negotiateAccept header'a gore JSON/XML/HTML/text doner
32. Proxy HTTP Methods
HEAD, OPTIONS, PATCH, DELETE with body gibi method-specific testler.
HEAD/GET /proxy-test/methods/head-testHEAD: body yok, CL + ETag + custom header var. GET: body var.
OPTIONS/GET /proxy-test/methods/options-testOPTIONS: Allow header ile desteklenen method'lar
ALL /proxy-test/methods/echoHerhangi HTTP method ile — method echo
PATCH /proxy-test/methods/patch-echoPATCH body echo
DELETE /proxy-test/methods/delete-with-bodyDELETE with body — proxy body'yi drop eder mi?
GET /proxy-test/methods/get-with-bodyGET with body — RFC izin verir ama proxy drop edebilir
33. Proxy Security Test
XXE, XSS, rate limit, cache-control, RFC 7807 Problem Details testleri.
POST /proxy-test/security/xml/safe-parseXML safe parse — DTD/XXE reddi (Content-Type: application/xml)
GET /proxy-test/security/xss/escaped?input=<script>XSS reflection — HTML-escaped (guvenli)
GET /proxy-test/security/xss/raw?input=<script>XSS reflection — raw/unescaped (kasitli guvensiz)
GET /proxy-test/security/rate-limit?limit=5&windowSeconds=60Rate limit simulasyonu — N istekten sonra 429 + Retry-After
GET /proxy-test/security/problem-detail?status=404RFC 7807 Problem Details (application/problem+json)
GET /proxy-test/security/cache-control?directive=no-storeCache-Control header variants (no-store|no-cache|private|public|immutable)
Port Ozeti
| Port | Protokol | Servis |
|---|
| 10090 | HTTP | REST API + SOAP + WebSocket + SSE + Swagger UI + Landing Page |
| 10091 | WS | WebSocket (dedicated, ayri Spring context) |
| 50052 | gRPC (HTTP/2) | HelloService (unary + 3 streaming pattern) |
| 10001-10040 | HTTPS | BadSSL TLS test senaryolari (40 senaryo) |
Apinizer Example Services v2026.04.1 | Java 25 + Spring Boot 3.5.3 | 340+ endpoints