What is wiretap?

What is wiretap and what can it do?

Three goals

wiretap has three main goals as a tool:

  • Validate API requests and responses are compliant with OpenAPI specifications.
  • Operate as a development server for UIs to test APIs.
  • Provide diagnostics for developers to debug API requests and responses.

Why does wiretap exist?

When looking for solutions to validate brownfield servers and clients were actually compliant with an OpenAPI specification, we found nothing that didn’t require infrastructure and didn’t require code changes.

We wanted a tool that would operate as a silent proxy between clients and servers, and would not require a ton of configuration or code changes or infrastructure.

We wanted a tool that could even replace existing local development servers like webpack-dev-server. We wanted a tool that would just work.

Nothing existed, so we built it.

wiretap is constructed using libopenapi, libopenapi-validator, ranch and saddlebag.

What features does wiretap have?

  • Requests and responses are validated against OpenAPI specifications using libopenapi-validator.
  • Hot-reloading of static content, served along-side API requests
  • Powerful path rewriting for API requests (based on http-proxy-middleware)
  • Drop and rewrite headers for API requests
  • Filter API requests by method or keyword
  • Track ‘chains’ of API requests based on parameters or keywords

How does wiretap work?

Here’s a high-level architectural overview of how wiretap works:

A diagram showing how wiretap is composed and how data flows.
A high-level architecture diagram of wiretap

HTTP Handler

The HTTP Handler is the main entry point for all HTTP requests. It is responsible for determining if the request is for a local static file, or if it is for an API request.

If it’s an API request, it will pass the request on for validation and further processing.

Static File Handler

If it’s a static file request, the static file handler will serve the file from the local filesystem.

Request Validation

The request validation is performed by libopenapi-validator. It will check if the outbound HTTP request is compliant with the supplied OpenAPI specification.

Any violations will be broadcast to the monitor UI.

It’s at this point where the request is also broadcast to the monitor UI.

Path Rewriting

If path rewriting is enabled, the request will be rewritten to match the path supplied in the configuration. Rules are matched by a glob first, and then by a regex. The first rule that matches will be used to rewrite the path.

Header Drop/Rewriting

If headers are configured, the request will drop or rewrite the headers as configured, before being sent onto the real / target API.

Response Validation

When the response comes back from the real / target API, it will be validated by libopenapi-validator. and any violations will be broadcast to the monitor UI.


When mock mode is enabled, the response will be mocked using the OpenAPI specification, rather than sending out to the real / target API.

Monitor UI

The monitor UI is a stateful browser application that is listening for events from the HTTP handler. It will display all requests and responses and how they are compliant with the OpenAPI specification.

The monitor UI is built using saddlebag and ranch-js


wiretap is licensed under the GNU GPL v3 license. If a company wishes to modify wiretap and not release their changes back, a commercial license can be purchased.