What is wiretap?What is wiretap and what can it do?
wiretap has three main goals as a tool:
- Validate API requests and responses are compliant with OpenAPI specifications.
- Operate as a development server for UIs to test APIs.
- Provide diagnostics for developers to debug API requests and responses.
Why does wiretap exist?
When looking for solutions to validate brownfield servers and clients were actually compliant with an OpenAPI specification, we found nothing that didn’t require infrastructure and didn’t require code changes.
We wanted a tool that would operate as a silent proxy between clients and servers, and would not require a ton of configuration or code changes or infrastructure.
We wanted a tool that could even replace existing local development servers like webpack-dev-server. We wanted a tool that would just work.
Nothing existed, so we built it.
What features does wiretap have?
- Requests and responses are validated against OpenAPI specifications using libopenapi-validator.
- Hot-reloading of static content, served along-side API requests
- Powerful path rewriting for API requests (based on http-proxy-middleware)
- Drop and rewrite headers for API requests
- Filter API requests by method or keyword
- Track ‘chains’ of API requests based on parameters or keywords
How does wiretap work?
Here’s a high-level architectural overview of how
The HTTP Handler is the main entry point for all HTTP requests. It is responsible for determining if the request is for a local static file, or if it is for an API request.
If it’s an API request, it will pass the request on for validation and further processing.
Static File Handler
If it’s a static file request, the static file handler will serve the file from the local filesystem.
The request validation is performed by libopenapi-validator. It will check if the outbound HTTP request is compliant with the supplied OpenAPI specification.
Any violations will be broadcast to the monitor UI.
It’s at this point where the request is also broadcast to the monitor UI.
If path rewriting is enabled, the request will be rewritten to match the path supplied in the configuration. Rules are matched by a glob first, and then by a regex. The first rule that matches will be used to rewrite the path.
If headers are configured, the request will drop or rewrite the headers as configured, before being sent onto the real / target API.
When the response comes back from the real / target API, it will be validated by libopenapi-validator. and any violations will be broadcast to the monitor UI.
When mock mode is enabled, the response will be mocked using the OpenAPI specification, rather than sending out to the real / target API.
The monitor UI is a stateful browser application that is listening for events from the HTTP handler. It will display all requests and responses and how they are compliant with the OpenAPI specification.