Single cURL in, hundreds of tests out
Paste a cURL and let Rentgen expand it into a full test suite: trims, invalid values, boundary conditions, enum variations and more. Perfect for catching the “this will never happen” bugs.
Secure API testing that never leaves your machine.
Rentgen is a local-only API hygiene scanner. No accounts. No tracking. No logging. Just brutal backend tests that stay where they belong – on your laptop.
No cloud
No telemetry
No vendor lock-in
Tested against real production APIs – including ChatGPT’s own API, where Rentgen helped uncover serious bugs that were fixed immediately.
See what your API is really doing.
Rentgen doesn’t just send requests – it stress-tests your assumptions. From trimming and validation to boundary and enum tests, everything is generated from a single cURL.
API hygiene scanner
Rentgen checks how your API handles unexpected input: leading/trailing spaces, wrong casing, malformed payloads, missing fields. It doesn’t assume the happy path – it tries to break it.
Works offline, by design
No cloud backend, no SaaS layer, no hidden HTTP calls. Rentgen runs as a desktop app on your machine. Perfect for regulated environments and sensitive APIs.
Battle-tested on real APIs
We pointed Rentgen at ChatGPT’s API and found real issues in production. OpenAI fixed them immediately – that’s the level of depth Rentgen brings to your own APIs.
Security & privacy first. Not as a feature – as a constraint.
- 🔒No accounts. Install and use. No sign-up, no onboarding flow, no user database.
- 🕵️♂️No tracking. No analytics, no telemetry, no “usage metrics”. We don’t need your API data to improve the product.
- 🗑No logging. Requests and responses stay on your machine. Rentgen doesn’t upload or store them anywhere.
- 🏢Safe for regulated environments. Works completely offline – ideal for banking, government, defence and internal APIs.
Use Rentgen where cloud tools are forbidden.
If your security team blocks Postman sync, forbids SaaS API tools or bans external AI, Rentgen still works. Everything runs locally – security officers can read the code and sleep at night.
Download Rentgen
Native desktop builds for your OS. No installers that phone home – just the app.
All binaries are built from the open GitHub repository. Verify signatures, diff releases, and review the code anytime.
Support RENTGEN
No bullshit. RENTGEN is free.
No paywalls, no tracking, no dark patterns.
If you like what we’re building and want more tests, more features, and faster development — chip in.
If not — all good. The tool stays free either way.
Case studies & API stories
Real APIs. Real bugs. Real fixes. We’re gradually publishing how Rentgen behaves against popular APIs and internal systems.
Revolut Wallet-Transfer API — RENTGEN Finds Cracks in 2 Minutes
Revolut is one of the most polished fintech apps in the world — but even top-tier products have blind spots. RENTGEN scanned a real wallet-transfer request and surfaced multiple issues in under two minutes: incorrect method handling, weak input validation, missing headers, and payload cases that crash the backend with 500 errors.
Read the case study on LinkedIn →ChatGPT API – breaking the magic box
We pointed Rentgen at ChatGPT’s API and found issues we genuinely didn’t expect to see in production. The best part? They were fixed immediately after we reported them.
Read the case study on LinkedIn →Even when you know nothing about the API, you can still see through it
When you test APIs, you often start from scratch, no docs, no setup, no context. So I wanted to see what would happen if I tested Trello’s API with RENTGEN, a tool that auto-generates hundreds of tests from a single cURL request.
Read the case study on LinkedIn →Azure DevOps API Breaks in 2 Minutes — RENTGEN Case Study
A quick, structured case study showing how RENTGEN uncovered multiple issues in the Azure DevOps API — from incorrect security behavior to broken validation and misconfigured CORS — in under two minutes of testing.
Read the case study on LinkedIn →Stripe’s “Perfect” API — RENTGEN Broke It in Under 2 Minutes
A quick case study showing how RENTGEN evaluated Stripe’s “gold standard” API. Even with its strong reputation, the scan revealed outdated request formats, incorrect method handling, missing security headers, and weak data validation — all discovered in under two minutes.
Read the case study on LinkedIn →Next case study coming soon
We’re continuously testing Rentgen against real-world APIs: banking, marketing platforms, internal tools. New write-ups will appear here as they’re ready.
Open source core. Transparent by design.
Rentgen’s core is open – so your security team, developers and QA engineers can review exactly how requests are generated and what leaves your machine. No hidden agents, no mystery binaries.
Open Rentgen on GitHub