Resources
This is my personally curated toolbox — every tool I reach for when starting, scaling, or auditing an API platform project. I keep this list updated as I evaluate new options, and I've marked my current favorite in each category with a star. Feel free to bookmark this page and use it as your own reference.
Select a category below to expand it.
My preferred tool in this category
Stoplight Studio(free tier) · Free desktop app · Cloud from $39/mo
My go-to OpenAPI editor. The visual drag-and-drop schema design with real-time linting makes it easy to get teams aligned on a spec before writing any code.
Swagger Editor(free tier) · Free / open-source
The original browser-based OpenAPI editor. I still use it for quick solo edits when I don't need the full Stoplight experience.
Redocly CLI(free tier) · Free tier · Paid from $295/mo
CLI-first linting, bundling, and validation for OpenAPI specs. I like it for enforcing API style guides in CI/CD pipelines.
Spectral(free tier) · Free / open-source
Customizable API linting engine by Stoplight. I use it to define rulesets that enforce naming conventions and design consistency across teams.
TypeSpec(free tier) · Free / open-source
Microsoft's language for defining API schemas that compile to OpenAPI, Protobuf, and more. Worth looking at if you manage APIs across multiple protocols.
Buf(free tier) · Free tier · Teams from $75/mo
The gold standard for Protobuf and gRPC schema governance. Handles linting, formatting, and breaking change detection automatically.
AsyncAPI Studio(free tier) · Free / open-source
Visual editor for AsyncAPI specs. I'd consider it essential if you're designing event-driven or message-based APIs alongside REST and gRPC.
My preferred tool in this category
Kong Gateway(free tier) · Free (OSS) · Enterprise custom
My preferred gateway. The plugin ecosystem is unmatched — authentication, rate limiting, transformations, and nearly any use case you can think of.
AWS API GatewayPay-per-request (~$1/million)
Best choice if you're deep in AWS. Serverless-native with Lambda integration and built-in WebSocket support.
ApigeeCustom pricing
Google Cloud's enterprise API management platform. Full lifecycle management, analytics, and developer portal capabilities in one package.
Azure API ManagementConsumption tier from ~$3.50/million calls
Tight Azure and Active Directory integration. The natural choice if your organization is already Microsoft-native.
Tyk(free tier) · Free (OSS) · Paid from $500/mo
A strong open-source alternative to Kong. I like that it ships with a built-in developer portal and dashboard out of the box.
Gravitee(free tier) · Free (OSS) · Enterprise custom
Stands out for teams that need unified REST and event-driven API management in a single platform.
MuleSoft AnypointCustom pricing (Salesforce)
The enterprise heavyweight. Best fit for complex integration-heavy organizations with deep Salesforce ecosystem ties.
Traefik(free tier) · Free (OSS) · Enterprise custom
Cloud-native reverse proxy with automatic service discovery. I'd recommend it for Kubernetes-native teams who want minimal configuration overhead.
My preferred tool in this category
ReadMe(free tier) · Free tier (1 project) · Paid from $99/mo
Best-in-class developer portal. I love the interactive API explorer, per-user analytics, and the fact that changelogs and onboarding flows are built right in.
Redocly(free tier) · Free tier · Paid from $295/mo
Generates beautiful API reference docs from OpenAPI specs with deep theme customization. Great if brand consistency matters to your team.
Swagger UI(free tier) · Free / open-source
The default interactive "try it out" API docs renderer. I still embed it when I need something quick from an OpenAPI spec.
Mintlify(free tier) · Free tier · Paid from $120/mo
Modern, fast documentation platform with AI-powered search. I've seen it used well by developer-first companies like Anthropic and Resend.
GitBook(free tier) · Free for personal · Teams from $8/user/mo
Collaborative documentation with version control and team editing workflows. I find it works well for both internal and external docs.
Backstage(free tier) · Free / open-source
Spotify's open-source internal developer portal — service catalog, docs, and tooling plugins in one interface. The de facto standard for internal portals.
Port(free tier) · Free tier · Paid custom
Managed alternative to Backstage with lower operational overhead. Worth considering if you want an internal portal without self-hosting.
My preferred tool in this category
Postman(free tier) · Free tier (generous) · Paid from $14/user/mo
My daily driver. Collections, environments, automated tests, mock servers, and team collaboration all in one — it's hard to beat.
Insomnia(free tier) · Free (OSS) · Paid plans available
Lightweight REST and GraphQL client by Kong. I reach for it when I want something cleaner and more focused than Postman.
Hoppscotch(free tier) · Free / open-source
Fast, browser-based API testing. No installation needed — I use it for quick one-off tests when I don't want to open a full client.
HTTPie(free tier) · Free (CLI) · Desktop free tier
My curl replacement. Human-readable syntax, built-in JSON formatting, and syntax highlighting make terminal-based API work much more pleasant.
Bruno(free tier) · Free / open-source
API client that stores collections as plain files in your filesystem. I like it for teams that want their test suites version-controlled in Git.
REST Client (VS Code)(free tier) · Free
Send API requests directly from .http files in VS Code. I appreciate not having to leave my editor for simple requests.
Dredd(free tier) · Free / open-source
Contract testing that validates your running API matches its OpenAPI or API Blueprint spec. I use it to catch doc drift early.
Schemathesis(free tier) · Free / open-source
Property-based testing for APIs — auto-generates edge-case requests from your spec to find bugs you wouldn't think to test for.
My preferred tool in this category
Prism(free tier) · Free / open-source
I use this constantly. Spin up a mock server from any OpenAPI spec in seconds — it validates requests and generates realistic dynamic responses.
WireMock(free tier) · Free (OSS) · Cloud from $0 free tier
The most battle-tested mock server out there. Supports record/playback, fault injection, stateful mocking, and complex response templating.
Mockoon(free tier) · Free / open-source
Visual desktop app for creating mock APIs. I've found it helpful for getting non-technical stakeholders set up without writing code.
Microcks(free tier) · Free / open-source
Multi-protocol mocking from OpenAPI, AsyncAPI, and gRPC specs. Best option I've found for teams working across REST, events, and gRPC simultaneously.
Mock Service Worker(free tier) · Free / open-source
Intercepts requests at the network level in the browser and Node.js. I consider it essential for frontend teams testing against API contracts.
json-server(free tier) · Free / open-source
Zero-config prototyping — create a full fake REST API from a JSON file in under 30 seconds. I use it for quick demos and proof-of-concepts.
My preferred tool in this category
Speakeasy(free tier) · Free tier (1 SDK) · Paid from $250/mo
Produces production-quality, idiomatic SDKs with type safety and built-in retries. A clear level above the older generators I've worked with.
OpenAPI Generator(free tier) · Free / open-source
The community workhorse with 50+ language targets. I default to it when I need the broadest support for generating clients, servers, or doc stubs.
StainlessCustom pricing
Enterprise-grade SDK generation used by OpenAI, Stripe, and Cloudflare. Worth the investment if you want your SDKs to feel hand-written.
liblabCustom pricing
Auto-generates SDKs with docs and handles publishing to package managers. A good middle ground between open-source and enterprise options.
gRPC / protoc(free tier) · Free / open-source
The standard Protocol Buffer compiler for generating strongly-typed gRPC clients and servers from .proto files.
My preferred tool in this category
Datadog(free tier) · Free tier (5 hosts) · Pro from $15/host/mo
My preferred APM platform. Traces, metrics, logs, and synthetic monitoring all unified in one place with deep integrations across the stack.
New Relic(free tier) · Free tier (100GB/mo) · Paid from $0.30/GB
The free tier is generous enough to get started. I've found the distributed tracing particularly strong for microservices architectures.
Grafana + Prometheus(free tier) · Free / open-source · Grafana Cloud free tier
The open-source monitoring standard. I reach for this when I need full flexibility over custom dashboards and alerting rules.
Checkly(free tier) · Free tier (5 checks) · Paid from $30/mo
Purpose-built for monitoring API endpoints and multi-step transactions from multiple regions. I like the Playwright-based checks.
Uptime Robot(free tier) · Free tier (50 monitors) · Paid from $7/mo
Simple uptime monitoring. I set it up in minutes for basic health checks — sometimes that's all you need.
PagerDuty(free tier) · Free tier (5 users) · Paid from $21/user/mo
The standard for incident management. Routes alerts to the right people at the right time with on-call scheduling and escalation policies.
Opsgenie(free tier) · Free tier (5 users) · Paid from $9/user/mo
Solid PagerDuty alternative. I'd lean toward it if your team is already in the Atlassian ecosystem with Jira and Confluence.
Speedscale(free tier) · Free tier · Paid custom
Captures production API traffic and replays it in test environments. A unique approach to performance validation that I think more teams should know about.
Authentication & Identity
My preferred tool in this categoryAuth0(free tier) · Free tier (25K MAU) · Paid from $35/mo
My default recommendation for auth. Handles OAuth2, OIDC, social login, and MFA so your team doesn't have to build any of it from scratch.
Clerk(free tier) · Free tier (10K MAU) · Paid from $25/mo
Beautiful pre-built auth UI components. I'd recommend it for startups and teams who want authentication done fast with minimal custom code.
Firebase Auth(free tier) · Free tier (generous) · Blaze plan pay-as-you-go
Best free-tier auth for mobile and web apps. Supports email, social, and phone sign-in with minimal setup.
Keycloak(free tier) · Free / open-source
Full-featured IAM you can self-host. I like it for teams that need SSO, LDAP/AD integration, and fine-grained authorization under their own control.
WorkOS(free tier) · Free tier · Paid from $125/mo
Built specifically for B2B SaaS apps that need to support enterprise customers' SSO and directory sync requirements.
Okta WorkforceCustom pricing
The enterprise standard for workforce SSO, lifecycle management, and centralized identity governance.
Vulnerability Scanning & Protection
OWASP ZAP(free tier) · Free / open-source
The go-to free tool for automated API security scanning. Covers the OWASP API Security Top 10 with both active and passive scans.
Snyk(free tier) · Free tier (limited) · Paid from $25/dev/mo
I use it to catch vulnerabilities in code and dependencies before they reach production. Integrates directly into your CI/CD pipeline.
42Crunch(free tier) · Free tier (3 APIs) · Paid custom
Scans your OpenAPI spec for security issues before you write a single line of implementation code. I appreciate the shift-left approach.
Salt SecurityCustom pricing
Uses AI to detect API attacks and anomalous behavior patterns in production traffic in real time.
Traceable AICustom pricing
Combines API discovery, risk assessment, and runtime protection. I'd consider it for organizations managing large API portfolios.
My preferred tool in this category
Moesif(free tier) · Free tier (30K events/mo) · Paid from $85/mo
My top pick for API-specific analytics. Tracks developer behavior, funnel analysis, and even supports usage-based billing integrations.
Treblle(free tier) · Free tier · Paid from $99/mo
Easy integration with real-time request logging, quality scoring, and auto-generated API docs from live production traffic.
ReadMe MetricsIncluded with ReadMe plans
Pairs API docs with per-user request analytics so you can see exactly how each developer is using your API.
Amplitude(free tier) · Free tier (generous) · Paid custom
Best-in-class product analytics. I use it for tracking developer portal engagement, onboarding funnels, and feature adoption.
My preferred tool in this category
k6(free tier) · Free / open-source (CLI) · Grafana Cloud k6 free tier
My preferred load testing tool. Write tests in JavaScript, run locally or scale to the cloud — it's become the modern standard for a reason.
Locust(free tier) · Free / open-source
Python-based load testing with a web UI for real-time results. I'd pick it for teams already working in the Python ecosystem.
Artillery(free tier) · Free (OSS) · Cloud from $49/mo
YAML-defined test scenarios with built-in CI/CD integration and easy cloud scaling. Clean developer experience overall.
Gatling(free tier) · Free (OSS) · Enterprise custom
JVM-based with excellent HTML reporting. I'd recommend it for high-throughput scenarios in Java and Scala shops.
Apache JMeter(free tier) · Free / open-source
The veteran. GUI-based and heavier than modern alternatives, but it supports virtually any protocol you might need.
Vegeta(free tier) · Free / open-source
Minimal CLI tool that sends HTTP requests at a constant rate. I reach for it when I just need a quick benchmark.
My preferred tool in this category
Svix(free tier) · Free tier · Paid from $60/mo
Handles the hard parts of sending webhooks — retries, signing, delivery tracking, and a customer-facing management UI. I recommend it over building this yourself.
Hookdeck(free tier) · Free tier · Paid from $20/mo
Reliable ingestion, transformation, and routing for inbound webhooks. I think of it as a managed proxy between third-party providers and your API.
ngrok(free tier) · Free tier · Paid from $8/mo
Exposes your local dev server to the internet. I use it constantly for receiving third-party webhook callbacks during local development.
Convoy(free tier) · Free / open-source · Cloud available
Self-hostable webhooks gateway with retries, rate limiting, and per-endpoint configuration for outbound delivery.
Amazon EventBridgePay-per-event ($1/million)
Serverless event bus for AWS. Connects AWS services, SaaS integrations, and custom apps in event-driven architectures.
Apache Kafka(free tier) · Free / open-source · Confluent Cloud free tier
The backbone for high-throughput event streaming. Overkill for simple webhooks, but essential when you need serious event-driven architecture.
RabbitMQ(free tier) · Free / open-source · CloudAMQP free tier
Reliable message queuing with flexible routing patterns. I find it lighter weight than Kafka for most webhook and async processing needs.
My preferred tool in this category
LaunchDarklyFrom ~$8.33/seat/mo
The industry leader and my preferred choice. Targeting rules, audit logs, and SDKs for every major language make it essential for progressive API rollouts.
Flagsmith(free tier) · Free (OSS) · Cloud from $45/mo
Self-hostable with a solid UI. I'd recommend it as an open-source alternative to LaunchDarkly for cost-conscious teams.
Unleash(free tier) · Free (OSS) · Pro from $80/mo
Flexible activation strategies and a strong open-source community. Supports gradual rollouts, A/B testing, and kill switches.
Split.io(free tier) · Free tier · Paid custom
Combines feature flags with built-in experimentation and metrics impact analysis. I like that you can measure the effect of every release.
PostHog(free tier) · Free (OSS) · Cloud free tier (1M events/mo)
All-in-one product analytics, session replay, and feature flags. Great value for smaller teams who want everything in one platform.
ConfigCat(free tier) · Free tier (10 flags) · Paid from $35/mo
Lightweight and affordable. I'd point teams here if they just need feature flags without the overhead of a full platform.
My preferred tool in this category
GitHub Actions(free tier) · Free tier (2,000 min/mo) · Paid from $4/user/mo
My default CI/CD. Native GitHub integration and a massive marketplace of pre-built actions make it the easiest starting point for most teams.
GitLab CI/CD(free tier) · Free tier · Paid from $29/user/mo
Tight GitLab integration with pipeline-as-code and strong DevSecOps features like SAST, DAST, and dependency scanning built in.
Pact(free tier) · Free / open-source · Pactflow from $0 free tier
The standard for consumer-driven contract testing. I use it to make sure API changes don't break downstream consumers before deployment.
Terraform(free tier) · Free / open-source · Cloud free tier
I define all API infrastructure declaratively — gateways, DNS, certificates, and cloud resources as version-controlled code.
Docker(free tier) · Free (personal) · Paid from $5/user/mo
Consistent environments from development to production. The foundation for any containerized API microservices architecture.
Kubernetes(free tier) · Free / open-source · Managed services vary
The standard for orchestrating API microservices at scale with automatic scaling, rolling deployments, and service discovery.
My preferred tool in this category
Linear(free tier) · Free tier · Paid from $8/user/mo
My favorite project tracker. It's fast, opinionated, keyboard-driven, and has excellent GitHub and Slack integrations.
Jira(free tier) · Free tier (10 users) · Paid from $7.75/user/mo
The enterprise standard. Complex but powerful, especially alongside Confluence and Bitbucket for the full Atlassian workflow.
Notion(free tier) · Free tier · Paid from $10/user/mo
I use it for API design docs, RFCs, runbooks, and lightweight project tracking. Flexible enough to adapt to almost any workflow.
Slack(free tier) · Free tier · Paid from $7.25/user/mo
The de facto team communication layer. Integrates with nearly every tool on this list for deployment alerts and incident response.
Confluence(free tier) · Free tier (10 users) · Paid from $5.75/user/mo
Pairs with Jira for teams that need structured documentation, decision logs, and knowledge bases alongside project management.
My preferred tool in this category
RapidAPI Hub(free tier) · Free tier · Paid plans available
The largest API marketplace. I use it to browse, test, and evaluate third-party APIs directly in the browser before committing to an integration.
APIs.guru(free tier) · Free / open-source
Open-source directory of machine-readable OpenAPI specs. I find it useful for studying well-designed APIs and finding reference implementations.
Postman API Network(free tier) · Free
Browse and fork public API collections directly into Postman. I use it for quick prototyping and exploring third-party APIs.
ProgrammableWeb(free tier) · Free
Historically the largest API directory. Less actively maintained now but still a useful reference for API discovery.