Skip to content
Sendpad Docs

.http files

.http files contain one or more HTTP requests. They follow the community-standard .http format compatible with VS Code REST Client and JetBrains HTTP Client.

Basic request

Section titled “Basic request”
### Get single user
GET https://api.example.com/users/42

The ### line names the request (optional). The next line is the method + URL. Supported methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD.

Multiple requests in one file

Section titled “Multiple requests in one file”

Use ### dividers to separate multiple requests:

### List users
GET https://api.example.com/users


### Get single user
GET https://api.example.com/users/42


### Create user
POST https://api.example.com/users
Content-Type: application/json


{
  "name": "Jane Doe",
  "email": "jane@example.com"
}


### Update user
PUT https://api.example.com/users/42
Content-Type: application/json


{ "name": "Jane Updated" }


### Delete user
DELETE https://api.example.com/users/42

Click any ▶ gutter button to run that specific request. Press ⌘⇧Enter to run all requests in the file sequentially.

File-level variables

Section titled “File-level variables”

Define variables before the first ###. Reference them anywhere with {{name}}.

@baseUrl = https://api.example.com
@token   = secret-key


GET {{baseUrl}}/users
Authorization: Bearer {{token}}

Variables resolve in priority order: file-level → active .env file → extracted flow variables.

Headers

Section titled “Headers”

Write headers between the method line and the body (one header per line):

### Authenticated JSON request
POST https://api.example.com/users
Content-Type: application/json
Authorization: Bearer {{API_TOKEN}}
Accept: application/json
X-Request-Id: {{REQUEST_ID}}


{ "name": "Alice" }

Request body

Section titled “Request body”

Leave one blank line after the last header, then write the body:

### Create post
POST https://api.example.com/posts
Content-Type: application/json


{
  "title": "Hello world",
  "body": "My content here",
  "userId": {{userId}}
}

Naming requests

Section titled “Naming requests”

Named requests can be referenced in flow files:

### Create Order
# @name createOrder
POST {{baseUrl}}/orders
Content-Type: application/json


{ "item": "widget", "qty": 3 }

File upload — multipart/form-data

Section titled “File upload — multipart/form-data”

Use # @file to attach a file and # @field for text fields. Sendpad sets the Content-Type: multipart/form-data boundary automatically.

### Upload avatar
POST {{baseUrl}}/users/42/avatar


# @file  photo       = ../testdata/avatar.jpg
# @field description = "Profile photo for {{username}}"
# @field tag         = profile
# @assert status == 200

Multiple files:

### Batch upload
POST {{baseUrl}}/documents


# @file primary   = ../testdata/report.pdf
# @file secondary = ../testdata/appendix.pdf
# @field category = "Q4 Reports"

File paths are relative to the .http file. Store test files in a testdata/ folder.

Raw binary upload

Section titled “Raw binary upload”

For non-multipart binary uploads:

### Upload raw image
PUT {{baseUrl}}/avatars/me
Content-Type: image/jpeg


# @body = ../testdata/avatar.jpg

Assertions

Section titled “Assertions”

Validate responses with # @assert directives. They run after the request completes — if any fails, the step is marked as failed and @persist directives are skipped.

### Validate response
GET {{baseUrl}}/users/42


# @assert status == 200               # exact status code
# @assert status != 404               # status is not this code
# @assert body contains "jane"        # response body has this substring
# @assert body equals active          # response body is exactly "active" (trimmed)
# @assert body equals {{expected}}    # compare against a variable
# @assert header[content-type] contains application/json

Per-Request Config Overrides

Section titled “Per-Request Config Overrides”

Override global HTTP settings for an individual request using comment directives. Useful when one endpoint needs a longer timeout, a different proxy, or relaxed SSL checking without changing the global Settings.

### Slow endpoint — needs more time
# @timeout 30s
POST {{baseUrl}}/reports/generate
Content-Type: application/json


{ "type": "annual" }


### Internal endpoint with self-signed cert
# @no-verify
GET https://internal.corp/health


### Capture redirect without following it
# @follow-redirects off
GET {{baseUrl}}/auth/sso


### Route through a debug proxy
# @proxy http://localhost:8888
POST {{baseUrl}}/payments
DirectiveEffect
# @timeout <duration>Request timeout — e.g. 500ms, 5s, 1.5s, 2m, 1h
# @no-verifyDisable SSL certificate verification
# @verify-ssl on|offExplicitly enable or disable SSL verification
# @follow-redirects on|offEnable or disable HTTP redirect following
# @proxy <url>Route this request through the given HTTP/S proxy

Per-request settings override the Settings panel for that request only. Other requests in the same file are unaffected.

Section titled “Cookie control”

The cookie jar is enabled by default. Disable it for a specific file:

# @cookies off


### This request sends no cookies and ignores Set-Cookie
GET {{baseUrl}}/endpoint

Running requests

Section titled “Running requests”
  • ▶ gutter button — runs the request on that line
  • ⌘Enter — runs the request under the cursor
  • ⌘⇧Enter — runs all requests in the file sequentially

Server-Sent Events (SSE)

Section titled “Server-Sent Events (SSE)”

If a response arrives with Content-Type: text/event-stream, Sendpad auto-detects SSE and switches the Results Panel to a live event timeline — no extra setup required. Events stream in as the server emits them.

You can assert on SSE events inside .http and .flow files using the @expect event and @extract event directives. See the SSE streaming reference for the full set of SSE directives (@sse-timeout, @sse-reconnect, @expect event, etc.).