zapreq
A fast, friendly HTTP client for the terminal — HTTPie reimagined in Rust.
zapreq installs an http binary. If you know HTTPie, you already know zapreq — same
syntax, faster startup, lower memory, and a handful of features HTTPie never shipped.
Table of contents
- Why zapreq
- Install
- Quick start
- Request items
- Output control
- Authentication
- Sessions
- Environment profiles
- Request collections
- AI assistant
- Response diffing
- Download mode
- Configuration
- Plugins
- Comparison with HTTPie
- Contributing
- License
Why zapreq
- ~3 MB binary, ~5 ms startup. HTTPie ships ~15 MB and takes ~200 ms. ZapReq is compiled Rust — no interpreter, no import overhead.
- HTTPie-compatible syntax. Every
key=value,key:=value,key==valueitem works exactly as you expect. - Full auth coverage. Basic, Bearer, and Digest (RFC 7616, MD5 + SHA-256) with an automatic 401 retry cycle for Digest.
- Session persistence. Cookies, headers, and auth are saved to
~/.config/zapreq/sessions/and restored on the next request. - Environment profiles. Switch between
dev,staging, andprodwith one flag. - Request collections. Save a request by name, replay it later — Postman-style, entirely in the terminal.
- AI assistant. Describe a request in plain English; zapreq generates and runs it.
- Response diffing. Compare two endpoints side by side, key by key.
- Zero Python dependency. One binary, no virtualenv, no pip.
Install
Pre-built binaries for Linux, macOS (x86 + ARM), and Windows are attached to every
GitHub release. Download and place
the binary on your PATH if you do not have a Rust toolchain.
Package managers
# Arch Linux (AUR)
# macOS / Linux (Homebrew tap)
Quick start
# GET request
# POST with JSON body (inferred from data items)
# Form-encoded body
# Custom headers
# Query parameters
# Basic auth
# Bearer token
# Named session (saves cookies + auth for next time)
# Download a file with a progress bar
# Compare two API versions
Request items
Items are positional arguments after the URL. The operator between key and value determines what the item does.
| Operator | Type | Example |
|---|---|---|
key:value |
Request header | Accept:application/json |
key=value |
String body field | name=faizan |
key:=value |
Raw JSON body field | active:=true or count:=42 |
key==value |
Query string parameter | page==2 |
key@/path |
File upload (multipart) | avatar@/tmp/photo.png |
key@/path;type=mime |
File upload with explicit MIME | blob@/tmp/data.bin;type=application/octet-stream |
key=@/path |
String field read from file | payload=@/tmp/body.txt |
key:=@/path |
JSON field read from file | config:=@/tmp/opts.json |
Operator precedence (strict, evaluated left to right): := and :=@ → == → : → =
and =@ → @.
JSON body is the default when data items are present. Pass --form for
application/x-www-form-urlencoded or --multipart for multipart/form-data.
Output control
# Print only response headers
# Print request + response headers (no body)
# Print everything
# Disable all formatting and colour (good for piping)
|
# Change syntax theme
--print flags — combine freely:
| Flag | Meaning |
|---|---|
H |
Request headers |
B |
Request body |
h |
Response headers |
b |
Response body |
Default is hb (response headers + body). --verbose is shorthand for HBhb.
--pretty modes: all (default when TTY), colors, format, none.
--style themes: monokai (default), solarized, dracula, autumn.
Authentication
# HTTP Basic
# Bearer token
# HTTP Digest (RFC 7616 — MD5 and SHA-256 supported, automatic 401 retry)
The --auth-type flag defaults to basic. Credentials passed via --auth are masked
(user:****) in --verbose output.
Sessions
Named sessions persist headers, cookies, and auth credentials between requests. Session
files live in ~/.config/zapreq/sessions/{hostname}/{name}.json.
# Log in — session is created and cookies are saved
# Subsequent requests reuse the saved session
# Load a session but do not update it after the response
Session file format:
Environment profiles
Profiles let you switch base URL, headers, and variable values with a single flag.
Profile files live in ~/.config/zapreq/envs/{name}.json.
# Use a named profile
# Combine with a collection
Variable tokens {KEY} are substituted in the URL and in all request item values before
the request is built.
Request collections
Collections let you save a request by name and replay it later, optionally with a different environment profile.
# Save a request
# List saved requests
# Run a saved request
# Run with a profile (profile variables fill {PASSWORD})
# Delete a saved request
Collection files live in ~/.config/zapreq/collections/{alias}.json.
AI assistant
Set an OpenAI-compatible API key:
Describe your request in plain English:
ZapReq prints the generated command before executing it so you can see exactly what it built. The assistant uses a structured JSON prompt — it never guesses; it constructs a concrete request from your description.
Response diffing
Compare two API endpoints key by key. ZapReq flattens both JSON responses into dot-notation paths and shows what changed.
Output:
A: GET https://api.example.com/v1/user/42 → 200 OK
B: GET https://api.example.com/v2/user/42 → 200 OK
user.id 42
user.name "faizan"
- user.role "admin" (only in A)
+ user.role "viewer" (only in B)
~ user.updated_at "2025-01-01" → "2026-05-01"
Green lines are additions, red are removals, yellow are value changes.
Download mode
# Download to current directory (filename from Content-Disposition or URL)
# Save to a specific path
# Resume a partial download
A progress bar is shown during the download:
[████████████░░░░░░░░] 4.2 MB / 10.0 MB · 1.2 MB/s · ETA 5s
✔ Downloaded: archive.zip (10.0 MB in 8.3s · avg 1.2 MB/s)
Configuration
Config file: ~/.config/zapreq/config.json
| Key | Type | Default | Description |
|---|---|---|---|
default_options |
string[] |
[] |
Flags prepended before every invocation |
default_scheme |
string |
https |
Scheme used when URL has no scheme |
plugins_dir |
string |
~/.config/zapreq/plugins |
Directory scanned for plugin manifests |
output_theme |
string |
monokai |
Default syntax theme |
pretty |
string |
all |
Default pretty mode |
verify |
bool |
true |
TLS certificate verification |
Precedence order (highest to lowest):
Explicit CLI flags
↓
ZAPREQ_DEFAULT_OPTIONS environment variable
↓
config.json default_options
↓
Built-in defaults
Plugins
Built-in plugins (basic, bearer, digest) are always available. Third-party plugins
are discovered from plugins_dir via .toml manifest files.
# List all registered plugins
# Install instructions for a community plugin
Manifest format (~/.config/zapreq/plugins/my-plugin.toml):
[]
= "my-auth"
= "1.0.0"
= "Custom HMAC authentication"
= ["hmac"]
See the plugin authoring guide for how to build and distribute a zapreq plugin.
Comparison with HTTPie
| Feature | HTTPie | zapreq |
|---|---|---|
| JSON / form / multipart | ✅ | ✅ |
| Sessions | ✅ | ✅ |
| Basic + Bearer auth | ✅ | ✅ |
| Digest auth (RFC 7616) | ✅ | ✅ |
| Syntax-highlighted output | ✅ | ✅ |
| Environment profiles | ❌ | ✅ |
| Request collections | ❌ | ✅ |
| AI request assistant | ❌ | ✅ |
| Response diffing | ❌ | ✅ |
| Resume downloads | ❌ | ✅ |
| Native binary (no Python) | ❌ | ✅ |
| Binary size | ~15 MB | ~3 MB |
| Startup time | ~200 ms | ~5 ms |
Contributing
# Clone
# Run tests
# Lint
# Format
# Release build
All pull requests must pass the CI matrix (Ubuntu, macOS, Windows × stable, beta) before merge. Please open an issue before starting work on a large feature.
License
Licensed under either of the following, at your option:
This is the standard dual license used across the Rust ecosystem (Rust itself, Cargo, tokio, serde, clap, reqwest). You may choose whichever license suits your project.
Copyright © 2026 Muhammad Faizan