# Mock API > Apinizer mocks are real proxies — they enforce auth, branch on the request, and land in the same audit log as production. Build the UI before the upstream is ready, then promote in place. *API Creator · Mock API* ## Real-shaped responses with real auth — so the frontend ships in parallel with the backend. [Request a demo](https://calendly.com/apinizer/15min) · [Read the docs](https://apinizer.com/developers/docs) **Highlights** - **Verbs** — GET · POST · PUT · PATCH · DELETE · HEAD · OPTIONS · TRACE - **Branching** — Header · JSONPath · query · JWT claim · cookie - **Bootstrap** — Blank or import OpenAPI --- ## Capabilities ### 01 · Every status code gets a real-shaped body. 200 is the easy part. The hard part is 422 with a useful field name, 409 with a duplicate-key message, 503 with a retry hint. Apinizer lets you author a body for every status code your real API will return — so the frontend can build error UI before backend is even started. - Author a body for any HTTP status — 2xx, 4xx, 5xx - Per-example content type — JSON, XML, plain text - Custom response headers with variable resolution at request time - Every HTTP verb supported: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE **Concepts:** `200` · `4xx errors` · `5xx errors` · `headers` · `content-type` ### 02 · Branch on the actual request — same engine as live policies. Need the mock to return an error only when a specific scenario header is sent? Apinizer evaluates each example's condition against the live request — header, JSONPath body match, query parameter, JWT claim, cookie. The first match wins. - Conditions over header / path / query / JSONPath / JWT claim / cookie - Operators: eq, neq, contains, regex, gt / lt, in, isEmpty - First match wins — falls back to the default example - Same condition engine that powers gateway policies in production **Concepts:** `header match` · `JSONPath` · `JWT claim` · `regex` ### 03 · Drop a spec. Get every path scaffolded. Hand Apinizer your openapi.yaml and it scaffolds every path, every operation, every example, every response header — in one step. Edit afterward in the Designer's OpenAPI editor, the same surface used by real proxies. - Two creation modes: Blank — build by hand, or Import OpenAPI - Examples copied straight from the spec's `examples` field - Headers copied from the spec's `headers` field - Promote any path to a real proxy when the upstream is ready **Concepts:** `openapi.yaml` · `Designer editor` · `promote in place` ### 04 · A mock is a proxy. Just one without an upstream. QA traffic that goes through real OAuth flows, real throttle limits, real audit logs — that catches the bugs prod will hit. Apinizer mocks pass the entire gateway pipeline; the only difference is that the upstream call is replaced with a condition-driven example pick. - OAuth 2.0 / JWT / API key / mTLS — test real auth flows against real Identity Manager - Throttling, quotas, IP allow-lists — exercise real limits in QA - Every call audit-logged and indexed in Elasticsearch - Promote in place — replace the mock with a real upstream, the URL stays the same **Concepts:** `OAuth in QA` · `audit` · `promote` · `no URL change` > Mock APIs work the same way for AI traffic — author a Mock as an OpenAI-compatible endpoint and an agent can practice against it through the same gateway. --- ## Use cases ### Build the UI before the backend ticket is groomed Frontend has the OpenAPI spec but the upstream service is months away. Author the mock in an afternoon — including error states — and the frontend ships against real-shaped responses. - Import the spec, get all paths scaffolded - Add 4xx/5xx examples for the error UI - Branch by header so the QA team can drive scenarios - Promote each path independently when the upstream lands ### Drive failure modes from the test suite Force a 503 by setting a header. Force a 422 by sending a specific JSONPath value. The condition engine is the same one that runs in production, so what you script in QA matches what production behaviour will look like. - Scenario header drives example selection - JSONPath conditions assert body shape - JWT claim conditions test auth-tier paths - Audit trail proves what was returned and why ### Hand a partner a working endpoint before integration starts B2B partners need something to call. A live mock with real auth, real rate limits, and audit lets them build their integration on day one — and you keep the surface identical when the real upstream takes over. - Real OAuth flow against Identity Manager - Real rate limits to validate retry logic - Audit trail for partner support tickets - Promote without breaking partner integration --- ## What ships in the box ### Mock authoring - Every HTTP verb: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE - Multiple example bodies per HTTP status code - Per-example content type (JSON, XML, plain text) - Custom response headers with variable resolution - Two creation modes: Blank or Import OpenAPI ### Conditional routing - Conditions over header, path, query, JSONPath, JWT claim, cookie - Operators: eq, neq, contains, regex, gt, lt, in, isEmpty - First match wins — default example as fallback - Same condition engine as live gateway policies ### Pipeline integration - Same auth surface as gateway proxies (OAuth 2.0, JWT, API key, mTLS, Basic) - Throttling, quotas, IP allow-lists, scope-based access - Audit log + Elasticsearch analytics + Prometheus metrics - Promote any mock path to a real proxy without changing the URL --- ## Resources - [Mock API docs](https://apinizer.com/developers/docs) — Authoring examples, conditions, OpenAPI import, and promotion to live proxies. - [Condition cookbook](https://apinizer.com/developers/docs/mock-api/conditions) — Header, JSONPath, JWT, and cookie matchers for QA scenarios. - [API Designer](https://apinizer.com/products/api-designer) — Edit mocks in the same OpenAPI editor used by real proxies. - [Architecture](https://apinizer.com/products) — How mocks sit on Worker and pass the policy stack. --- ## Next step *Frontend & backend in parallel* **A mock that looks like the real API. Auth and all.** See Mock API on a real OpenAPI spec in a 20-minute walkthrough — including condition-driven scenarios and same-pipeline auth. [Book a Demo](https://calendly.com/apinizer/15min) · [Read the docs](https://apinizer.com/developers/docs) --- ## Links - Products: https://apinizer.com/products - AI Gateway: https://apinizer.com/products/ai-gateway - Solutions: https://apinizer.com/solutions - Pricing: https://apinizer.com/pricing - Developers: https://apinizer.com/developers - Documentation: https://docs.apinizer.com/index-en - Blog: https://apinizer.com/blog - Contact: https://apinizer.com/company/contact © 2026 Apinizer. All rights reserved.