pricingsaasPulse
June 2026
API Tooling · Principles Scorecard · v5

Modern API Tooling:
An 11-Principle Scorecard

Ten tools rated against eleven concrete principles of what modern API tooling should be — local-first, zero login, Git-native, native performance, extensible, proxy-aware, testable, and fairly priced. Scored 0/1/2 per principle, max 22 points.

10 tools 11 principles 0–10 final score Pricing included as P11
Part 1The 11 Principles
Scoring basis

What Modern API Tooling Should Be

Each principle is scored 0 (absent or gated), 1 (partial — exists but limited, requires workaround, or restricted), 2 (fully met by default). Final score = total ÷ 22 × 10, rounded to nearest integer.

P1
Local-first, Filesystem-centric
Collections and requests stored directly in the project repository as readable files. Not synced to a cloud by default.
P2
OpenAPI & GraphQL Import
Native import of OpenAPI specs and GraphQL schemas. Tool understands API contracts, not just raw requests.
P3
Zero Login Wall
Works completely offline without account creation or mandatory cloud sync. No activation gate, no "sign in to continue."
P4
Git-Native Collaboration
Collaboration through standard version control — not paid seat licenses or proprietary cloud workspaces.
P5
Native Performance
Built with high-performance languages (Rust, C, Go). Opens instantly, minimal RAM. Not wrapped in Electron/Chromium.
P6
Extensible Design
Modular plugin architecture that adds functionality without bloating the core. Plugins are first-class citizens.
P7
Universal Imports
Native support for OpenAPI specs, GraphQL schemas, Postman collections, Insomnia exports, and cURL commands.
P8
Proxy Agnosticism
Designed to proxy traffic through any interception tool (Charles, Burp, mitmproxy). Proxy-aware architecture.
P9
Scripting & Auth Flows
Pre-request and post-response hooks with real scripting (JavaScript, Python, Shell) — not just variable interpolation.
P10
Straightforward Testing
Built-in support for writing and running tests against API responses by code — assertions, test suites, CI runner.
P11
Pricing & Free Tier
Genuinely usable free tier with no core features gated. Sustainable model that doesn't restrict individual developers or small teams.
Part 2The Scorecard Matrix
All 10 tools × 11 principles

At a Glance

✅ = fully met (2 pts)   ⚠ = partial / limited (1 pt)   ✗ = absent or gated (0 pts). Max 22 pts. Score = pts ÷ 22 × 10.

Tool P1
Local		 P2
OAS/GQL		 P3
No Login		 P4
Git		 P5
Native		 P6
Plugin		 P7
Import		 P8
Proxy		 P9
Script		 P10
Test		 P11
Pricing		 Score
Bruno 8
Voiden 8
Yaak 7
Insomnia 6
Requestly 5
Postman 5
Hoppscotch 4
Apidog 4
cURL CLI 6
HTTPie CLI 5
Scoring note

Score = raw points ÷ 22 × 10. Bruno and Voiden both reach 17/22 = 7.73 → 8. Yaak reaches 16/22 = 7.27 → 7. Insomnia reaches 14/22 = 6.36 → 6, down from 7 in v4, because P11 (pricing + account gate) and P3 (zero login) both penalise the account dependency from two angles. cURL reaches 13/22 = 5.91 → 6 — its perfect P5, P8, and free-forever P11 compensate for the GUI-category misses.

Part 3Why Each Tool Scored What It Did
GUI Clients — Ranked

Profiles

Bruno
usebruno.com · Pricing →
8/10
"Closest to the ideal. Local, Git-native, zero login, full scripting and testing — one Electron build away from a 10."
Where it fully meets the principles
P1–P4: Local-first, Git-native, zero login wall, filesystem storage — all met by design with no toggles or account gates
P9: Full JavaScript pre/post scripts via the bru namespace; Chai-based assertions, variable chaining, real auth flows
P10: Native test suite with bru.test(), CI runner via the bru CLI and Docker images for pipeline use
P2: OpenAPI collection generation and GraphQL support built-in, no plugin required
Where it falls short
P5: Built on Electron — the only principle it fails structurally. No instant startup, higher memory than Tauri/Rust alternatives.
P6: Extensibility via Node package.json modules — functional but not a first-class plugin API with lifecycle hooks
P7: Imports Postman, OpenAPI, cURL — missing Insomnia export format and Swagger YAML as distinct inputs
P8: HTTP proxy configuration is available but not designed as a proxy-first architecture; no built-in traffic inspection UI
P11: Free core is generous; paid Ultimate tier gates data-driven testing and some advanced features
P1✅P2✅P3✅P4✅P9✅P10✅P5✗ Electron
Voiden
voiden.md · Free
8/10
"Most aligned with the principles architecturally. Plain Markdown as execution layer, full plugin system, genuine scripting and testing — the only tool with a perfect P11."
Where it fully meets the principles
P1, P3, P4: Markdown .void files on filesystem, zero login, Git is the native storage layer — all default, none toggled
P6: Plugin architecture is central to the design — modular, first-class, community plugins available for protocols
P9: Pre/post request hooks in JavaScript, Python, or Shell — multi-language scripting support is unique in this group
P10: Post-response assertions via scripting, Voiden Runner CLI (headless), Stitch runner for batch execution with stop-on-failure, glob patterns, and environment selection — full CI test pipeline support
P11: Fully free with no paid tier at all — no feature gating, no pricing page, no upgrade path needed
Where it falls short
P5: Built on Electron — performance trade-off vs Yaak's Tauri + Rust stack is real and measurable at scale
P2: GraphQL is a plugin install, not built-in; OpenAPI import works natively
P7: Imports Postman, Insomnia, OpenAPI — missing cURL and Swagger YAML as distinct inputs
P8: Proxy support exists but not architected as a proxy-first tool; no traffic inspection UI
P1✅P3✅P4✅P6✅P9✅P10✅P11✅ FreeP5✗ Electron
Yaak
yaak.app · $50/yr commercial
7/10
"Best native performance in the group — Rust/Tauri, perfect P5. Widest import support. Held back by zero scripting and zero testing."
Where it fully meets the principles
P5: Tauri + Rust — the only GUI client in this group that fully meets the native performance criterion. Instant startup, minimal RAM.
P1, P3, P4: Local-first, zero login, Git folder storage — all met without workarounds
P7: Widest import support in the group — Postman, Insomnia, OpenAPI, Swagger, cURL
P2: GraphQL client is built-in, not a plugin; OpenAPI import supported natively
P11: Free for personal use; commercial use on an honour-system $50/year with no feature gating
Where it falls short
P9: No pre/post request scripting — the biggest capability gap vs Bruno and Insomnia
P10: No built-in test suite or assertion framework — request chaining exists but tests by code do not
P6: Plugin system in TypeScript exists but limited in API surface and protocol extension coverage
P8: Proxy configuration available but not a proxy-first, interceptor-aware architecture
P5✅ RustP7✅P11✅P9✗P10✗
Insomnia
insomnia.rest · Free (account) / $12/mo Pro
6/10
"Strong scripting, testing, plugins, and imports. Drops a full point vs v4 because P3 (zero login) and P11 (pricing) both penalise the same account dependency."
Where it fully meets the principles
P6: Most mature plugin ecosystem in this group — hundreds of community plugins, formal plugin lifecycle API
P7: Widest import support — OpenAPI, Postman, HAR, cURL, native Insomnia export
P9: Full pre/post scripting with JavaScript, template tagging, and OAuth flow support
P10: Native test suite with JS assertions and CI automation via the Inso CLI
Where it falls short
P3: Account required to unlock Git Sync, CLI, environments, and team features. Scratch Pad is login-free but severely limited in scope.
P11: Free Essentials exists but is account-gated; paid Pro at $12/user/mo for any team use. Account requirement cuts the effective free value in half.
P5: Built on Electron — same performance trade-off as Bruno
P1: Local Vault is available but tied to an account; Git Sync free tier capped at 3 users
P6✅P7✅P9✅P10✅P3✗ Account req.P5✗ ElectronP11⚠ Account-gated
Requestly
requestly.com · Free ≤10 users
5/10
"P8 is the only principle it nails outright — it IS an interceptor. Every other principle is partial, absent, or gated behind a closed-source binary."
Where it fully meets the principles
P8: Full marks — the HTTP interceptor IS the product. Modifies live requests in-browser, mocks responses, redirects traffic without backend changes. No other GUI client does this natively.
P11: Genuinely free for up to 10 collaborators, no login required for basic use, enterprise tier only for SSO/compliance
Where it falls short
P5: Built on Electron
P6: Closed-source application — zero extensibility by design; no plugin architecture possible
P9/P10: Scripting and testing are basic — not a first-class development or automation environment
P1/P3/P4: Partial on all three — local JSON storage, but no forced login is a soft boundary, not a hard guarantee given the closed-source binary
P8✅P11✅P5✗P6✗ Closed source
Postman
postman.com · $19/user/mo (teams)
5/10
"Excellent at P9 and P10 — scripting and testing are class-leading. Fails five principles at the architecture level plus P11 at the pricing level."
Where it fully meets the principles
P9: Battle-tested JavaScript pre/post scripting — the most mature and well-documented in the group
P10: Excellent — Newman CLI, Playwright integration, collection runner, assertions framework, CI/CD support
P2/P7: Widest protocol support and format import; OpenAPI, GraphQL, Swagger all natively supported
Where it falls short
P1: Cloud mandatory — no local-first option for any collaborative workflow
P3: Account required; free plan now limited to 1 user (March 2026)
P4: No Git-native collaboration — proprietary cloud workspaces only
P5: Electron, heaviest memory footprint and slowest startup in the group
P11: $19/user/mo for any team collaboration; free plan eliminated for teams. Worst pricing in the group.
P9✅P10✅P1✗P3✗P4✗P5✗P11✗
Hoppscotch
hoppscotch.com · $6/user/mo teams
4/10
"A cloud product that fails P1, P3, P4, and P5 at the architecture level. Strong on imports; everything else is partial or absent."
Where it partially or fully meets the principles
P2/P7: OpenAPI, GraphQL, Postman imports all supported natively
Where it falls short
P1: Web app architecture — not filesystem-centric. Self-hosting requires PostgreSQL + full Docker stack.
P3: Account required for workspaces and any form of sync or persistence beyond a session
P4: No Git-native collaboration — proprietary cloud workspaces only
P5: Web app — zero native performance
P9/P10: Scripting and testing are limited — not a serious development or automation environment
P11: Free tier exists but team features require $6/user/mo; free tier collaboration limitations are significant
P1✗P3✗P4✗P5✗P2✅P7✅
Apidog
apidog.com · $9–$27/user/mo
4/10
"Six zeroes. A capable API lifecycle platform antithetical to local-first, Git-native, zero-login tooling. Automated testing is its only strong principle match."
Where it fully meets the principles
P2/P7: Strong OpenAPI, GraphQL, Swagger import support — lifecycle design-first approach works well for these
P10: Automated testing with CI integration is a genuine product strength
Where it falls short
P1, P3, P4, P5, P6: All zero. Cloud-first, account-required, no Git collaboration, Electron, no plugin architecture.
P11: Free for 4 users but core features (API versioning, unlimited projects) gated at $9–$27/mo; 4-user cap creates rapid upgrade pressure
P10✅P1✗P3✗P4✗P5✗P6✗
CLI Tools — Same Scoring

cURL & HTTPie

CLI tools score 0 on P2/P7 (no spec import by design) and P10 (no test framework). Their high scores on P1, P3, P5, P8, and P11 reflect genuine excellence in their category. The P2/P7/P10 gaps are category characteristics, not product failures.

cURL
curl.se · CLI · Free forever
6/10
"Perfect 2s on P1, P3, P5, P8, P11. Every other tool in this list either exports to cURL or references it. The irreducible primitive."
Where it fully meets the principles
P5: Written in C — the fastest possible implementation. Pre-installed on macOS, most Linux, Windows 10+. Sub-millisecond startup.
P8: Built-in proxy flags (-x, --proxy, --socks5-hostname, --proxy-user) — first-class proxy support by original design
P11: Free and open source under a MIT-derivative license since 1996. Will never have a paid tier.
P3: No account, no telemetry, no activation, no internet required to function
Category limitations
P2/P7: No spec import — it's a transfer tool, not a spec-aware design environment
P9: Scripting is via shell wrapper only — no native pre/post hooks with language runtime
P10: No test framework — assertions require external tooling (jq, grep, shell conditionals)
P3✅P5✅ CP8✅P11✅CLI-native
HTTPie
httpie.io · CLI + desktop · Free core
5/10
"cURL with readability. Python (not C) earns a partial on P5. Same category ceiling as cURL on P2/P7/P10, but a cleaner developer experience."
Where it fully meets the principles
P8: Built-in --proxy support — designed to work natively with any interception tool
P11: CLI is open source under BSD, free forever. Desktop/web app also free. Pro tier for AI/team features only.
P3: CLI is completely login-free, no account, works fully offline
Where it falls short
P5: Python — not C or Rust. Faster than a browser wrapper but slower startup than cURL. Partial credit only.
P2/P7/P10: Same category gaps as cURL — no spec import, no test framework
P9: Scripting via shell wrapper only — no native runtime hooks
P8✅P11✅P5⚠ PythonCLI-native
Part 4Key Findings
What the scoring reveals

The Gap Map

Bruno and Voiden tie at 8 — for different reasons. Bruno wins on scripting and testing maturity; Voiden wins on plugin architecture, pricing (fully free, no tier at all), and multi-language script hooks. The only principle both fail is P5 — both are Electron-based. If either rebuilt on Tauri or another native runtime they would break away from the pack.

Yaak is the P5 outlier. It's the only GUI client that scores a full 2 on native performance (Tauri + Rust). It would lead the chart at 9 if it had scripting and testing. Those two zero scores are the entire gap between first and third place — and they're a product decision, not an architectural constraint.

Insomnia drops from 7 to 6 when pricing is scored. Its account dependency hurts it from two angles simultaneously: P3 (zero login) is a hard zero, and P11 (pricing) is a partial because the free tier is account-gated. The storage flexibility architecture is genuinely excellent — it just sits behind a login wall.

Postman scores 5 despite failing five principles because its scripting and testing (P9/P10) are class-leading. It solves the developer workflow problem well — just via a completely different philosophy than these principles describe.

The ideal modern API client doesn't exist yet

A tool that combined Yaak's Rust/Tauri stack with Bruno's scripting + testing would score 9 or 10. The current ceiling is 8. P5 (native performance) is the most-failed principle across all GUI clients — six out of eight GUI clients run on Electron. The entire GUI API client space except Yaak still wraps a browser engine.

P3 (zero login) eliminates four of eight GUI clients before any other evaluation. Insomnia, Hoppscotch, Apidog, and Postman all require an account for meaningful use. For teams with strict data sovereignty or privacy requirements, this is a hard architectural boundary — not a preference.

P11 (pricing) reshapes the bottom of the table. Postman's 1-user-only free plan (March 2026) earns it a P11 zero — the worst pricing score in the group. This is not a product capability gap; it's a strategic positioning choice that makes Postman increasingly inaccessible to the individual developers who evangelise tools to teams. Voiden being fully free with no tier at all earns it the only clean P11 score in the GUI category.

pricingsaas.com · Pulse · API Client Scorecard v5 · June 2026
Scored against 11 principles · P10 for Voiden corrected · P11 (Pricing) added · Maturity excluded from scoring