How to Copy API Requests from the Network Tab
When you’re debugging API requests in the browser and spot a 400 or 500 error, the fastest way to investigate is to copy that request directly from the Network tab and replay it in a dedicated API client. No proxy setup required. Here’s how to do it efficiently across Chrome, Edge, and Firefox.
Key Takeaways
- Use Copy as cURL for terminal testing, importing into API clients like Postman or Insomnia, and sharing reproducible requests with teammates.
- Use Copy as fetch when you want to replay or scaffold requests directly in a JavaScript context, such as the browser console or a Node.js script.
- Filter by Fetch/XHR and enable Preserve log before capturing requests to avoid losing entries during navigation.
- Always sanitize copied requests before sharing them — they often contain auth tokens, session cookies, and API keys.
The Standard Workflow
Open DevTools (F12 or Cmd+Option+I on Mac), navigate to the Network tab, and trigger the action that fires the request. Once the request appears in the list, right-click it to access the copy options.
Before you copy, two settings are worth checking:
- Filter by Fetch/XHR — Click the “Fetch/XHR” filter button to hide static assets and focus only on API calls. This makes it much easier to locate the right request.
- Preserve log — Enable this if the request happens during a page navigation or redirect. Without it, the Network tab clears on navigation and you’ll lose the entry.
To find a specific endpoint quickly, use the Search panel (Ctrl+F / Cmd+F in the Network tab) and search by URL fragment or endpoint name.
Copy as cURL vs. Copy as Fetch
Right-clicking a request gives you several copy options. The two most useful are Copy as cURL and Copy as fetch.
Copy as cURL
This is the most widely supported option across Chrome, Edge, and Firefox. It produces a shell command you can paste directly into a terminal or import into tools like Postman or Insomnia.
curl 'https://api.example.com/users' \
-H 'Authorization: Bearer eyJhbGci...' \
-H 'Content-Type: application/json' \
--data-raw '{"page":1}'Best for: Terminal testing, sharing with backend teammates, importing into API clients, or filing bug reports with a reproducible request.
Copy as Fetch
This outputs a JavaScript fetch() call you can paste directly into the browser console or a Node.js script.
fetch("https://api.example.com/users", {
method: "POST",
headers: {
"Authorization": "Bearer eyJhbGci...",
"Content-Type": "application/json"
},
body: JSON.stringify({ page: 1 })
});Best for: Quick console testing, reproducing issues in JavaScript environments, or scaffolding fetch calls in your codebase.
Chrome and Edge also offer Copy as Node.js fetch and Copy as PowerShell for environment-specific workflows.
Discover how at OpenReplay.com.
When Copied Requests Won’t Replay Successfully
Copying a request captures its state at that exact moment, including session cookies, auth tokens, and CSRF headers. Replaying it later can fail for several reasons:
- Expired tokens or sessions — JWTs and session cookies have TTLs. A copied request from an hour ago may return a 401.
- Cookie-bound authentication — Some auth flows rely on
HttpOnlycookies that aren’t fully visible in the copied output. - Request sequencing — Some APIs require a prior request (e.g., fetching a CSRF token) before the target call will succeed.
If a replayed request fails unexpectedly, check the auth headers first.
Exporting Multiple Requests: HAR Files
To capture and export multiple requests at once, use the HAR export option in the Network tab. In current Chrome and Edge versions, HAR exports are sanitized by default and may exclude sensitive headers such as cookies and authorization data unless you explicitly enable exporting with sensitive data. The resulting .har file (JSON format) can be imported into tools like Postman or Insomnia, or processed with tools like jq to extract URLs and payloads in bulk.
A Note on Security
Copied requests often contain sensitive data: auth tokens, session cookies, API keys, and request bodies. Before sharing a cURL command or HAR file with a colleague or in a bug report, sanitize it — replace real tokens with placeholders like <TOKEN> and strip any personal data from the payload.
Conclusion
Copying API requests from the Network tab is one of the most practical debugging moves in a frontend developer’s toolkit. Use Copy as cURL when you need portability and tool compatibility. Use Copy as fetch when you’re staying in a JavaScript context. Either way, you’re seconds away from a reproducible, inspectable request.
FAQs
Yes, but only if you enabled Preserve log before the navigation occurred. Without it, the Network tab clears all entries on each page load or redirect. Make it a habit to toggle Preserve log on before reproducing issues that involve redirects or full-page navigations.
The most likely cause is an expired authentication token or session cookie. Copied requests capture credentials as they existed at that moment. If the JWT or session has since expired, the server will reject the request. Copy and replay the request promptly, or refresh your token before retrying.
Copy as cURL generates a shell command suitable for terminals and API clients like Postman or Insomnia. Copy as fetch produces a JavaScript fetch call you can run in the browser console or a Node.js script. Choose cURL for portability across tools and teams, and fetch for JavaScript-based debugging.
HAR files capture full request and response data, including auth tokens, cookies, and request bodies. They can expose sensitive information if shared without review. Always inspect the file contents and redact credentials, API keys, and personal data before attaching a HAR file to any report or message.
Gain control over your UX
See how users are using your site as if you were sitting next to them, learn and iterate faster with OpenReplay. — the open-source session replay tool for developers. Self-host it in minutes, and have complete control over your customer data. Check our GitHub repo and join the thousands of developers in our community.
