Effective Date: February 2026
Last Updated: June 24, 2026
Summary
API Reverse Engineer is a privacy-first Chrome extension. We collect zero data. All API captures happen locally on your device and never leave your browser.
What We Collect
Nothing.
This extension:
- Does NOT send data to any external server
- Does NOT use analytics or tracking
- Does NOT store data in cloud services
- Does NOT require account login or authentication
- Does NOT use cookies for tracking, and never sends any cookie off your device
- Does NOT log user behavior
How It Works
All API capture and processing happens entirely on your device:
- Content Script — Intercepts network requests from the page you’re visiting (fetch and XHR events)
- Background Service Worker — Stores captures in
chrome.storage.session, computes statistics locally - Popup UI — Displays captured data and generates JSON export. All processing happens in-browser.
- Download Cookies (opt-in) — The optional «Download Cookies» button uses the
cookiespermission. Only when you click it, the extension reads the active tab site’s cookies (including httpOnly authentication cookies such asli_at/JSESSIONID) viachrome.cookiesand saves them to a local.jsonfile so you can replay the site’s own API. These cookies are never part of a capture and are never transmitted anywhere. If you never click the button, no cookies are ever read.
No external calls are made at any point.
Data You Generate
When you download a capture, you get a JSON file that includes request methods, URLs, headers, request/response bodies, status codes, and timing info.
This file is yours. You can delete it anytime. We never see it.
Permissions We Request
| Permission | Why |
|---|---|
<all_urls> | To intercept API calls on any website (strictly local) |
tabs | To identify which tab is recording |
activeTab | To scope recording to active tab only |
storage | To store session captures temporarily |
scripting | To inject interceptor code into pages |
cookies | Only for the opt-in «Download Cookies» button — reads the active site’s cookies on an explicit click and saves them to a local file for API replay. Never transmitted. |
unlimitedStorage | To stream large captures to local disk (OPFS) without the ~10 MB quota. Stays on-device. |
These permissions are only used locally. We never collect, transmit, or log any data.
Retention & Deletion
- Captures stored in
chrome.storage.sessiononly - Cleared automatically when you close the tab or browser session
- You control deletion via the «Clear» button
- Downloaded JSON files are stored only on your computer
Third-Party Services
None. This extension uses only Chrome APIs and vanilla JavaScript. No third-party libraries, no external API calls, no CDN resources.
Changes to This Policy
We may update this policy occasionally. Any changes will be reflected here with an updated date.
Contact
Questions? Open an issue on GitHub.
Legal
This extension is provided «as is» under the MIT License.
We respect your privacy. Period.