Saltar al contenido
CristianTala_

página

Privacy Policy – API Reverse Engineer

Effective Date: February 2026
Last Updated: June 24, 2026

Summary

API Reverse Engineer is a privacy-first Chrome extension. We collect zero data. All API captures happen locally on your device and never leave your browser.

What We Collect

Nothing.

This extension:

  • Does NOT send data to any external server
  • Does NOT use analytics or tracking
  • Does NOT store data in cloud services
  • Does NOT require account login or authentication
  • Does NOT use cookies for tracking, and never sends any cookie off your device
  • Does NOT log user behavior

How It Works

All API capture and processing happens entirely on your device:

  1. Content Script — Intercepts network requests from the page you’re visiting (fetch and XHR events)
  2. Background Service Worker — Stores captures in chrome.storage.session, computes statistics locally
  3. Popup UI — Displays captured data and generates JSON export. All processing happens in-browser.
  4. Download Cookies (opt-in) — The optional «Download Cookies» button uses the cookies permission. Only when you click it, the extension reads the active tab site’s cookies (including httpOnly authentication cookies such as li_at / JSESSIONID) via chrome.cookies and saves them to a local .json file so you can replay the site’s own API. These cookies are never part of a capture and are never transmitted anywhere. If you never click the button, no cookies are ever read.

No external calls are made at any point.

Data You Generate

When you download a capture, you get a JSON file that includes request methods, URLs, headers, request/response bodies, status codes, and timing info.

This file is yours. You can delete it anytime. We never see it.

Permissions We Request

PermissionWhy
<all_urls>To intercept API calls on any website (strictly local)
tabsTo identify which tab is recording
activeTabTo scope recording to active tab only
storageTo store session captures temporarily
scriptingTo inject interceptor code into pages
cookiesOnly for the opt-in «Download Cookies» button — reads the active site’s cookies on an explicit click and saves them to a local file for API replay. Never transmitted.
unlimitedStorageTo stream large captures to local disk (OPFS) without the ~10 MB quota. Stays on-device.

These permissions are only used locally. We never collect, transmit, or log any data.

Retention & Deletion

  • Captures stored in chrome.storage.session only
  • Cleared automatically when you close the tab or browser session
  • You control deletion via the «Clear» button
  • Downloaded JSON files are stored only on your computer

Third-Party Services

None. This extension uses only Chrome APIs and vanilla JavaScript. No third-party libraries, no external API calls, no CDN resources.

Changes to This Policy

We may update this policy occasionally. Any changes will be reflected here with an updated date.

Contact

Questions? Open an issue on GitHub.

This extension is provided «as is» under the MIT License.

We respect your privacy. Period.