Skip to main content
UnblockDevs
All toolsHTTP Headers AnalyzercURL ConverterHAR → cURL

Payload Analyzer - Analyze API Payloads Instantly

Inspect, analyze, and optimize API request and response payloads

100% in-browserNo signupFree forever
You might also need
Browse all tools
HTTP Headers AnalyzerAnalyze HTTP response headerscURL ConverterConvert cURL to codeHAR → cURLConvert HAR files to cURLcURL → HTTPConvert cURL to HTTP requestAPI ComparatorCompare API responsesAll tools

What Is a Payload Analyzer?

An HTTP payload is the body of a request or response — the data transmitted alongside headers. When a frontend sends a login form, POST request, or webhook event, the payload carries the actual content: user credentials, JSON objects, file uploads, or XML documents. Understanding that content is essential for debugging APIs, auditing integrations, and optimizing performance.

A payload analyzer parses and inspects that body data regardless of its encoding. Instead of manually decoding a URL-encoded form string or counting bytes in a nested JSON tree, the analyzer surfaces structure, field types, size metrics, and content at a glance. It supports all common Content-Type values — JSON, form-urlencoded, multipart, XML, and plain text — so you can work with any API or webhook payload without switching tools.

How it works

Analyze Payloads in Seconds

01

Paste or type your payload

Paste the raw request body — JSON, form-encoded string, multipart data, XML, or plain text — directly into the editor.

02

Select the content type

Choose the Content-Type that matches your payload, or let the tool auto-detect it from the input format.

03

Inspect structure and fields

View a parsed breakdown of all fields, nested objects, arrays, data types, and individual field sizes.

04

Identify issues and optimize

Spot oversized fields, unexpected null values, missing keys, or structural mismatches against your API documentation.

Supported Content Types

The analyzer handles the six content types most commonly found in REST, GraphQL, and webhook payloads:

Content-TypeCommon use
application/jsonREST API request and response bodies, webhooks, GraphQL
application/x-www-form-urlencodedHTML form submissions, OAuth token requests
multipart/form-dataFile uploads, mixed form fields and binary data
text/xmlLegacy REST APIs, RSS/Atom feeds, configuration payloads
application/xmlSOAP services, enterprise integrations, XML-based APIs
text/plainRaw text bodies, log payloads, simple string data
Use cases

When Developers Analyze Payloads

🐛

API Debugging

Inspect the exact body sent to an endpoint when a request returns unexpected results — no guesswork about what was actually transmitted.

🔔

Webhook Inspection

Paste a raw webhook event body to decode its structure and verify fields before writing handler logic.

🔐

Security Testing

Examine request bodies for sensitive data exposure, unexpected fields, or injection payloads during penetration testing.

📄

API Documentation

Explore an undocumented payload to understand its schema and generate accurate field-level documentation.

🧪

Integration Testing

Verify that the payload a service sends during integration tests matches the expected contract before deploying.

📱

Mobile App Debugging

Analyze payloads from mobile apps to identify oversized responses or unnecessary fields that affect bandwidth and battery.

FAQ

Frequently Asked Questions

1Why does my server receive the request but req.body is undefined or empty?
If req.body is undefined in Express, you are missing body-parsing middleware. Add app.use(express.json()) for JSON payloads and app.use(express.urlencoded({ extended: true })) for form data. Also verify the client sends the correct Content-Type header — sending JSON without Content-Type: application/json means Express won't parse it. Middleware must be registered before route handlers.
2What content types does the Payload Analyzer support?
The tool supports application/json, application/x-www-form-urlencoded, multipart/form-data, text/xml, application/xml, and text/plain. Auto-detection works for most standard payloads.
3Is my payload data sent to any server?
No. All analysis runs entirely in your browser. Your payload data never leaves your device, making it safe to use with production credentials, tokens, and other sensitive request bodies.
4How is a payload analyzer different from a JSON formatter?
A JSON formatter only pretty-prints JSON. A payload analyzer handles multiple content types, measures size, inspects individual fields and data types, and surfaces structural information useful for debugging, security review, and documentation.
5Can I use this to inspect webhook payloads?
Yes. Copy the raw webhook body from your server logs, debugging proxy, or request inspector and paste it into the analyzer. The tool will parse and display its structure regardless of content type.
6Why does my API request fail even though the URL and headers look correct?
When the URL and headers are correct but the request fails, the problem is usually in the request body: mismatched Content-Type, double-encoded JSON, missing required fields, or camelCase vs snake_case field name mismatches. Paste the raw request body into this analyzer to inspect its structure and spot the mismatch against the API documentation.
7What is the maximum payload size for HTTP requests?
There is no HTTP protocol-level maximum, but servers enforce limits: Nginx defaults to 1MB (client_max_body_size), Express.js to 100KB for JSON, AWS API Gateway to 10MB, and Cloudflare Workers to 100MB. Exceeding these returns a 413 Request Entity Too Large error.
8How do I fix a 413 Request Entity Too Large error?
Increase the server body size limit (e.g. client_max_body_size 10m in Nginx or express.json({ limit: '10mb' }) in Express), compress the payload with gzip, paginate into smaller requests, or upload files to object storage and send only the URL.
9How do I inspect a request payload in Chrome DevTools?
Open DevTools (F12), go to the Network tab, and click any request. The Payload tab shows the decoded request body for POST/PUT requests. For JSON, Chrome displays a parsed tree view. Click "view source" to see the raw body.
10How do I check the size of a JSON payload?
Paste your JSON into this analyzer — it reports the total byte size automatically. In JavaScript: new Blob([JSON.stringify(obj)]).size. In Python: len(json.dumps(obj).encode('utf-8')).
11How do I mask sensitive data in payloads?
Replace sensitive fields (passwords, tokens, PII) with redacted placeholders before logging or sharing. Create a sanitizer function that deep-clones the payload and replaces sensitive keys with ***. This analyzer flags common sensitive field names (password, token, ssn, credit_card) to assist in identification.
12How do I find which field in my payload is causing the API to reject the request?
Paste the raw request body into this analyzer to view its full structure — field names, types, nested objects, and arrays. Compare against the API documentation or error message. Common culprits: fields sent as strings instead of numbers, null values where the API expects a value, extra unexpected fields, or camelCase vs snake_case mismatches.
Learn more

Developer Guides

📖Top 10 JSON Payload Errors📖Why API Payloads Break📖Payload Design Best Practices📖Fix Payload Parsing Errors

Last updated: May 2026

Feedback for payload_analyzer

Tell us what's working, what's broken, or what you wish we built next — it directly shapes our roadmap.

You make the difference

Good feedback is gold — a rough edge you hit today could be smoother for everyone tomorrow.

  • Feature ideas often jump the queue when lots of you ask.
  • Bug reports with steps get fixed faster — paste URLs or examples if you can.
  • Name and email are optional; we won't use them for anything except replying if needed.

Stay Updated

Get the latest tool updates, new features, and developer tips delivered to your inbox.

What you'll get
  • Product updates & new tools
  • JSON, API & developer tips
  • Unsubscribe anytime — no hassle

Get in touch

Feature ideas, bugs, or a quick thanks — we read every message.

support@unblockdevs.com