SaaS API Inspector (“the Extension”) is a developer tool that analyzes and categorizes API requests made by web pages you visit. This policy describes what data the Extension uses and how it is handled.
Data the extension processes
The Extension only processes data necessary to show API activity for the page you are viewing:
Request metadata: URL, HTTP method, path, status code, and timestamp of API requests (XHR/fetch) from the active browser tab.
Request headers: Header names and values are read to detect authentication type (e.g. JWT, Bearer, session cookie). Sensitive header values are never stored or displayed in full (see below).
Sensitive data is never stored
Authorization, Cookie, and Token headers are masked before any use. Their values are replaced with a placeholder (****MASKED****) and the Extension never logs, stores, or transmits the actual credentials.
Where data is stored
Session storage: Analyzed API request data (URLs, methods, categories, masked headers) for the current tab is kept in the browser’s session storage. It is cleared when you close the tab or the browser.
Local storage: Only your preferences are stored locally (e.g. which file types to exclude from the list per site). No request content or credentials are saved in local storage.
No data sent to us or third parties
The Extension does not send any data to the developer or to any external servers. All processing happens on your device. Exports (e.g. OpenAPI or Postman) are downloaded as files on your machine only.
Permissions
The Extension requests:
activeTab — to know which tab is active and show API activity for that tab only.
storage — to keep session data and your local preferences (e.g. filter settings).
webRequest and host permissions — to observe request URLs, methods, and headers so it can analyze and categorize API calls. Request bodies are not read; sensitive header values are masked as described above.
Your choices
You can clear the current session at any time using “Clear session” in the Extension. Uninstalling the Extension removes all stored preferences. Session data is not retained after you close the tab or browser.
Changes
We may update this privacy policy from time to time. The “Last updated” date at the top will be revised when changes are made. Continued use of the Extension after changes constitutes acceptance of the updated policy.
Contact
For questions about this privacy policy or the Extension’s data practices, please use the contact or support channel provided in the Chrome Web Store listing for SaaS API Inspector.