This page is a permanent end-to-end test fixture for the external-data-sources feature. Every card below is an ApiProbe component whose values are BOUND to a saved request on a httpbingo fixture data source; the 'proves' line on each card documents exactly which capability that block exercises. Sources live in Admin → Data Sources (names prefixed 'httpbingo fixture'). NOTE: visitor form submission does not exist — everything here is render-time fetching only.
Proves: a plain GET saved request bound to a component; response dot-paths (args.fixture.0, method, url) hydrate declared props server-side. The 'fixture=get-bind' query param is stored on the saved request itself.
Empty state — shown only if the API call fails or returns no rows (graceful degradation, never a 500).
Proves: {placeholder} tokens in the saved request's PATH ({thing}) and QUERY ({greeting}) are filled from THIS block's own props (p1='honey pot', p2='hello from props') via {prop} param specs, URL-encoded on insert (note the space survives as %20). Compare the requested url below with the p1/p2 values.
Proves: a POST saved request with a JSON bodyTemplate ('{"msg":"{msg}"}') is legal in a render bind; {msg} here is a LITERAL param ('hello from a POST render bind'), JSON-escaped on insert. httpbingo echoes the parsed body under json.*.
Proves: PUT with a JSON bodyTemplate works through the same central engine (non-idempotent → never retried, never cached).
Proves: DELETE with a {placeholder} query param works; httpbingo echoes it under args.
Proves: per-request caching. This request has cacheEnabled + TTL 300s — reload the page repeatedly: this uuid stays THE SAME for up to 5 minutes (or until purged via the request's Purge button in Data Sources).
Proves: the same endpoint with cacheEnabled=false hits httpbingo on EVERY render — reload the page: this uuid changes every time while the cached one (left) does not.
Proves: authType=basic. The source's write-only secret is 'bee:hive'; the engine sends the Authorization: Basic header server-side and httpbingo authenticates it. authenticated=true below comes from the API.
Proves: authType=header with authParam 'Authorization' and secret 'Bearer fixture-token-123' — the standard bearer-token pattern. httpbingo echoes the accepted token.
Proves: authType=header with a custom header name (X-Api-Key). httpbingo's /headers echoes every request header — the secret below arrived as a header, injected server-side (never visible in the browser's network tab).
Proves: authType=query with authParam 'api_key' — the secret rides as ?api_key=… on the request URL, appended server-side. httpbingo echoes it under args.