httpbingo.org — external data sources living fixture

This page is a permanent end-to-end test fixture for the external-data-sources feature. Every card below is an ApiProbe component whose values are BOUND to a saved request on a httpbingo fixture data source; the 'proves' line on each card documents exactly which capability that block exercises. Sources live in Admin → Data Sources (names prefixed 'httpbingo fixture'). NOTE: visitor form submission does not exist — everything here is render-time fetching only.

GET single-item bind — /get

Proves: a plain GET saved request bound to a component; response dot-paths (args.fixture.0, method, url) hydrate declared props server-side. The 'fixture=get-bind' query param is stored on the saved request itself.

echoed query param:
method:
requested url:

No slides

Empty state — shown only if the API call fails or returns no rows (graceful degradation, never a 500).

Placeholder substitution — /anything/{thing}?greeting={greeting}

Proves: {placeholder} tokens in the saved request's PATH ({thing}) and QUERY ({greeting}) are filled from THIS block's own props (p1='honey pot', p2='hello from props') via {prop} param specs, URL-encoded on insert (note the space survives as %20). Compare the requested url below with the p1/p2 values.

echoed {greeting} (from prop p2):
requested url ({thing} from prop p1):

POST-to-query — /post

Proves: a POST saved request with a JSON bodyTemplate ('{"msg":"{msg}"}') is legal in a render bind; {msg} here is a LITERAL param ('hello from a POST render bind'), JSON-escaped on insert. httpbingo echoes the parsed body under json.*.

echoed body msg:
method:

PUT — /put

Proves: PUT with a JSON bodyTemplate works through the same central engine (non-idempotent → never retried, never cached).

echoed body msg:
method:

DELETE — /delete

Proves: DELETE with a {placeholder} query param works; httpbingo echoes it under args.

echoed reason:
method:

CACHED — /uuid with TTL 300s

Proves: per-request caching. This request has cacheEnabled + TTL 300s — reload the page repeatedly: this uuid stays THE SAME for up to 5 minutes (or until purged via the request's Purge button in Data Sources).

uuid (frozen ≤300s):

LIVE — /uuid with cache off

Proves: the same endpoint with cacheEnabled=false hits httpbingo on EVERY render — reload the page: this uuid changes every time while the cached one (left) does not.

uuid (new every render):

BASIC auth — /basic-auth/bee/hive

Proves: authType=basic. The source's write-only secret is 'bee:hive'; the engine sends the Authorization: Basic header server-side and httpbingo authenticates it. authenticated=true below comes from the API.

authenticated user:
authenticated:

BEARER token — /bearer

Proves: authType=header with authParam 'Authorization' and secret 'Bearer fixture-token-123' — the standard bearer-token pattern. httpbingo echoes the accepted token.

token seen by API:
authenticated:

CUSTOM HEADER key — /headers

Proves: authType=header with a custom header name (X-Api-Key). httpbingo's /headers echoes every request header — the secret below arrived as a header, injected server-side (never visible in the browser's network tab).

X-Api-Key seen by API:

QUERY key — /get

Proves: authType=query with authParam 'api_key' — the secret rides as ?api_key=… on the request URL, appended server-side. httpbingo echoes it under args.

api_key seen by API:

Form → api saved request (POST /post echo)

PROVES: a Form block bound to formTarget kind=api submits through POST /api/forms/submit, which resolves this block from the PUBLISHED page (hidden __bb_page/__bb_block inputs — the client never names the target), fills the saved request's {msg} placeholder from the form field, and fires the central fetch engine server-side (cache bypassed, never retried). Works twice: native no-JS form-data POST → 303 redirect back with ?bb_form=ok, and with JS the enhancement script re-posts via fetch + Accept:application/json → inline status below the button.

Form → collection (contact form, opt-in)

PROVES: the same Form block with formTarget kind=collection writes visitor submissions into the 'Form fixture enquiries' collection (content_form_fixture_enquiries), which EXPLICITLY opted in via publicSubmissions (PATCH _op:set_public_submissions — default OFF, toggle it off and this form 403s). Fields are validated against the collection schema (unknown/system/slug fields dropped, required fields enforced → 400) and every item lands FORCED status=draft, never auto-published. Same dual submit modes as the api card.