Reference

Curlex vs Postman vs Bruno

Curlex vs Postman vs Bruno

There are three major desktop API clients right now: Postman, Bruno, and Curlex. Each makes different trade-offs. This page breaks down exactly what each tool supports so you can decide which one is the right fit for how you work.

Key:

SymbolMeaning
Fully supported
⚠️Partial or limited support
Not supported

Philosophy and Architecture

The most fundamental difference between these tools is not in their feature lists — it is in their underlying approach to where your data lives and how much you have to trust the vendor.

BrunoPostmanCurlex
Requires creating an accountNoYesNo
Your collections are stored locally✅ Plain files on disk❌ Postman's cloud✅ Local database
Open source✅ MIT licence❌ Proprietary
Works completely offline⚠️ Limited
Cloud syncGit-based onlyMandatory (Postman servers)Optional (your own Git remote)
Desktop app✅ Electron (~300 MB)✅ Electron (~400 MB)✅ Tauri / Rust (~15 MB)
CLI tool for CI pipelinesbru run✅ Newman
Free tier✅ Fully unlimited⚠️ Limited✅ Fully unlimited

What this means in practice:

  • Postman requires a cloud account and synchronises your collections to Postman's servers. If you have concerns about sending your API endpoint structure, credentials, or test data to a third party, this matters.
  • Bruno stores every request as a plain text file on your disk. This makes it easy to commit collections alongside your code in Git.
  • Curlex stores everything locally in a database inside the app, with optional push to any Git remote you choose.

Protocol Support

ProtocolBrunoPostmanCurlex
REST and HTTP
GraphQL (queries and mutations)
GraphQL subscriptions (real-time)
GraphQL schema introspection
GraphQL visual schema explorer
gRPC
General WebSocket❌ (GraphQL-over-WS only)
SOAP / XML⚠️ Can send XML body; no WSDL support
HTTP/2

Authentication

Auth TypeBrunoPostmanCurlex
No auth
Basic (username + password)
Bearer token
API Key (header or query param)
OAuth 1.0 (HMAC-SHA1 / SHA256 / PLAINTEXT)
OAuth 2.0 — Authorization Code
OAuth 2.0 — Auth Code + PKCE
OAuth 2.0 — Client Credentials
OAuth 2.0 — Password Grant
OAuth 2.0 — Implicit
OAuth 2.0 token auto-refresh
Inherit auth from parent collection
Client certificates (mTLS)
Custom CA bundle
Digest Auth
NTLM Auth
AWS Signature v4

Building Requests

FeatureBrunoPostmanCurlex
All standard HTTP methods
Query params with enable/disable toggle
Custom headers
JSON, XML, HTML, and plain text bodies
Form data (multipart)
URL-encoded form body
Binary file upload
GraphQL body type
Per-request timeout
Follow redirects toggle
SSL verification toggle
Markdown description per request
Proxy support

Reading Responses

FeatureBrunoPostmanCurlex
JSON, XML, HTML, text rendering
JSON pretty-print
JSONPath filtering
Response headers view
Cookies view
Status code, time, size metrics
HTTP waterfall timing (DNS/TCP/TLS/TTFB/Download)
Redirect chain visualization
Binary and PDF response rendering
TLS certificate chain details

Variables and Environments

FeatureBrunoPostmanCurlex
Environment variables
Collection variables
Global variables
Folder-level variables
Secret / masked variables
60+ built-in dynamic variables
Variable scope precedence chain
Environment import and export

Scripting

FeatureBrunoPostmanCurlex
Pre-request scripts
Test scripts (post-response)
Scripts run in a background thread
Collection-level scripts
Folder-level scripts
pm.* Postman API compatibility
Execution flow control (skip, jump, abort)
Chai BDD assertions
variables.replaceIn() string substitution
External npm libraries in scripts✅ curated set
Visual (no-code) assertion builder

Collections and Organisation

FeatureBrunoPostmanCurlex
Collections with unlimited nested folders
Drag-and-drop reordering
Multiple workspaces
Request duplication
Sidebar search
Request history
Collection documentation viewer
Favorite / pin collections

Automated Testing and the Runner

FeatureBrunoPostmanCurlex
Collection runner
Select which requests to run
Delay between requests
Retry failed requests
Stop on first failure
Data-driven testing (CSV / JSON)
Run history saved locally
Export as JUnit XML
Export as HTML
Export as PDF
CI/CD CLI runnerbru run✅ Newman

Import and Export

FormatBrunoPostmanCurlex
Import Postman v2.1 collections
Import cURL commands
Import OpenAPI / Swagger (OAS 3.x + Swagger 2.x)
Import Insomnia collections
Import WSDL / SOAP
Export as OpenAPI 3.0
Export native format
Export environments

Code Generation

Target languageBrunoPostmanCurlex
cURL
JavaScript (Fetch)
JavaScript (Axios)
Node.js (http module)
Python (requests)
PHP (cURL)
Java (OkHttp)
Dart (http package)
Go
Ruby
C#

Security Features

FeatureBrunoPostmanCurlex
All data stays local (no vendor cloud)
Secret variables masked in UI and logs
OS keychain for credential storage
Built-in secret vault with domain restrictions
AWS / Azure / HashiCorp Vault integration

Git Integration and Collaboration

FeatureBrunoPostmanCurlex
Collections stored as plain files (Git-native)
Push and pull via UI
Auto-sync on save
Conflict detection
Works with any Git remote
Real-time team collaboration

Desktop Performance

This is where Curlex is in a completely different league. Curlex is built with Tauri — a framework that uses your operating system's native webview instead of bundling an entire Chromium browser. The result is an app that is a fraction of the size and uses significantly less memory.

Bruno (Electron)Postman (Electron)Curlex (Tauri)
Download size~300 MB~400 MB~15 MB
Memory footprintHighVery HighLow
HTTP requests handled byNode.jsNode.jsNative Rust
OS keychain access
Network diagnostics
TLS certificate info in responses

What Curlex Does That the Others Do Not

A few things Curlex offers that neither Postman nor Bruno have:

  • PDF test run reports — export your Collection Runner results as a polished PDF for sharing with people who do not use API clients.
  • OS keychain integration — passwords and secrets are stored in macOS Keychain, Windows Credential Manager, or Linux libsecret — not in the app's own database.
  • Built-in Vault — a domain-restricted secret store where sensitive values are encrypted and never written to your collection files or Git history.
  • TLS certificate chain details — see the full certificate chain for any HTTPS response, directly in the response view.
  • Redirect chain visualization — see every redirect hop with its own status code and headers.
  • Dart code generation — generate Dart http package code for Flutter developers.
  • Favorite/pin collections — keep your most-used collections pinned to the top of the sidebar.
  • ~15 MB install size — fast to download, fast to start, easy on RAM.

Summary Scorecard

CategoryBrunoPostmanCurlex
Protocol support8/1010/106/10
Authentication9/1010/108/10
Variables and environments9/109/109/10
Scripting and automation9/1010/107/10
Collections and organisation8/109/109/10
Runner and testing9/109/108/10
Import and export9/109/107/10
Security10/106/108/10
Desktop performance6/105/1010/10
Total77/9077/9072/90

Curlex's score reflects a deliberate focus: a fast, private, native desktop experience over breadth of protocol support. As the roadmap closes key gaps — proxy support, Digest and AWS authentication, collection-level scripts, general WebSocket — the overall score will continue to rise.

Switching to Curlex

From Postman

  1. In Postman, open your collection and click Export → choose Collection v2.1 → save the JSON file.
  2. In Curlex, click Import in the header → choose Postman → select the file.
  3. Your requests, folders, headers, bodies, and auth settings come across intact.
  4. Scripts you wrote using the pm.* API continue to work — Curlex supports pm as a full alias for fc.

From Bruno

Bruno stores collections as .bru files. Export your collection as Postman-format JSON from Bruno (Bruno supports this), then follow the Postman import steps above.