$ ./playground
Playground
Every request below hits the real production API from your browser — same rate limiter, same JWT validation, same metrics middleware that feeds /status. Nothing is mocked.
// endpoints
// auth demo — three clicks
① call /api/secret → 401 · ② get a token · ③ call it again → 200 with your claims. That contrast is JWT issuance, validation, and claims in one flow.
// rate limiter — trip it on purpose
The API allows a fixed window of requests per IP. This fires requests until one comes back 429 — the headers and Retry-After are the feature, not a bug.
// request
curl -i https://api.emran.blog/api/health// response
Pick an endpoint and hit run — the response, latency, and real rate-limit headers land here.