Mockify is a client–server web application for creating, managing, and securing configurable REST API mocks to speed up development, testing, and team collaboration.
-
REST API Mocking: Create and manage fully configurable mock endpoints using Spring Boot, allowing teams to simulate REST APIs for development and testing.
-
Advanced Mock Configuration: Each mock can define route, HTTP method, headers, status code, content type, response body (JSON, XML, or HTML), artificial delay, expiration time, and optional JWT protection.
-
Project-Based Organization: Users can create projects and associate multiple mocks to each one, keeping APIs structured and easy to manage.
-
User Registration & Authentication: Authentication and authorization are handled with Spring Security and JSON Web Tokens (JWT). Roles include ADMIN and MEMBER, with fine-grained permissions enforced server-side.
-
Role-Based Access Control:
- ADMIN users can manage users, assign roles, and delete projects or mocks.
- MEMBER users can create and edit projects and mocks but cannot delete them.
-
Distributed Sessions & Caching: Redis is used via Spring Session to store distributed sessions and cache mock metadata, enabling scalability and consistent authentication across instances.
-
Internationalization (i18n): The entire application supports multiple languages, currently English and Spanish.
-
Responsive Web Interface: The frontend, built with Next.js, React, and Tailwind CSS, provides a clean and responsive UI for CRUD operations on projects, mocks, and users.
-
Secure Client–Server Communication: Sensitive routes on the frontend are protected using JWT stored in HTTP-only cookies.
-
Containerized Deployment: The entire system is containerized using Docker and orchestrated with Docker Compose, including the Spring Boot backend, Redis, and the Next.js frontend.
-
Environment-Based Configuration: Ports, credentials, JWT settings, and service connections are fully configurable through environment variables.
-
Tech Stack
- Backend: Java, Spring Boot (MVC, REST, Security), JWT
- Cache & Sessions: Redis (Spring Session)
- Frontend: Next.js, React, Tailwind CSS
- Containerization: Docker, Docker Compose
mockify.mp4
A more extensive showcase is available in my portfolio!
-
Spring Boot: Backend framework used to build the REST API that serves and executes configurable mock endpoints with validation, pagination, and internationalization.
-
Spring Security: Security framework responsible for authentication and authorization, enforcing role-based access control (ADMIN / MEMBER) across all endpoints.
-
JSON Web Tokens (JWT): Stateless authentication mechanism used for user login, role validation, and optional protection of mock endpoints.
-
Redis: In-memory data store used with Spring Session to manage distributed sessions and cache mock metadata for scalable access.
-
Next.js: React framework powering the frontend UI, route protection, and server-side rendering for the Mockify management interface.
-
React: Core library for building interactive components such as project lists, mock editors, and user management views.
-
Tailwind CSS: Utility-first CSS framework used to implement a responsive, clean interface for forms, tables, and dashboards.
-
Docker: Containerization platform used to package the Spring Boot backend, Redis, and Next.js frontend into reproducible services.
-
Docker Compose: Orchestration tool defining and running the multi-container Mockify stack in development and deployment environments.
- Docker
- Clone the repository:
git clone https://github.com/vladimircuriel/mockify- Navigate to the project directory:
cd mockify- Run the services:
docker compose up -d- Access the application:
Open your browser and visit http://localhost:3000 to access the user interface.
-
No public mock creation: Only registered users can create mocks; there is no anonymous or public mode for quickly generating temporary mocks.
-
Mocks cannot be deleted: Mocks are soft-disabled only. Even ADMIN users cannot permanently delete them, which may lead to long-term data accumulation.
-
Limited lifecycle control: While mocks can be edited and deactivated, there is no archival or cleanup mechanism for inactive or expired mocks.
-
No project deletion: Projects cannot be removed once created, and mocks cannot be reassigned between projects, reducing flexibility in long-running environments.
-
Single-response mocks only: Each mock supports only one static response. Conditional responses based on request headers, body, or query parameters are not supported.
-
No request validation: Incoming request payloads are not validated against schemas, which limits realism when simulating stricter APIs.
-
No abuse protection: There is no rate limiting or throttling mechanism to protect mock endpoints from excessive or malicious traffic.
-
Limited security controls:
- JWT tokens cannot be revoked before expiration.
- There is no validation of potentially malicious content in user-defined mock responses.
-
Lack of auditability: The system does not keep audit logs tracking who created, modified, or deactivated mocks.
-
No monitoring or metrics UI: Although the architecture is prepared for scalability, there are no built-in metrics or dashboards available for ADMIN users to monitor usage or system health.
-
Scalability not active: Horizontal scaling is part of the design but is not currently enabled or observable in runtime behavior.