What a .http file is
The format is a small, readable convention that started with the Visual Studio Code REST Client extension and is now understood by the JetBrains HTTP Client, the Visual Studio 2022 .http editor, and Karve. The same file works across all of them, so the requests you write are portable — no proprietary export, no lock-in. Some tools also recognize the .rest extension for the identical format.
A file is a sequence of requests. Each request is a method and a URL, optionally followed by headers and a body. That's the whole idea — the rest of this guide fills in the details.
Your first request
A request is a single line in the form METHOD URL. The method is the HTTP verb; the URL is anything reachable from your machine, query string and all:
GET https://api.example.com/users/1
Karve runs all the common HTTP methods:
In Karve, press the Run button on the method line to send the request and see the response next to your file.
Many requests in one file
Separate requests with a line beginning ###. Anything you type after the ### becomes the request's name, which Karve shows in the explorer and history:
### Get a user
GET https://api.example.com/users/1
### List all users
GET https://api.example.com/users
### Health check
GET https://api.example.com/health
Karve shortcut
The ### is optional between requests — a new method line on its own starts a new request automatically. Use named ### separators when you want readable labels in the explorer.
Headers
Add headers on their own lines immediately after the method line — one Name: Value per line, with no blank line in between:
GET https://api.example.com/users
Accept: application/json
Authorization: Bearer my-token-here
Keep secrets out of committed files. Tokens and API keys written directly in a .http file will land in your Git history. Put real secrets in a value you don't commit, and share a placeholder with your team.
Request body
Leave one blank line after the headers, then write the body. For a JSON POST:
POST https://api.example.com/users
Content-Type: application/json
{
"name": "Ada Lovelace",
"email": "ada@example.com"
}
The blank line is what tells the parser "headers are done, the body starts here." Everything up to the next ### (or the next method line) is the body.
Comments
Any line that starts with # is a comment and is ignored when the request runs. Use it to leave notes or temporarily disable a header:
# Fetch the current user's profile
GET https://api.example.com/me
Accept: application/json
# Authorization: Bearer disabled-for-now
Variables
Declare a variable with a line that starts with @, in the form @name = value. Reference it anywhere — in a URL, a header, or a body — by wrapping the name in double curly braces: {{name}}.
@baseUrl = https://api.example.com
@token = my-token-here
### Get a user
GET {{baseUrl}}/users/1
Authorization: Bearer {{token}}
### Create a user
POST {{baseUrl}}/users
Content-Type: application/json
Authorization: Bearer {{token}}
{
"name": "Grace Hopper"
}
Variables are file-wide: declare @baseUrl once at the top and reuse it across every request in the file. Change the value in one place and every request follows. Names are case-sensitive and have no spaces.
To give the same variables different values per server — dev, staging, prod — use environments: see variables & environments in .http files.
Basic authentication
HTTP Basic auth sends a username and password with the request. Add an Authorization: Basic header and let Karve handle the encoding. You can write the credentials in any of three equivalent ways — Karve sends the identical request for all of them, base64-encoding the two plaintext forms for you, just like the VS Code REST Client and JetBrains HTTP Client.
The plainest form is username:password:
GET https://httpbin.org/basic-auth/user/passwd
Authorization: Basic user:passwd
Or separate the username and password with a space — same result:
GET https://httpbin.org/basic-auth/user/passwd
Authorization: Basic user passwd
Already have the encoded string? Pass the base64 through unchanged:
GET https://httpbin.org/basic-auth/user/passwd
Authorization: Basic dXNlcjpwYXNzd2Q=
dXNlcjpwYXNzd2Q= is the base64 encoding of user:passwd — all three requests above are equivalent.
Pair it with variables to keep the credentials in one place:
@user = user
@pass = passwd
GET https://httpbin.org/basic-auth/user/passwd
Authorization: Basic {{user}}:{{pass}}
Same rule as any secret — don't commit real credentials to a file you share.
Bearer tokens, API keys, and getting an OAuth token in the first place are covered in the API authentication guide.
What Karve runs today
Karve focuses on the core format above — the part you reach for every day. Here's the quick map:
Supported now
- All common methods, headers, and bodies
- ### separators (named or implicit)
- # comments
- File-level @variables and {{refs}}
- Environments via .env files
Ecosystem extras
- JSON environment files (http-client.env.json)
- Request chaining & response variables
- Generated system values (timestamps, random)
- Binary file attachment
Individual clients layer their own extensions on top of the format. Karve does not run the features listed here today; a file remains readable text, but requests that depend on those extensions will not behave the same.