Changelog

Publishing a journey now captures a snapshot of every resolved request, variable, and component reference. Future runs reuse that snapshot instead of re-resolving everything from scratch.

• First run after publish builds the snapshot
• Subsequent runs start from the cached snapshot
• Snapshots are versioned alongside the journey

Snapshots are immutable — editing a journey creates a new draft and leaves

historical runs reproducible.

See the execution docs for details.

Sandbox mode lets you fire a request template against a mock environment and inspect the response without touching a real API.

• Pick the sandbox environment and hit Send
• Responses are generated from the template's response shape
• Great for shaping assertions before you go live

Sandbox mode is in beta. Tell us what you'd like the mock engine to support

next at feedback@reqflo.dev.

Define your config once, then override just the values that differ per environment:

• Base config holds shared defaults
• Each environment overrides only what it needs
• Secrets stay referenced by alias and resolve at run time

This keeps staging and production in sync structurally while letting their values diverge where it matters.

Stop re-entering the same bearer token or API key on every request. Create an auth component once, then attach it wherever it applies.

• Bearer, basic, API key, and OAuth 2.0 schemes
• Credentials are stored as secret references, never raw values
• Update the component and every request that uses it follows along

Pick a saved auth component right from the request template editor, or build a new one inline and save it to the library.

We published a guide that walks through importing an OpenAPI spec and what Reqflo generates for you:

• One request template per operation
• Inferred path, query, header, and body fields
• Response shapes you can assert against immediately

Read it in the import guide.

The journey insert palette got a big upgrade. Search and filter assets without leaving the keyboard:

• Filter requests by method and API
• Browse saved scripts by language and package
• Embed sub-journeys and shape checks from the same panel

Use the arrow keys to navigate, ↵ to insert, and tab to cycle the method filter.

API keys are now first-class scoped principals, not shared admin passwords.

• Limit a key to specific permissions (for example, runs:create)
• Restrict a key to a project, service, or environment
• Set an expiry, rotate, and revoke at any time

Every key creation, use, failed use, and revocation is recorded as an audit event. Raw keys are shown once at creation and never stored or logged.

Re-syncing a spec used to regenerate every request template. Now we diff the spec and only update what changed:

• Unchanged operations are left untouched
• Changed operations show a clear source changed status
• Your local customizations are preserved as a customized version

Large specs re-sync in a fraction of the time.

A step with an attached retry policy was running once and giving up. The runner now applies the configured policy:

• Retries up to the configured maxAttempts
• Honors backoff between attempts
• Polling policies wait the configured interval before re-checking

Runs that previously failed on a flaky upstream should now pass reliably.