Mock Server

The Xavigate mock server runs Prism against the live OpenAPI spec. It returns realistic example responses for every endpoint without requiring an account or API key.

Base URL: https://mock-api.xavigate.com

Use any string as the Authorization header. The mock server validates request shape but ignores authentication.

# Works — any key value
curl https://mock-api.xavigate.com/v1/health
# {"status":"ok"}

curl -X POST https://mock-api.xavigate.com/v1/nature/subjects \
  -H "Authorization: Bearer any_value" \
  -H "Content-Type: application/json" \
  -d '{"consent_artifact":{"consent_text_version":"v1","consented_at":"2026-04-21T00:00:00Z","ui_snapshot_hash":"sha256:abc"}}'

Response behavior

Returns the example values defined in the OpenAPI spec
Validates every request against the spec — returns 400 if the request body doesn't conform
No state: repeated calls return identical responses
All Nature endpoints return realistic MN + MI score examples

Run locally

cd xavigate-dev-platform/mock
npm install
npm run start
# → http://localhost:4010

# Or with Docker
docker compose up

Limitations

The mock server does not persist state — creating a subject and then retrieving it by ID always returns the example subject regardless of what ID you used
Assessment submission (PATCH) always returns the example in-progress assessment — it won't transition to completed
Use the real sandbox (api.xavigate.com with test_* keys) when you need stateful behavior

Source

Mock server lives at xavigate-dev-platform/mock/. The spec it reads: design/openapi.yaml. Deployed to Fly.io on every push to main that changes the spec.

No signup needed​

Response behavior​

Run locally​

Limitations​

Source​

No signup needed

Response behavior

Run locally

Limitations

Source