Developer Guide

Written by Casper Fenger Jensen • Updated 2026-04-14

How to Expose a Local API Over HTTPS

Put a local API on a real HTTPS URL for browser clients, mobile apps, webhook callbacks, and partner integrations without adding local TLS complexity.

Many local API problems are really HTTPS problems: CORS behavior, secure callbacks, external integrations, and browser restrictions all get easier when the API has a real HTTPS origin. Bore exposes the local API without changing the API server itself.

local api httpslocalhost api sslhow to add ssl to local api

Install Bore

curl -sL https://bore.dk/install.sh | bash

Works with any local API server

Useful for browser and mobile clients

No reverse proxy setup required

How It Works

Simple local workflow, real HTTPS externally

Step 1

Run the API locally

Start your API on its existing port, such as 3001 or 8080.

Step 2

Expose that port with Bore

Bore gives the API a public HTTPS URL while the server keeps listening on localhost.

bore up 3001

Step 3

Point clients to the Bore URL

Use the HTTPS URL in frontend apps, mobile builds, external callbacks, or partner testing flows.

Step 4

Add a separate frontend hostname later if needed

If the frontend and API should use different origins, Bore can reserve a child host under the same namespace.

Where Bore Differs

Bore can keep HTTPS on reserved child hosts too

Most tunnel workflows stop at one public hostname. Bore can keep your main app on one HTTPS namespace and reserve a child host like `api.<namespace>.bore.dk` for a second local service.

bore host add <namespace> api
bore host set-port <namespace> api 3001

That matters when frontend and API origins need to stay separate in local development, or when webhook, auth, and admin traffic should not all share one hostname.

FAQ

Common questions

How do I add SSL to a local API?

The easiest option is usually to expose the local API through a service that terminates HTTPS for you. Bore does that while the API itself stays simple on localhost.

Can I use this with REST, GraphQL, or RPC servers?

Yes. Bore forwards HTTP and websocket traffic, so the local API technology is not the limiting factor.

Do I need to change my API framework code?

Usually no. In most setups you keep the local API server exactly as it is and let Bore handle the HTTPS endpoint.

Related Guides

More HTTPS development guides

View all guides

How to Open Localhost on HTTPS From Your Phone or Another Device

Test a local app or API on a phone, tablet, or another laptop over HTTPS without opening your whole machine to the internet or sharing raw LAN URLs.

How to Put a Local Website on HTTPS

Expose a local website over HTTPS without managing local certificates. Bore gives localhost a real HTTPS URL for browser testing, callbacks, and webhook flows.

How to Put a React App on HTTPS in Development

Expose a React development app over HTTPS for secure browser APIs, embedded flows, mobile testing, and auth callbacks without setting up local certificate chains.

How to Run Next.js Dev on HTTPS

Use Next.js locally with a real HTTPS URL for auth flows, secure cookies, preview links, and webhook callbacks. Bore exposes Next.js dev over HTTPS without local certificate setup.