WSDL Analyzer

About WSDL Analyzer

WSDL Analyzer is a free suite of browser-based tools for working with SOAP web services and XML. It started as a single job (parse a WSDL and show what a service actually exposes) and grew into a connected toolkit: analyze a contract, build a request from its schema, send it to a live endpoint, diff two versions, and format or convert the XML in between. No signup, no install, no paywall.

Who builds this

The tool is built and maintained by CJ, a developer who spent years integrating enterprise SOAP services and got tired of switching between a heavyweight IDE, a desktop SOAP client, and three different online formatters to do one integration. WSDL Analyzer is the tool that workflow needed: everything in one place, fast enough to use mid-debug.

How the WSDL parsing works

When you analyze a WSDL by URL or file, the document is sent to our backend and parsed with zeep, a mature, XML-schema-aware SOAP library for Python. Parsing server-side (rather than in your browser) means the tool can follow schema imports, resolve types, and read operation signatures the same way a real SOAP client would, which is what makes the request builder and health score possible. The XML tools (format, validate, compare, convert, parse) run entirely client-side using your browser's native XML parser.

What is and isn't stored

Your WSDL and XML content is never stored.Documents are parsed in memory and discarded as soon as the response is sent. We don't log document contents, save uploaded files, or retain SOAP requests on the server. The only thing we count is an anonymous tally of total analyses performed: a number, with no content attached. SOAP request history and saved environments live in your browser's localStorage only; they never reach our servers.

Security posture

  • SSRF protection:the analyzer and SOAP proxy block requests to private networks, localhost, and raw IP addresses, and allow only HTTP/HTTPS, so the tool can't be used to probe internal infrastructure.
  • Request limits:uploads are capped at 10 MB, SOAP bodies at 1 MB, and fetches time out at 15 seconds. Rate limiting applies per IP to keep the free proxy available for everyone.
  • Hardened headers: responses send strict security headers (HSTS, X-Frame-Options, nosniff) and the SOAP proxy strips dangerous request headers.

Free, and staying that way

Every tool here is free to use without an account. If it saves you time, the best thanks is sharing it with another developer or mentioning it when someone asks how to inspect a WSDL or test a SOAP service.

Questions or found a bug? contact@wsdl-analyzer.net· See what's changed on the changelog.