How do I share an HTTP capture with a teammate without leaking secrets?

Capture the traffic locally, redact the sensitive headers, cookies, tokens, and fields, then share a sanitized browser link. Rockxy Workspace runs the capture and redaction step on your Mac before anything is uploaded, so secrets never leave your machine in raw form.

Does Rockxy Workspace replace local capture?

No. Rockxy still captures and inspects traffic locally first. Workspace is an optional layer for sharing a sanitized capture when someone else needs to review it. The proxy, TLS interception, and first review stay on the Mac.

Who can open a shared Rockxy capture?

Every shared capture has an explicit scope: a public link anyone with the URL can open, a team-only link limited to workspace members, or a selected-users link shared with specific email addresses. The scope is shown before you share.

How much does Rockxy Workspace cost?

Rockxy Workspace is the Team tier: $9 per seat per month, billed yearly, with a 3-seat minimum, starting at $324 per year. Each seat includes Pro plus centralized workspace, member, seat, and device management.

← Back to Blog

Share a Debugging Session With Your Team Without Leaking Secrets

June 14, 2026 · 7 min read

Rockxy Workspace sharing a sanitized capture as a scoped browser link — A sanitized capture shared from Rockxy, opened in the Workspace browser viewer.

Rockxy Workspace turns a local macOS capture into a sanitized browser link you can hand to a teammate — with an explicit access scope and a redaction step that runs on your Mac before anything is uploaded. It is the Team tier of Rockxy, available now at $9 per seat per month. Here is the problem it solves and exactly how the flow works.

The way teams share captures today is broken

You hit a bug that only shows up in the network layer. A 401 that should be a 200. A response body that drifts from the contract. A WebSocket frame that arrives out of order. You open your proxy, reproduce it, and now you need a second pair of eyes.

So you reach for one of the usual options, and every one of them is bad:

Copy as cURL and paste into Slack. The command carries the live Authorization header, session cookies, and any bearer token, straight into a channel that gets indexed, backed up, and read by everyone.
Screenshot the inspector. The reviewer sees pixels, not data. They cannot expand a nested JSON body, check a header you cropped out, or read the timing waterfall. Half the time you screenshot the secret too.
Export a .har file and send it over. A HAR is a plaintext archive of every request, header, cookie, and token in the session. Most people forget it contains credentials until one shows up in a ticket attachment.
Schedule a screen share. Now two people are blocked instead of one, and the moment the call ends the context is gone.

The shared problem is that the unit you are passing around is raw. Either it leaks secrets or it loses the detail that made it worth sharing. There is no middle option that is both safe and inspectable.

What “local-first sharing” actually means

Rockxy is a local-first tool. The proxy, TLS interception, filtering, and your first look at the traffic all run on your Mac. Workspace does not change that. It adds one deliberate step at the end: take a capture you already reviewed, sanitize it, and turn it into a link.

The order matters. You inspect and redact before the capture leaves the machine, not after it lands on a server. The thing that gets uploaded is the sanitized version — the raw traffic with live credentials never goes anywhere. That is the whole point of doing the review locally first.

And it stays optional. If you are debugging alone, you never touch Workspace. The core proxy workflow is the same open-source, local tool it has always been. Workspace is the collaboration layer you reach for only when another person needs to see what you saw.

The flow: capture, redact, hand off to the browser

Concretely, sharing a session looks like this:

Capture locally. Reproduce the bug in Rockxy on your Mac the way you already do — HTTP, HTTPS, WebSocket, GraphQL-over-HTTP.
Review and redact. Before sharing, the sensitive parts — Authorization headers, cookies, tokens, and any fields you select — are reviewed and masked. You see exactly what is being hidden.
Pick a scope. Decide who can open the link before you create it: public, team-only, or selected users.
Share the link. Your teammate opens it in a browser — no install, no account juggling for a one-off review.

What they get is not a screenshot. The browser viewer keeps the debugging context together: the request list, the selected request, headers, body, timing, and the redaction status. They can read the actual response, leave a note, and hand it back — one link instead of a screenshot, a HAR file, or a call.

Three scopes, decided before you share

Every shared capture states who can open it, and the access decision is visible up front instead of buried in a settings panel:

Public link — for bug reports. Anyone with the link can inspect the sanitized capture. Good for an open-source issue or a vendor ticket.
Team only — for internal APIs. Only members of your Rockxy Workspace can open it.
Selected users — for narrow review. Invite one teammate or an outside contractor by email without opening the whole workspace to them.

The useful part is the absence of guessing. Fewer side channels, fewer raw files floating around, and no “wait, who can actually see this?” after the fact.

Roles, so a workspace doesn’t turn into a free-for-all

A shared workspace needs a small amount of structure. Rockxy keeps it to four roles:

Owner — creates the workspace, manages billing, and archives shared captures.
Admin — invites teammates and sets retention or default access rules.
Member — uploads sanitized captures and reviews links from the team.
Guest — opens only the captures explicitly shared with their email.

That maps cleanly onto how teams actually work: one person owns billing, a couple of people administer access, everyone else shares and reviews, and outside collaborators see only what you handed them.

Where the privacy boundary sits

It is worth being precise about the promise, because the narrow version is the honest one:

Local-first capture. Traffic interception and the initial inspection stay in the native macOS app.
Redaction before upload. Sensitive headers, cookies, tokens, and fields are reviewed before a capture is shared.
Visible access scope. Every capture states public, team-only, private, or selected-user access.
Activity trail. Shared captures can show who created, viewed, updated, or archived them.

Rockxy does not imply enterprise certifications or customer logos it does not have. The promise is narrower and more useful: local capture, local review, deliberate sharing. If you want the deeper version of how Rockxy handles TLS without weakening it, the write-up on how Rockxy intercepts HTTPS without compromising security covers the local side.

What it costs and how to start

Workspace is the Team tier, and it is the one part of Rockxy that is a subscription rather than a one-time license:

$9 per seat per month, billed yearly.
3-seat minimum — so a team starts at $324 per year.
Every seat includes Rockxy Pro, plus workspace creation and Admin/Member roles, central license/seat/device visibility, shared rules, Protobuf mappings, and scripts, and priority support with a 2 business day target.

Individual developers do not need any of this. Pro stays a perpetual, one-time license — buy it once and keep it. You only move to a subscription when your team needs centralized management. The full breakdown lives on the pricing page.

To set it up: choose your seat count, complete checkout through Lemon Squeezy with yearly billing, then invite members and manage seats and devices from one place. Add seats later and billing is prorated for the rest of the period.

FAQ

Does Workspace replace local capture?
No. Rockxy still captures and inspects traffic locally first. Workspace is for sharing sanitized evidence when someone else needs to review it.

What actually gets uploaded?
Only the capture you choose to share, in its sanitized form. The review step makes redacted headers, cookies, tokens, and selected fields visible before upload.

Can Workspace stay optional?
Yes. The core proxy workflow stays local-first. Workspace is an opt-in collaboration layer for teams.

How is this different from sending a HAR file?
A HAR is a plaintext archive of the whole session, secrets included, with no access control. A Workspace link is a sanitized capture with an explicit scope and an activity trail.

If you are still choosing a proxy in the first place, the Charles vs Proxyman vs Rockxy comparison covers the local debugging side, and the Workspace page walks through the sharing model in more detail.

Debug together, without giving up local-first control

Capture on the Mac, redact secrets before upload, and share a scoped browser link. Rockxy Workspace is the Team tier — $9 per seat per month, 3-seat minimum.

See Team pricing How Workspace works

Local-first capture · Redaction before upload · Public / team-only / selected-user scopes

Download Rockxy → Changelog → More guides →