POSTMAN | The Blog Pros

July 28, 2022

API Security Weekly: Issue 172

This week, we have news of a vulnerability in Argo CD that allowed leaking application secrets, a survey of the state of API security across three regions, a quick read on how to use Postman and OWASP Zap for API security testing, and finally, views on how to distribute authorization services in a microservice architecture.

Vulnerability: Argo CD Path-Traversal Vulnerability Enables Leaking Data

This week’s major news has been the vulnerability discovered in Argo CD, a popular continuous delivery platform.

November 18, 2021

API Prototyping for Salesforce with Postman

Introduction

Whether you’re a longtime Salesforce developer, new to the platform, or just need to integrate your system of choice to Salesforce, Postman brings you all the tools you need to make the process easier, faster, and more streamlined.

In this article, we’ll show how Postman can help you start building the core of your API-driven integration on both sides of the API—either as the provider or the consumer.

September 17, 2021

Composite Requests in Salesforce Are a Great Idea

Of all the development eras I’ve witnessed in my 30+ years building apps and features, the RESTful API design pattern is my favorite. Prior to the RESTful approach, I always felt like something was missing when developing web applications.

My concerns were put to rest when I attended the Gartner Enterprise Architecture Summit in 2008. Most notably, a session called “SOAP v REST” was not only informative and funny, but it opened my eyes. I walked away with a desire to understand more about RESTful APIs and soon started experimenting with this new design pattern during my personal time.

June 11, 2021

API Security Weekly: Issue #137

This week, we take a look at the recent API vulnerabilities in VMware vCenter and Apache Pulsar, how GraphQL implementations may be vulnerable to cross-site request forgery (CSRF) attacks, an upcoming webinar on API Security and Postman, a DZone webinar with this newsletter’s author next week, and a video on how the API security vendor landscape looks like.

Vulnerability: VMware vCenter

A recently patched vulnerability in VMware vCenter is now being actively exploited.

June 4, 2021

Dev Tools to the Rescue – Part 2

In my previous article Dev Tools to the Rescue – Part 1, we looked at some of the best developer tools for software development, project management, continuous delivery/integrity, designing, testing, etc.

In this article, we’ll continue with tools that are helpful for purposes like monitoring, analysis, cloud development, security, etc.

May 27, 2021

Problem: Spreadsheets. Solution: Specifications

In Analysis

A business analyst and a developer may have different objectives and perspectives

Here’s an example of a conversation that you may have been part of sometime in your life as a developer.

Business Analyst: Our next user story involves creating an API (let’s call it “Customer API”).
Developer A: How novel! That’s what I did yesterday and the day before and the day before that.
Business Analyst: Great, should I let the clients know that it wouldn’t take as long to build it?
Developer A: Hold on. We haven’t even heard the requirements for Customer API.
Business Analyst: It’s just a couple of hundred fields that Customer API needs to send to another downstream API to perform the transaction.
Developer A: And how will we know the values for these fields that Customer API needs to send?
Business Analyst: I’ll take care of it. I have already spoken to the lead developer from the downstream API team, and he’s sent me a spreadsheet. It has all the fields and the values that need to be part of the request body. He’s also sent me a document with information on the headers and auth details required to call the downstream API.
Developer A: Is this downstream API available in a testing environment? A playground, maybe?
Business Analyst: They’re still working on building the downstream API, so they don’t have a working version yet.

In Development

Developer A gets to work. She pairs with Developer B, another application developer on her team, to finish the Customer API story. Business Analyst sends them an email with a spreadsheet containing the fields and a document that includes the API currently in development by the downstream API team. It seems like Developer A and Developer B have all the information required to start building the Customer API, so they come up with the following list of tasks:

March 29, 2021

APIs for All: With Postman’s Arlemi Turpault

While APIs make it simple to share data back and forth between applications, the process of managing APIs can be anything but simple. A developer working with hundreds of different APIs over the course of their work can get bogged down trying to test, implement, and manage it all, turning what is supposed to be something straightforward into another layer of complexity.

Building API integrations is complex, but Postman makes it easy to create an API service. With Postman, developers can simplify every step of building and managing APIs — from development and testing to collaboration and support — so that more people can design APIs with simplicity, usability, and consistency.

March 21, 2021

Spring Custom Validations

While building applications and services it is very important that we maintain data integrity especially if they are data-centric. It is crucial to have control over the data that the application interacts with to ensure it behaves as expected.

There are many times the data received may get corrupted before reaching the application or the user may provide wrong inputs. This will not create a problem if validations are applied as the application can return invalid requests and may ask the user to provide correct fields, but in the absence of validations, it is sure to cause problems in some instances, as it may process incorrect data and disrupt the flow.

February 25, 2021

Talking APIs and Description Languages with API Evangelist Kin Lane [Podcast]

The OpenAPI specification has emerged as the industry standard for describing RESTful APIs. This specification, which was formed around the open-source project known as Swagger, paved the way for developers to discover, build, and manage APIs using API schemas.

In this episode of cocktails, we are joined by one of the newly appointed co-chairmans of the OpenAPI Initiative Business Governance Board to discuss the OpenAPI specification itself, its competitive and collaborative nature with other existing formats, ways on how to address the challenges developers face when producing APIs, and what lies ahead for the future of the industry with APIs.

December 2, 2020

Get Access Token From Keycloak Using Postman

This post will help you to automate getting an access token from Keycloak and added into request param before each API request hits the server. Keycloak is an open-source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services. Read here to know more about Keycloak.

To Get Access Token Using Postman (For Testing)

Create New Collection in Postman

Click the new collection button in postman
Select the variable tab and add the below variables
- client_id: <Copy the client id from your realm setting in KC>
- client_secret: <Make sure you copy the right secrets for the client>
- scope: type ‘openid’
- token_endpoint: <http://KEYCLOAK-SERVER_URL/auth/realms/REPLACE_WITH_YOUR_REALM_NAME/protocol/openid-connect/token>
- access_token: <Leave it blank, this will be populated by pre-request script>
Go to the authorization tab
- Select Type = Bearer Token
- Token = {{access_token}}
Now go to the pre-request scripts tab and paste the following code

    JavaScript
   
xxxxxxxxxx

var client_id      = pm.collectionVariables.get("client_id");
var client_secret = pm.collectionVariables.get("client_secret");
var token_endpoint = pm.collectionVariables.get("token_endpoint");
var scope          = pm.collectionVariables.get("scope");
var details = {
   "grant_type" : "client_credentials",
   "scope" : scope
}
var formBody = [];
for (var property in details) {
 var encodedKey = encodeURIComponent(property);
 var encodedValue = encodeURIComponent(details[property]);
 formBody.push(encodedKey + "=" + encodedValue);
}
formBody = formBody.join("&");
pm.sendRequest({
   url: token_endpoint,
   method: 'POST',
   header: {
       'Content-Type': 'application/x-www-form-urlencoded',
       'Authorization' :'Basic ' + btoa(client_id+":"+client_secret)
         },
     body: formBody
},  function(err, response) {
 const jsonResponse = response.json();
 console.log(jsonResponse);
 pm.collectionVariables.set("access_token", jsonResponse.access_token);
 console.log(pm.collectionVariables.get("access_token"));
});

November 2, 2020

Mule 4 HTTP Connector — Listener Configuration Explained

In this article, we will set up an HTTP connector and will work with the listener configurations to build a simple HTTP service to return a static message as the response. The Anypoint studio version used will be version 7.6 and the mule run time version will be 4.3 for this demonstration and better to use the same version of Anypoint studio and mule run time if in case you are planning to try out to build the project.

Setting up a simple HTTP service:

October 14, 2020

API Tools for Every Phase of the API Lifecycle

When you set out to build your first API, it can very well be that you are either overwhelmed or forget essential points. The ecosystem for API tools is vast, and it’s vital to get the right tool for every phase of your project.

In this article, we will go through the different phases an API project usually has. For every phase, I will list the significant points and tools that help there.

August 3, 2020

Get More Transparency on Your Microservices API With OpenAPI

Every Friday, Platform.sh has a nice tech discussion about several discussions, such as Jakarta EE, Payara, Quarkus, and so on (To check the calendar you can click here). On Episode number 15 there was a great discussion about Open API and Postman. That's worth watching if you don't yet.

First, let's start with Open API definition, from the website it says:

July 10, 2020

FHIR Code in 10 Minutes

You have read tons of articles on FHIR and the tell-tale signs have appeared on hairs on the back of your neck. Your gut tells you to get your feet wet (you got to admit that is funny, gut talking to feet) and ease out that angst. You may be an Architect (hands-on or not) or hands-on Engineer or may be rusty on coding or even deep into it, you could be coming from any such background but FHIR is the beast that you are looking to wrestle. If this speaks to you then let's work together for 10 minutes and then you can go back to the world of FHIR with a renewed goal like Robert the Bruce from the famous spider legend.

This code is for FHIR Facade pattern meaning that we are not going for full FHIR Restful Server implementation and our objective here is to only retrieve data. We will use Spring Boot just because those Booties are so awesome and simple. We will also use our friendly HAPI FHIR library to create our java application.

March 10, 2020

Preaching the API Gospel: An Interview With the API Evangelist, Kin Lane of Postman

In this interview, I speak with Kin Lane, Chief Evangelist at Postman and (as he's perhaps better known) The API Evangelist.

Kin joined Postman in September 2019, but it's not the first time he's been an evangelist for specific APIs. Before getting heavily involved in promoting the business of APIs, Kin was an evangelist for two different businesses: a print API in New York and a business directory in Hollywood. But, it just didn't feel right, so he began his API Evangelist journey in 2010, which would see him spend the next decade (and counting) eating, sleeping, and breathing the technology, business, and politics of APIs.

May 8, 2019

Continuous Integration and Testing Using Postman With Jenkins

Continuous integration and testing are the key terms to integrate all the phases of the development lifecycle and deliver working product/software to a client at the earliest possible time using tools like Jenkins. Here, you will get to know about performing continuous REST API testing using Postman with Jenkins tools.

Postman is a tool used to develop, test, share, monitor the performance of an automated test and document API’s. Follow the below steps to integrate Postman with Jenkins for continuous integration and testing.

March 20, 2019

Push Notifications in PWA (React.js) Using Firebase

Many sites send notifications to their users through the browser for various events occurring within the web app. We can easily do this using Cloud Messaging, which allows us to send messages to any device using HTTP requests with Firebase.

Here are the basic steps required for pushing the notifications to a web app using Firebase.

January 24, 2019

Mule 4 LDAP Operations

Lightweight Directory Access Protocol (LDAP) is a client/server protocol used to access and manage directory information. It reads and edits directories over IP networks and runs directly over TCP/IP using simple string formats for data transfer. It was originally developed as a front end to X.500 Directory Access Protocol. Lightweight Directory Access Protocol is also known as RFC 1777.

The LDAP Connector will allow to connect to any LDAP server and perform every LDAP operation. We have implemented a few basic operations in Mule 4.