When I opened the Postman app yesterday, a popup prompted me that the scratchpad is deprecated. I could either sign up for their cloud platform or use the lightweight API client. I chose the latter to avoid the hassle. But my collection was gone as it was not supported in the lightweight API client. OK, I signed up, then found my collections were just nuked. It seems the downgrade to lightweight API client caused the non-revocable data loss. 😢
I wish the Postman PM could warn me the consequence in the popup dialog, and allow me to export my workspace for future import. No, the app happily purged the data without my consent. I decided to take this disaster as an opportunity for a fresh start.
The Postman supports variable scopes as documented
It works perfect fine for isolated environments, such as
integ, but lacks the flexibility for more complicated use case:
As the system grow bigger and more complicated, it is less likely to host
everything in the local development environment. Thanks to the
service-oriented architecture, we usually run a handful services locally
and outsource the remaining to
integ environment. It would
be convenient to link the
integ to override the service
endpoints we run locally.
Unfortunately, the concept of linked environment is not supported in
any API client. We can simulated the use case by copying, and modifying
ci environment to
dev-ci, and so on. But it just feels cumbersome.
The OAuth integration is not new, I just want to shout how cool it is! You can setup the username and password and authentication endpoint, then it just works. The access token will be injected as HTTP header or extra parameter for the succeeding API requests without meddling.
Scripting and Flow
I like the power of scripting. If there exists some dependencies for your API tests,
the test script can expose the intermediate result to
for later consume; the pre-test script can populate the API template from the
collectionVariable. This is pretty handy to work with context-aware API.
The Flow feature is also neat. You can pipe multiple API requests, response as the downstream’s input to orchestrate the API flow. I think this could help to automate the scaffolding, but overkill for ad-hoc API test.
If you read my previous post,
you know how paranoid when I deal with secrets. I poked around with
grep the secret, and could NOT find it. At least the secrets are NOT stored
in the clear text, great.
Postman also introduced the secret type to mask the value for eavesdropping, and suggested to use current value for secret to avoid accidental leak in sharing.