Oops, my Postman collection is gone

Oct 20, 2023

When I opened the Postman app yesterday, a popup prompted me that the scratchpad is deprecated. I could either sign up for their cloud platform or use the lightweight API client. I chose the latter to avoid the hassle. But my collection was gone as it was not supported in the lightweight API client. OK, I signed up, then found my collections were just nuked. It seems the downgrade to lightweight API client caused the non-revocable data loss. 😢

I wish the Postman PM could warn me the consequence in the popup dialog, and allow me to export my workspace for future import. No, the app happily purged the data without my consent. I decided to take this disaster as an opportunity for a fresh start.

Linked Environment

The Postman supports variable scopes as documented here. It works perfect fine for isolated environments, such as ci, integ, but lacks the flexibility for more complicated use case:

As the system grow bigger and more complicated, it is less likely to host everything in the local development environment. Thanks to the service-oriented architecture, we usually run a handful services locally and outsource the remaining to ci, or integ environment. It would be convenient to link the dev to ci or integ to override the service endpoints we run locally.

Unfortunately, the concept of linked environment is not supported in any API client. We can simulated the use case by copying, and modifying ci environment to dev-ci, and so on. But it just feels cumbersome.

OAuth integration

The OAuth integration is not new, I just want to shout how cool it is! You can setup the username and password and authentication endpoint, then it just works. The access token will be injected as HTTP header or extra parameter for the succeeding API requests without meddling.

Scripting and Flow

I like the power of scripting. If there exists some dependencies for your API tests, the test script can expose the intermediate result to collectionVariables for later consume; the pre-test script can populate the API template from the collectionVariable. This is pretty handy to work with context-aware API.

The Flow feature is also neat. You can pipe multiple API requests, response as the downstream’s input to orchestrate the API flow. I think this could help to automate the scaffolding, but overkill for ad-hoc API test.

Secrets

If you read my previous post, you know how paranoid when I deal with secrets. I poked around with Process Explorer, then grep the secret, and could NOT find it. At least the secrets are NOT stored in the clear text, great.

Postman also introduced the secret type to mask the value for eavesdropping, and suggested to use current value for secret to avoid accidental leak in sharing.