Postman is a powerful HTTP client for testing web services. Created by Abhinav Asthana, a programmer and designer based in Bangalore, India, Postman makes it easy to test, develop and document APIs by allowing users to quickly put together both simple and complex HTTP requests. Postman is available as both a Google Chrome Packaged App and a Google Chrome in-browser app. The packaged app version includes advanced features such as OAuth 2.0 support and bulk uploading/importing that are not available in the in-browser version. The in-browser version includes a few features, such as session cookies support, that are not yet available in the packaged app version. At publication time, the Postman REST Client is one of the highest-rated productivity apps in the Chrome Web Store, with more than 348,000 unique users (for both versions), and more than 63,000 collections shared via Postman (more on that later). This post is an in-depth review of the Postman Google Chrome Packaged App highlighting the key features that make Postman a must-have tool for API developers and consumers at all levels of experience.
In our review of the Postman Google Chrome Packaged App, we found that Postman has a very clean and intuitive user interface, with most key features accessible within one click. The learning curve for using the program is very low; most users should be able to start building and testing API calls very quickly. One big reason for Postman’s ease of use is its automation capabilities: It helps to automate the process of making API requests and testing API responses, allowing developers to establish a very efficient workflow.
History / Auto complete
All API calls sent using the Postman app are stored in history (the calls are displayed in the left sidebar), allowing them to be easily loaded into the response viewer at a later time. Prior API calls can be loaded into the response viewer by simply clicking the API call in the history list. Auto-complete suggestions are conveniently displayed in drop-down menus in many places throughout the app, including URL input fields, header fields and header presets. These features save developers time by eliminating the need to retype entire API calls or other pertinent API information.
Postman allows API calls to be organized into groups that can be saved as “collections.” Folders can be added to collections allowing API calls to be further organized into sub-collections. Collections and folders are especially useful when consuming many APIs and regularly testing a large number of API calls. Collections make it possible for developers to find and reuse specific API requests quickly.
The response viewer is one of the most important features of the Postman app. API responses are separated in the viewer, with body and headers located in tabs. The status and time codes are displayed adjacent to the tabs. There are three display formats for viewing the body of responses: Pretty, Raw and Preview. The response viewer also displays the results of API tests that are added from the test editor and runner. The response viewer includes buttons for toggle size, toggle wrapping, save sample response and copy. Toggle size is especially helpful for users with smaller screen resolutions (such as 1,024 x 768) because it allows the response viewer to be displayed in full-screen format. When users mouse over the headers and status codes, they display popup tool tips with additional information.
Test editor and runner
The Collection Runner, also part of the Jetpacks Upgrade, allows collections of API requests to be run an unlimited number of times, and provides an aggregate summary for each collection that was run. The results are stored so that they can be compared and an overall view of how an API is working can be established. The collection runner displays the parameters that were set for each collection run; users can also display a more detailed view of all the test iterations. There are several ways to view the test results of collections run, which helps developers to quickly discover problems with an API and easily get an overall view of the entire state of an API.
Environments allow API calls to have different setups, such as local machine, development server or production server. Environments also allow sensitive data like API keys and passwords to be separated from collections. Such data can be stored in the local environment and represented as variables. When sharing collections, variables are included in the API calls instead of the API keys. All data inside Postman is stored in a local database so nothing is shared without the explicit permission/intent of the user. This model helps ensure that users have complete control of their data, and that passwords, API keys and other sensitive API data are secure.
Authentication support / OAuth 2.0 support
When it comes to using and testing APIs, strong authentication support is key. We were, therefore, pleased to see that Postman supports OAuth 2.0. Although OAuth 1.0a is still being supported by many API providers, some are deprecating OAuth 1.0a in favor of OAuth 2.0. Postman includes support for Basic Auth, Digest Auth, OAuth 1.0a and OAuth 2.0.
Document and share API calls
Postman allows for documentation of API calls when they are added to collections. Collections of API calls can be added/imported using the import function (from disk or URL), or by downloading collections from the fairly new Postman API directory. Users can also share collections with others by saving their collections as download links on getpostman.com or as JSON files. For example in a recent Box blog post, Box created and provided links to two collections of API calls: one collection for the Box Content API and the other for the Box View API. By providing these collections of APIs, Box has made it much easier for developers to get started on and become familiar with the available features of its APIs.
Postman Wish List
The Postman REST Client has many other useful functions and features, including keyboard shortcuts, header presets, keyword filter for history and collections, bulk upload/import, and the ability to save API responses to disk. Postman also includes many features designed to dramatically reduce the time needed to test and develop APIs. With all of that said, I’d like to see future versions of Postman include a built-in validator for JSON and perhaps also for XML. Sometimes API responses are returned with badly formatted XML or invalid JSON, which can cause parsing issues. The ability for Postman to automatically validate API responses or provide an option to validate JSON / XML responses from within the app would be helpful. (It should be noted that the Postman test editor and runner does include the Tiny Validator library, which can be used to validate JSON Schema and make sure that the data structure is correct.) It would also be nice if Postman could save files and settings (similar to functions in Google Chrome sync) across devices. Collections can currently be saved to getpostman.com. However, we’d also like to see the ability for Postman collections to be shared using file storage services such as SmartFile, Box or DropBox. The Wappwolf API may also be an option for implementing collection sharing via file storage and sharing services in the Postman app. Finally, it would be nice to be able to reorder collections in the same way that API calls can be reordered, via drag and drop. Currently, API calls listed in the left sidebar can be reordered via drag and drop, but collections cannot. By default, collections are listed in the left sidebar in alphabetical ordert. Conclusion Postman REST Client is a real time saver, making it easier for developers to test and work with APIs. Indeed, Postman is a must-have tool for developers that regularly work with APIs–from developers just beginning to consume APIs for their web and mobile development projects to experienced developers who design, test and release APIs for public consumption. For more information and to download the Postman REST Client, visit GetPostman.com. By Janet Wagner. Janet is a data journalist and full Stack Developer based in Toledo, Ohio. Her focus revolves around APIs, open data, data visualization, and data-driven journalism. Follow her onTwitter, Google+, and LinkedIn.