mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#postman

0 posts0 participants0 posts today

Dites, vous connaissez une alternative à #Postman qui permette de mettre à jour automatiquement une collection quand le fichier #swagger est mis à jour ?

Pour l'instant je ne trouve que des choses où tu dois faire l'import manuellement à chaque fois.

Edit : s'il faut cliquer sur un bouton "Refresh" ça me va aussi, c'est juste que ça me fait chier de devoir supprimer la collection, et réimporter à chaque fois.

i’m tired of #postman, #apidog, and the likes.
those are over-engineered and expensive solutions to a simple problem.

haven't looked into solutions, but i want this to go back to the basics. some kind of file+CLI solution where i can easily define an API call and repeat/ manipulate it when needed.

one of our services is running a #hurl test suite after deployment, this might likely be the simplest and best replacement...

“The goal from starting out is to be able to create an API documentation suite from scratch. The minimal viable document, or the minimum the document must contain before it’s released, includes having all the calls covered, a description, even if only one sentence at this point, for every field and call, section overviews, call examples, and examples of each field. I suggest also creating a Postman collection file for each API suite. A Postman collection file is a complete set of all the requests and that each request may be run by clicking it; it’s a convenience to clients.

Being able to create that document indicates the writer’s proficiency in the mechanics of API documentation. There is a sense of accomplishment when achieving this and comfort with this process. And rightly so. They have the privilege now of calling themselves API documentation writers.”

robertdelwood.medium.com/start

Medium · Starting API Documentation Writers: Obstacles To Watch Out ForBy Robert Delwood

Has anyone out there configured #postman through #charlesProxy?

Trying to confirm that recent article about Postman transmitting Vault secrets in cleartext to its backend logging, but I must be doing something wrong in certificate configuration.

I already gave the Charles CA cert to Postman in .pem format. Postman requests are getting successful responses, but the proxy still can't decrypt.

In the past couple of days I’ve finally had some time to work again on nvim-http.

It’s a #Neovim #Python plugin compatible with comparable HTTP client plugins in VsCode and IntelliJ - or a little #Postman that runs in your favourite editor.

While I was away I didn’t notice that the repo in the meantime has ammassed almost 100 stars and it had a dozen of outstanding issues - sorry!

The latest release includes many improvements and features:

  • Fully migrated to the Neovim remote plugins API, now that Neovim has introduced breaking changes that make it incompatible with the old vim.async_run API.

  • Better handling of HTTP requests that don’t end with newlines or comment headers.

  • Added support for environent variables specified in .env files, either in the same directory as the .http file or in the current working directory of the editor. The plugin now also supports environment variables specified both in *.env.json files (VsCode compatibility) and .env files.

  • Added support for inline shell commands, either in the environment variable or in the HTTP request, delimited by $(...).

  • Added -h and -t options to the :Http command to display the output in a horizontal split or in a new tab (the default is a vertical split).

  • Added --no-redirects option to :Http to avoid following redirects.

  • Added -T/--timeout option.

https://github.com/blacklight/nvim-http

Replied in thread

@Sempf Postman is private equity owned. Came due to finally make money. So without warning they neutered the local app from most core functionality and pushed it to the cloud. Old versions were removed from their downloads.

Gets better. Their export config to the cloud dumps all saved collections and credentials you previously had to a clear text JSON. Yes, the collections you can no longer access.

Many organizations store their API documentation on Postman, so a full block of the domain is problematic.

Blocking the login and identity page is effective. But if you didn't get on this early, devs are definitely using it today and have prod creds in the cloud. I considered using legal for a data deletion request for our domain.

Then their sales people will start hounding the org using SSO tax (they know you're out of compliance with regulators or your insurance) and how "in production" it's being used as leverage.

Also block postman on your SEG--fuck them.

And then devs will then come for you with pitchforks. A friend even overheard some badmouthing of my mitigations at a local watering hole near my $dayjob.