Postman — The indispensable Web Service tool

Over the past year I’ve spent time learning about and building Web Services and a tool I consistently keep coming back to is Postman. It’s such a useful tool for testing web services of varying complexities. From simple calls with no authentication to somewhat complex ones with dynamic signature generation.

Here’s the list of the top Postman features that I like:

  • Collections. The ability to save groups (collections) of requests. For example, I have collections for GitHub, Ecobee,, Google and others. All my saved requests for each are stored in their respective collection. These collections can also be shared with others. They also support Markdown in their descriptions so you can embed quite a bit of documentation with your collections making them even more complete for sharing.
Postman Collections
  • Pre-request scripts. This allows you to add code which can, for example, calculate an HMAC signature before the request is sent to the server. Any code that needs to perform any type of computation in order to populate a header or query parameter prior to the call executing can be done with pre-request scripts.
  • Environment variables. For times when you’re working on a web service that’s identical from one environment or instance to another with the only difference being a host name or query parameter or header or all the above, that’s where environment variables help. Instead of hardcoding these variables and cluttering your collections with all the endpoints for all your environments, simply use a variable in place of the string that’s changeable, for example {{accessToken}} or {{hostPath}}. In the Environments Manager create an environment and define the value of accessToken or hostPath. Now whenever you select that environment prior to making a request, Postman will evaluate the variable defined in the named Environment and pass that into the request. Learn more about variables here.
  • Oauth2 and AWS Sig4 authentication. For most modern secure web services you typically have to authenticate yourself with an Oauth2 token for every request you make to a service endpoint. This is typically 1–2 calls before you make the final service endpoint call. Many tokens have a TTL set so once they expire you have to repeat the process which is really tedious and time consuming. Postman allows to specify the Oauth parameters needed so that it can make these authentication requests on your behalf and populate the Authorization Header so that you can focus on making the service endpoint calls. This particular feature is a real time saver. In cases where the authentication process has custom complexity added by the vendor that aren’t supported by the built-in Postman Oauth configuration, simply use a Pre-request script like I mentioned above, either way Postman should have you covered. The AWS Sig v4 signature is also supported natively if you make calls to the AWS APIs.
Postman OAuth 2.o configuration screen

Postman began as a Chrome extension but earlier this year they released a native client for Mac for added versatility. It’s by all means a pretty active product as feature updates and bug fixes are released fairly often. If you’re doing any type of web service development or simply call a lot of web services as part of your job, give Postman a try; it should make your workflow more efficient.

Show your support

Clapping shows how much you appreciated Alan Williams’s story.