What the sh*t is this kind of response?! One of my corporate department's internal API returns THIS.

LOOK AT IT. LOOK. "NULL". What are those malformed closing / ending brackets?!

(request headers have accept: application/json btw)

And, as a final "f*uck you", the "IPG_API_JOBD_NC_RESP_P_COLL" is returned as JSON object if response has one element to return, but will be JSON ARRAY if result has more than one element.

Good luck, you there with strongly typed languages..... Boils my blood 😅

I love to develop for the web, i find JavaScript a nice language and I love the unmatched flexibility of the web platform but i hate when I have to work with the unstable or badly documented APIs which seems to be the norm in the enterprise world: wasting hours in forced breaks because suddenly the API returns nothing but 503 or the VPN suddenly dies, wasting lot of time to find the documentation you need in the slow and cumbersome enterprise API manager, making lots of tests with cURL/Paw/Postman/wethever trying to find out why a request which should work just doesn't... in these moments I envy desktop and mobile devs. The worst part of it is which microservices made everything worse since nowadays there are way more "moving parts" which can break making the API you need unavailable and unlike with monoliths often it's hard to just clone a back-end, populate a database and then work fully locals since now everything depends on a lots of things which are hard/almost impossible to replicate on your laptop.

Hello there. I'm a junior frontend developer, and I'm starting to think that IT is not for me.

Okay, first things first. This story/rant might be a bit longer than I previously thought, but whatever... :p

I started working in frontend about a year ago.

Now the problem is, that I'm absolutely rubbish with coding, and I'm starting to think that it might have something to do with my personality. While I loved (and still do) doing HTML and CSS, and maybe some JS as well, when it comes to working with frameworks, build tools, TypeScript, and all this *****, I just want to stand up and carefully smash the keyboard through the display. I can't stand the constant cryptic error messages and gazillions of config files, and don't even get me started with TypeScript. This is not how I imagined what programming is like - I know it's my fault, I was a bit naive. I still love making simpler things in HTML/CSS/JS and playing around with Linux, but I lost my will to do any of these even in my spare time. I don't have the patience to feel incompetent all the time with the promise that in a few years, doing this rubbish 8 hours a day, I will get better at it. Some colleagues even talked about it being like Lego and getting into the "flow": yeah... not in my case. There's nothing creative in this, it all feels like a factory line where I have to do the line work but also configure the machines as well...

The funny thing is, I made about the same amount of money working in less prestigious jobs. Sure I didn't like any of them, they were tiring and boring as hell, but at least they were not stressful and frustrating. I'm seriously considering moving to Western Europe and working as a bicycle delivery guy in the Alps, a postman, a waiter, or literally anything else that has something to do with the real world, and leave programming to the actual software engineers (who I deeply respect by the way).

I'll probably add more to this, but I need to go now and meditate a bit. :D

Fucking garbage piece of shit microsoft httpclient

identical request works in node!

identical request works in postman!

but noooooooo httpclient, you have to add the content length on the content itself, can't add authorization header except through special way, serialization is wrong bunch of shit pile of shit no working shit

Postman is the only app I like in light mode.

I hate Postman tests.
There has to be a better way of testing a set of apis working together than this clunky unreliable pile of shite

OK I need some help. I need to make sure I’m not losing my mind.

We are using an ERP which is hosted by another company. We are supposed to be able to access the data via a REST API. This works fine using Insomnia or Postman, but when I attempt to hit the API from my web application, CORS blocks the localhost origin.

I contacted the company’s technical team to request that they change the CORS configuration to allow localhost. They keep running me around in circles telling me that I don’t know what I’m talking about because localhost isn’t a DNS resolvable name and I’m doing something wrong and they don’t need to change any configuration.

They insist that if anything would need white listed, it would be my IP, not localhost.

I sent them screenshots and stack overflow posts and documentation links, showing them exactly what headers need to be set and where the configuration needs to be set in the ERP. They tell me I don’t know what I’m talking about.

They tell me that if I can hit the API from Postman, I can hit it from my browser.

Am I losing my mind? Have I fundamentally misunderstood CORS all these years? I’m sure I’m right. But I’m starting to feel like I’m crazy.

Postman freaking sucks now. It's bloated and can't easily do what's it's supposed to do without hassle. You have to login first, then it will inexplicably lose all your previous API requests.
I guess the company has forgotten who their base customers are.

I have the following scenario with a proposed solution, can anyone please confirm it is a secure choice:
- We have critical API keys that we do not want to ship with the app because de-compiling will give access to those keys, and the request is done before the user logs in, we are dealing with guests

Solution:
- Add a Lambda function which accepts requests from the app and returns the API keys
- Lambda will accept the following:
1. Android app signing key sha1
2. iOS signing certificate sha1
- If lambda was able to validate them API keys are sent back.

My concerns:
- Can an attacker read the request from the original (non-tampered) apk and see what the actual sha1 value is on his local network?
- If the answer to the question above is yes, what is the recommended way to validate that the request received is actually from the app that we shipped and not from curl/postman/script/modified version of the app

working postman request with SSL , pfx cert against microservice

go to do the same thing against different microservice , SSL error , review config, looks like im supplying same certs, etc

FML

HELP!!!, My ubuntu system exhaust all of it's ram, my system lags too much, I was currently running firefox, vim, postman, react server and node server.

postman to manually check api endpoint works

try again later, doing what you think was the exact same shit, which you've documented, reread your document get 404

fuck csrf

use debugger

find out its returning a 404 when the code i added fails, welp