A friend needed to test an API so, I told him to download Postman to start testing POST request and he ask if he needed to download Getman for testing the GET ones 🤣

Shared screen with a client over Skype. Showed them in Postman that their API wasn't working as expected. It was expecting a json. Instead it was giving error code 400 instead of 200.
Message :
"Error: No error. All OK"

I'll never forget the words of the client:

"Don't use all this fancy software, you don't know how to call APIs, open Internet Explorer or chrome and paste it in the bar. You'll see All OK, means all is okay."

*insert you dense mf meme here*

Postman: We will stop supporting our Chrome app. Please download our "Native" app for better performance.

No motherfuckers.. Go die, alone, while your fucking family watch you bleed to death helplessly.

Electron is not native, don't mix true native development with lazy ass electron. Fuck you. A native postman would've been around 15MB in size but your "native" installer is 68MB so shut the fuck up and don't call it native or I will stick my native dick in your fucking throats.

I develop native apps So yeah, I'm pissed when web devs are starting to call electron and JS as native desktop apps... They are not... Now fuck off you smelly cunts.

Postman anyone? It's the shit.

First rant here. Long, but please bear with me:

So after slogging my ass off in various early stage startups for over 4 years and keeping up with the almost non-existent development process, I joined an organisation which has some of the brightest and smartest minds I have had the pleasure to work with.

Mind you, this company is the market leader in it's field and has a 50+ people in it's tech team and the quality of work is pretty impressive.

Now for this week's sprint, I was asked to develop a feature which already exists on the Android app and they want to introduce in the iOS app too. The backend APIs are all in place and all I need to do is build it with virtually no dependency. My PM asks me to start with the UI and ask the backend dev for the API list whenever I need them.This is where the story turns.

For my first API, I go to the backend dev and ask him to share the API documentation and he looks at me as if I have asked him to dance the fucking cha cha. With a straight face he tells me that, 'The organisation doesn't maintain any kind of documentation for it's APIs.' Now this really shocks me. Even in a 5 men tech teams I have worked on, we have always maintained a spec doc for the APIs and this is a company which is known for it's tech practices.

Being the new guy I compose myself and ask if they have anything for me here: Postman collection, a workflowy doc, a goddamn txt file; anything which might help me, and he laughs at my dilusion and says no.

Dejected, I ask for a way to get the APIs and I am told that there are only two ways: either I keep bothering the Android dev for the APIs(No, I don't have the access to the android repo and nor am I gonna get it) which he had worked on 4 months back or I install the prod app on my phone, and use Charles to get every fucking API which is really, really annoying.

I thought writing out this rant would make me feel better, turns out it just made me angrier. Why the fuck can't they document such an important thing!?

> 3 hour long mandatory online cybersecurity training
> Preaches that the company is very secure and the only risk of being “hacked” is if employees post company data on social media
> oksure.tar.gz
> Bored out of my mine
> Open dev console
> JSON continually getting sent to backend
> Simple structure and human readable fields including {complete: false}
> Open postman
> {complete: true}
> Send
> 200 response
> Refresh page
> Course complete
> :’ )

Muppets.

.. when you're exhausted with trying to get your code to work.

Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

Dev gets hold of me, says my service is down in QA. Works if he hits it locally, works via Postman, but via the QA app server it gives a 401.

I’m like, look, if it works everywhere else, there’s something wrong on your side in QA.

He insists, no, I must help him, and begins CCing all the managers telling them this system has been down for days.

So I eventually climb into his system, check the credentials they’re using in the QA environment, and sure enough, the password is wrong.

God bless Postman.

Dear software companies,

As much as I appreciate all the dark themes being used lately either as default, or added as options (Youtube, Discord, Postman, Windows Explorer, etc)... you guys still suck at theming.

A #000 background with #fff font is almost as bad as the reverse. Too much contrast! Then there are some apps which use grayish tones, others brown/orange stuff... pretty ugly if you use it all next to each other.

So how about just adding good theming support? Or even better: what about a global theming standard, a styling preference, a system wide json file which defines UI elements for all apps?

I received my Driver's licence today. Yayy!! (I had been waiting for it for quite some time,worried if it will ever reach me)
Then I casually asked the postman. If there was any other package for me, because I am expecting a little blue package sent from US.
And he said he'll go back and check.

A few minutes later the door bell rang again 😍🤩
Here they are 😋.

I hope,even the devrant stickers reach me soon 😣.

Postman Makes API Development Simple.

Spend 5 hours debugging why my curl request in PHP was giving 302 status code, and why my postman was giving 200 for the same request.
Then after crying a lot, I realized the URL was wrong in PHP.
*I totally want to smack my head on the wall*

PM: hows the android app going?
Android Dev: gradle downloading... blocked by network admin.

PM: anyway how is the iOS app going?
iOS Dev: cocoapods downloading... blocked by network admin.

PM: ... i guess the only thing running now is the web admin right?
Laravel/VueJS Dev: composer nodejs/npm/yarn downloading... blocked by network admin.

PM: team lets retest the api endponts
Team: Postman downloading... blocked by network admin.
Team: -_- Insomnia REST Client downloading... blocked by network admin.

PM: code study?
Team: even visual studio code/android studio/xcode is blocked. :(

.... sad dev life

anyone here with the same problem?

Insomnia: yeah, nice cors header
Postman: neat cors header mate

Fetch in browser: where the FUCK is the cors header you retard

There was maybe one of the coolest methods of apply for a job. There was a company in Sydney on linkedin on the apply href for the job was pointing to localhost (might of been a accident) so you had to find their website and with the trailing url get to the page then they said to send OPTIONS request to a endpoint here you got a link to a api doc to where you send a POST to apply for a job they had a example body to use. So sending the Post request with with postman required headers so looking more into the doc it gave the headers needed. Now the example body for the post had some errors in it and once they are fixed you can then submit the request.

NOW thats the way to find competent developers shame I'm not one of the.

FOR FUCK SAKE APPLE! HOW THE HELL ARE YOU STILL IN THIS WORLD!

Was creating a signed file of the app to upload to their store and while XCode (that bitch!) was working on it, Slack, and Postman crashed!
Do I need to say why or you already knew it is because XCode ate all the RAM -.-

Tried signing up for Postman with Google.

In january 2023 i was contacted by a recruiter offering me a job position.

I DID NOT ASK FOR A JOB.

I WAS NOT LOOKING FOR A JOB.

THEY contacted ME.

Ok. So i went along with it and see how it goes. They probably wont hire me nor would i give a shit. Chatted with this recruiter for a while. She forgets to answer my message for 5 fucking days. Twice. Once because she was doing God knows what and the second time because she was on paid vacation. Fine i don't give a shit about you at all anyways.

So this recruiter chatting has been stretched out for several days. I think over a WEEK. So she forwarded me to their lead developer.

I applied to work as a full stack java spring boot backend + angular frontend engineer.

So:
- java backend
- angular frontend
- full stack
- shitload of devops
- shitload of projects i built
- worked with clients
- have CS degree, graduated
- worked a job at their rival company

What could go fucking wrong with all of these stats right?

During technical + hr interview (3 of us on google meets) they asked me what salary I'd be comfortable with.

I said $1500/month straight out.

keep in mind:
- In my country $500 or $600 is a salary for engineers per month
- You get a raise of +$150 which is around $750 after working for 1+ year
- You can earn $1000+ after you work for +2 years
- Rent here is $200-300 a month at minimun. And because of inflation its just getting worse especially with food. So this salary is not for living but for survival.

Their lead engineer gave me a WHOLE ASS FUCKING PROJECT TO BUILD and i had to code it within 10 days. Great so at least 17+ days of my fucking life to waste on these fucktards who contacted ME.

The project was about building a web app coffee shop literally what mcdonalds has when you order via those tablets. I had to build this in java spring boot and angular. I had to integrate:
- docker, devops
- barmen, baristas, orders
- people can order at the table or to go
- each barista can take 5 orders at a time
- each coffee has different types of fields and brewing time
- each barman brews each coffee different period of time
- barista cant take more than 5 orders for to go until barman finishes the previous order
- barista can take more than 5 orders but if those orders were ordered from table, and they have to be put in queue
- had to build CRUD admin functionality coffee's
- had to export them all of the postman routes
- had to design a scalable database infrastructure for all of this alone
- shitload of stuff more

And guess what. After 10 painful days I BUILT THE WHOLE THING MYSELF AND I BUILT EVERYTHING THEY ASKED FOR. IT WAS WORKING.

Submitted it. They told me they'll contact me within 7 days to schedule the final Technical interview after they review what i built. Great so another 17+7 days of my fucking time wasted.

OH and they also told me to send them THE WHOLE GITHUB REPOSITORY AND TRANSFER OWNERSHIP TO THEIR COMPANY'S OWNERSHIP. once you do this you cant have your repository back. WTF? WHY CANT YOU JUST REVIEW THE CODE FROM MY PUBLIC REPOSITORY? That was so weird but what can i fucking do argue with these dickheads?

After a week of them not answering i contacted them via email. They forgot and apologized. Smh. Then they scheduled an interview within 3 days. Great more of my time wasted.

During interview i was on a google meets with their lead engineer, 1 backend java spring boot engineer and 1 angular frontend developer. They were milking me dry for 1 whole fucking hour.

They only pointed out the flaws in what i built, which are miniscule and have not once congratulated me on the rest of the good parts. I explained them i had to rush those parts so the code may not be perfect. I had other shit to do in my life and not work for your shitty project for $0/hour for 10 days you fucking dickriders.

So they quickly ran over to theory. They asked me where is jwt token stored. Who generates it. How the backend knows to authenticate user by it. I explained.

What are solid principles. I said i cant explain what is it but i understand how it works, why its needed and how to implement it (they can clearly see in the project i just build that i applied SOLID principles everywhere) - but i do admit i dont know the theory behind it 100% clearly.

Then they asked me about observables and promises in angular. I explained them how they work and how subscribe method is used (as they can clearly see that i used it in the code). Then they asked me to explain them under the hood of how observables work. The fuck? I dont know and dont care? But i can learn it as i work there?

Etc

Final result: after dragging this for 1 fucking month for miserable $1500/month they told me: we can either hire you now but for a much lower salary which you probably wont be happy with, or you can study more these things we discussed "and know why the car leaks oil" and reapply back to us in 2-3 months!

So I opened crunchbase newsletter like always to see what interesting is happening in IT.

Looks like app that allow people to send REST calls got investment of 50M.

The moment when you realize that simple UX and sending REST calls using desktop app can make you millions of dollars.

And I am tired again.

Dev : dude, life is tough. There are so many fucking languages and updates we need to cope up with..
Me : somebody please teach me "postman" , it fucking has its own world. 😭😭

Postman needs to learn it's god damned place.

No, I will never sign up for an account you god damn crappy wrapper for curl written in electron. Stop giving me banner ads. Fuck SO FAR off.

fucking piece of garbage postman!

WHY THE HELL do you auto-update yourself when i explicitly DISABLED updates?

why the hell is it just a "minor" update to switch to a version that FORCES you to have an account, even if all you do is use offline features?

and why is there no option to disable syncing your data to their server, even if it's not needed at all? YALL EVER HEARD OF A THING CALLED PRIVACY?

and why the fucking fuck of all fucked fucks DO YOU DELETE MY PREVIOUS OFFLINE DATA SO I CAN'T EVEN CONTINUE WORKING BY INSTALLING AN OLDER VERSION?!?

some dumb-piece-of-garbage-waste-of-oxygen managers decision to screw their userbase cost me several HOURS(!) of work already and probably will cost some more due to the lost collections.

Me:
*spins up Vscode*
*spins up postman*
*opens terminal, spins up docker*
*spins up frontend dev server*
*spins up backend dev server*
*opens new chrome window with not less than 20 tabs*

My 4year old 8gb RAM Core-i3 PC (barely fighting for her life):

Postman is a bloated piece of garbage

So I was talking to the support engineer at PayTM regarding their integration in my app. Idiots!

Many users in my app want PayTM as the payment option. I am using their API and after trying for a few hours, when it was just not working even though I followed their guide and docs, I decide to call the support. After I described him the errors I was getting, he asked me to follow the docs which, being a developer myself, I already did. When I told him that I have done everything exactly as mentioned in the docs, he asked me to hold the phone. Came back after 1 minute and said, "Sir, I discussed the issue with my TL and he says that our API does not work in PostMan."

I hung up.

I managed to make it work by trying evening I could possibly do. But I am amazed what kind of people are running such a giant company. PostMan is made to test APIs. Idiots!

Just got an email with a new really nice douche-bag move from Postman to raise their prices again (this time for almost double) on their paid plans with excuse "it will help us deliver more of what our customers need from us."

Even though I've decided to look other way around for years on their electron-based garbage of bloated app, have not been a fan of their pricing 8$/month/user just for a simple feature such as sharing request schema and environment data.

This simply needs to stop and I'm seriously thinking about doing something about it. 🙄

Sometimes you praise .. sometimes you just plain abuse.

So, I was getting started with express middlewares and installed Postman. I saw this. I literally cracked up laughing so hard at this.

> Startup: ok listen up, we got this super cool thing we want to do with Twilio. Doesn't get any easier: some calls to book a restaurant, you ask for booking data and save that on some db.
> iHateForALiving: I'm on it. We got a couple weeks of development, never worked with Twilio, but should be easy enough
> Startup: Hold it big guy, we can't just write code like this. There's this OTHER developer with a super cool framework he wrote himself, it supports OAuth2 and multitenancy, written in Huskell, microservices to authenticate several apps all working concurrently in our environment, some orchestrator, cloud computing on AWS, you're going to love it. There's this Postman project with 200-something calls (the ones I need for my project, one and only consumer for those APIs, are 5 including the login)
> iHateForALiving: You are aware you'll have approximately six clients and they'll pay some 30 bucks each per month, aren't you?
> Startup: You don't understand, this infrastructure is CRITICAL for the future of our company
> ffwd 6 months
> iHateForALiving: guys we had this 2 weeks project and it's taking months, I'm ready, what is going on there?
> Startup: someone killed our DB, the OTHER developer pushed on git the access credentials :(

THE FULL MOON IS DRAWING NEAR AND THE FUCKING WERECODERS STRIKE AGAIN!

For a new project I first try to get an overview about the specifications, hosting and platform.

Depending on this information I decide which language and frameworks (if any) to use.

Basically always the first part I create is the backend, so I have all the data interfaces ready. For web stuff Postman is really useful.

Later on I start with the frontend, get myself really angry because I hate frontend.
Then I get into a hate-overdrive because browsers suck and I delete everything and quit.

Something as barebones as Postman, should not take 600MB of RAM :v
//and then hang and crash ffs

Why is everything slow in windows even if I have a 16GB memory? Maybe because not SSD? 😑

Slow to open in windows:
- Docker, Postman, etc

I think I made someone angry, then sad, then depressed.

I usually shrink a VM before archiving them, to have a backup snapshot as a template. So Workflow: prepare, test, shrink, backup -> template, document.

Shrinking means... Resetting root user to /etc/skel, deleting history, deleting caches, deleting logs, zeroing out free HD space, shutdown.

Coworker wanted to do prep a VM for docker (stuff he's experienced with, not me) so we can mass rollout the template for migration after I converted his steps into ansible or the template.

I gave him SSH access, explained the usual stuff and explained in detail the shrinking part (which is a script that must be explicitly called and has a confirmation dialog).

Weeeeellll. Then I had a lil meeting, then the postman came, then someone called.

I had... Around 30 private messages afterwards...

- it took him ~ 15 minutes to figure out that the APT cache was removed, so searching won't work
- setting up APT lists by copy pasta is hard as root when sudo is missing....
- seems like he only uses aliases, as root is a default skel, there were no aliases he has in his "private home"
- Well... VIM was missing, as I hate VIM (personal preferences xD)... Which made him cry.
- He somehow achieved to get docker working as "it should" (read: working like he expects it, but that's not my beer).

While reading all this -sometimes very whiney- crap, I went to the fridge and got a beer.

The last part was golden.

He explicitly called the shrink script.
And guess what, after a reboot... History was gone.

And the last message said:

Why did the script delete the history? How should I write the documentation? I dunno what I did!

*sigh* I expected the worse, got the worse and a good laugh in the end.

Guess I'll be babysitting tomorrow someone who's clearly unable to think for himself and / or listen....

Yay... 4h plus phone calls. *cries internally*

You know it is gonna be "fun" integrating client APIs, when all of them respond with
"Thanks for submitting the request"
And no error or status code whatsoever, no matter what you send.

Also, the client likes to test/call this API in Internet explorer address bar, and doesn't trust Postman. Amazing shit dude.

Whoops...
Guess who got their variable declaration wrong?

I should really use Postman

What the sh*t is this kind of response?! One of my corporate department's internal API returns THIS.

LOOK AT IT. LOOK. "NULL". What are those malformed closing / ending brackets?!

(request headers have accept: application/json btw)

And, as a final "f*uck you", the "IPG_API_JOBD_NC_RESP_P_COLL" is returned as JSON object if response has one element to return, but will be JSON ARRAY if result has more than one element.

Good luck, you there with strongly typed languages..... Boils my blood 😅

I am stuck with another Postman.

Attrition in my current org is way to high in product teams and we have only one designer shared between ~100 people (10 product lines).

My ex-lead (a genius) and my skip level manager (very smart chap), both keep saying that my manager is a very good manager.

However, in reality, I don't find so.

- Only responds to my questions
- Ignores any other form of communication
- No help on any front
- No support or validation on my tasks (hence, I have to actively keep asking for feedback)
- Regularly cancels 1:1
- Involves other team members in 1:1 and cancels theirs as well
- Says I am doing well but keeps nitpicking in my work
- Hardly reviews anything

My company is amazing, pay is good, perks and opportunities are wonderful, kickass learning but my direct manager isn't making me feel comfortable working here.

Maybe she is too cramped with responsibilities but again, I have never seen her deliver anything and all she does is a postman job of taking inputs from her manager and pass on to me and coordinates until me and her manager decide to jump on a call and figure things out ourselves.

It's just been 3 months and I feel more annoyed than worried about being here.

!Rant

TLDR: What's your favorite REST API Documentation tool?

I'm about to start developing a really large REST API. I have never really had need to document my previous API's since they were small, self explanatory and had only me using them. Aside from this one being too large for me to keep track of there is also a remote team that will need to integrate with it.

Basically I need write exceptional documentation while using as little time as possible. I love postman and am planning to use it for documentation since I currently use it to test during development anyway but I have seen some really neat looking tools like swagger and apiary so I figured I would check for some other suggestions.

What is your current / preferred REST API documentation method?

I am so much stunned i cannot form a sentence on what to say. Lost 3 days trying to fix a bug on why socket.io was connecting to backend TWICE per user. I cannot fucking comprehend this. Backend works fine because via postman it doesnt connect twice. Everything works fine. 72 fucking hours waste d of my life just to find out i had to change

<React.StrictMode>
<App />
</React.StrictMode>

Into

<App />

When i tell you my jaw fucking dropped it fucking did. And it does not drop often or that easily for me. What the FUCK is react strict mode???? FUCK react. I fucking hate this piece of garbage framework. I even like nextjs better. React💩💩💩💩💩💩💩💩💩💩motberfucker WHY is strict mode fucking my code what use does it have who gives a shit why does it have anything to do with websocket connection FUCK react 💩💩💩💩💩💩💩💩💩 how does this piece of camel turd have anything to do with duplicate connection 💩💩💩💩MFKKCER this garbage doesnt exist in my beautiful angular or nextjs PLS why this cancer has to be so headaching i knew I'll get FUCKED if i dont go over a detailed course learning react from scratch. Now im suffering. Learning this garbage the hard way FUCK off

Starting to feel like shit about my new job. Every task my boss gives me I return with a "sorry it can't be done" for one reason or another. At first it was because user interface testing is a nightmare, then it was because the API postman tests he wanted is for endpoints we haven't exposed so it can't be done and the automated login on postman and retrieval of cookie information can't be done through postman because it requires rendering the site in a browser. I feel worthless to the company but I also feel he keeps making up tasks for me without checking if they're actually useful to us or even possible first, rather than let me touch any of the real code.. I don't know if I should just quit tbh.

I was hating on Postman for 10 minutes straight...
and then I found out it was me all along.

Turns out, it's an advantage if you actually select the proper environment before sending a request.
fuck me... coffee! ☕

"try harder and smarter, we will do a training if needed"... A coworker replying to another coworker (non dev tech support guy who never used postman in his life) in public chat... And I can't help but think that he is implying that the tech support guy is stupid.
KNOWING POSTMAN DOESN'T MAKE YOU SMART!!! AND YOU NEED TO SHOW SOME RESPECT AND LEARN HOW TO SPEAK!!

There's this thought that keeps popping up in my head more frequently recently.

We are people who do heavy mind work. Our quality of life directly depends on our ability to come up with solutions. We've been training our minds for years, for decades, to get to the point where we are now.

Now stop for a moment. And imagine. You wake up one morning and you realize you can no longer code. You forgot all of it. You still can copy-paste answers from SO, but you don't know what questions to ask to get to those answers.... Your mind has pulled the DROP TABLE PROGRAMMING;COMMIT; stunt. From hero to zero in just 1 night.

You have no clue what happened, no idea whether you will recover. How does that affect your identity? Would you still try to climb the programmers' tree to the sweet spot you are in now? Would you choose some simpler profession instead, considering your age and time required to master that other profession? If you choose another profession - what would it be?
What would you do with your personal projects? You can't continue them yourself obviously... Would you let them die with the loss of your skills?

How closely is your profession related to your identity?

Now that I consider myself a person who's quite good in the field, this is becoming one of my fears. Sadly, it'll most likely come true someday. Either some accident or just old age, or even diseases/conditions at younger ages - there are so many things that could mess up your mind - the sole tool critical for our profession [to the picky ones: lumbers can't swing axes w/o hands, postman can't deliver mail w/o legs, politics can't lie without tongues, and we, engineers, cannot build with our minds even slightly off].

Some time ago I was working in a freelance gig. I was the backend developer and the front end guy and I had some differences in our postman collections, so I asked him to email me his exported json collection.

When he emailed me, it was really funny to see his signature, which included all the courses he had and his degrees and whatnot.

like dude, "I didn't wanted your CV, I just wanted the collection"

PS: I hope you get the idea from the image, even if it is in spanish

when youre working on a API and every testCase is all green plus manual testing thru Postman extension is all good..

then makes a web app use that API, authorization works as intended but the token is immedially invalid...

just..how..

!rant
Postman - app for developing and testing APIs, it is so damn gooood!!!

Man... NW.js (node-webkit) apps are a piece of garbage on Ubuntu. After wake from sleep every app is using 100% CPU or hangs. Spotify, Slack, Postman, Jetbrains Toolbox.

I miss native apps... Or MacOS. I don't know anymore.

Guys, what the fuck.

Today i was doing some consistancy checks accross the board after update made for one of our core systems that manages money. Yeah, real, live money.

I have hidden from public payment processor with simple API etc. So one of my checks, gate has same balances as gate's internal account on core blinked red. Okay well, fuck, thats really really shitty situation to be in. I guess my gate is fucked up some way.

Okay, debug mode on, maintainence mode on, quick look at DB, oh shit, client payed 4 times 15k eur without any txn on core system... SHIT! postman... Fuck, postman ofc wont start, quick google, fixing postman, tention in me grows, becouse its really rough and tough fuckup on my side, and got call. That moment when you know someone already knows is for me apogeum of stress that just skyrocketed from calm morning to mad morning.. Okay, i pick up phone, and I hear that one client payed (using core system app) and got strange message, YES I KNOW, im working on it.. Wait, you say that core system gave them odd message??? I will check it out. Finally fixed postman, 3 requests and I know its bug on core system.

Why, why in the motherfucking blody world anyone would push critically bugged update to system that just sends api callbacks "yes, he payed" when someone didnt pay...

Fuck im stressed and pissed, but at same time reliefed its not my personal fuckup (yeah, I solo wrote that gate, but externally audited code and all they had to say that some cosmetic linting should be done)

I've seen lots of other ranters complain about huge code files... I just came across 27k Javascript extension for a software like Postman ...

First I thought cool I can work on it since it's JS, then 27k of lines later: I think I'll go sleep .-.

I love to develop for the web, i find JavaScript a nice language and I love the unmatched flexibility of the web platform but i hate when I have to work with the unstable or badly documented APIs which seems to be the norm in the enterprise world: wasting hours in forced breaks because suddenly the API returns nothing but 503 or the VPN suddenly dies, wasting lot of time to find the documentation you need in the slow and cumbersome enterprise API manager, making lots of tests with cURL/Paw/Postman/wethever trying to find out why a request which should work just doesn't... in these moments I envy desktop and mobile devs. The worst part of it is which microservices made everything worse since nowadays there are way more "moving parts" which can break making the API you need unavailable and unlike with monoliths often it's hard to just clone a back-end, populate a database and then work fully locals since now everything depends on a lots of things which are hard/almost impossible to replicate on your laptop.

API response.
For a week been working with my project manager remotely.
Then yester night had a tough one.
Me:Please send me the API endpoint so that can test it and see the response.
Him:On my side all is set just consume the response.
Me:As a practice I did first test the API using postman and the response was okay.
Me:As I had already prepared my Retrofit code to consume and parse the response I head to it.
Me:Fast forward 20 minutes into the application I realise getting some unexpected errors thanks to the guy who didn't follow my response format.
Me:I call him asking him to check how he formatted the response .
Him:He claims he formatted it as requested .
Me: Double check my work and am damn right and now raise my voice as I talk to him again and requests him to send me a screenshot of his response and I send mine.
From the screenshots turns out his response is okay as he is working from a damn localhost and my response was coming from the live server.
Feel like strangling him for wasting my previous 30 minutes

Fucking garbage piece of shit microsoft httpclient

identical request works in node!

identical request works in postman!

but noooooooo httpclient, you have to add the content length on the content itself, can't add authorization header except through special way, serialization is wrong bunch of shit pile of shit no working shit

Wow or wtf to these banks API. was integrating an API for a service which accept JSON input.
Okay fair enough, that would be fine
Spent an hour writing code(purescript) most of time spent was on writing Types based on the API doc. after that okay let me test the API it failed.
I was what happened? So tested the API from postman with the payload from the doc, it worked. What how?
used a JSON diff to compare the payload from postman and the log. Looked same to me after spending few hours checking what is wrong with it .trying changing value to pasting the body of the log request in postman and trying everything failed.
Later went to the original working payload provided by them and changing the order. It started throwing error. I was like wait what?
It must be only on there UAT. created a payload with production creds and hoping to our production server (they have IP whitelist) ran the curl with proper payload as expected it worked. Later for same payload changed the order or one key and tried it failed.
Just why????
I don't want to create a JSON with keys on specific order. Also it's not even sorted order.

Postman Rant

wow just wow ! just got turned my home internet off by the cable company. And they are right to do !
I apparently didn't sent them their money. But why didn't I ?
Im the typo guy who likes a bill in any type and then pay it. Sorry for beein old fashioned there. Now this lack of human intelligence aka. my postman didn't brought me them. Instead I always receive others Bills and shit( ok sometimes he drops it right ). Does he think the people
in this house live in a fuckin hippie community or some
shit where we all are one system. WTF ????

But my revenge will come you giant shitpile, except from reporting you to your office.
You FUCKED with my internet connection. That's personal

None of my localhost calls were getting through, either through postman or through app. I wasted nearly an hour and then realised my NO_PROXY was configured with ; instead of , I wanna kill myself right now 😫

// Stupid JSON
// Tale of back-end ember api from hell
// Background: I'm an android dev attempting to integrate // with an emberjs / rails back-end

slack conversation:
me 3:51pm: @backend-dev: Is there something of in the documentation for the update call on model x? I formed the payload per the docs like so
{
"valueA": true,
"valueB": false
}
and the call returns success 200 but the data isn't being updated when fetching again.
----------------------------------------------------------------------------------------
backend-dev 4:00pm: the model doesn't look updated for the user are you sure you made the call?
----------------------------------------------------------------------------------------
me 4:01pm: Pretty sure here's my payload and a screen grab of the successful request in postman <screenshot attached>
----------------------------------------------------------------------------------------
backend-dev 4:05pm: well i just created a new user on the website and it worked perfectly your code must be wrong
----------------------------------------------------------------------------------------
me 4:07pm: i can test some more to see if i get any different responses
----------------------------------------------------------------------------------------
backend-dev 4:15pm: ahhhhhh... I think it's expecting the string "true", not true
----------------------------------------------------------------------------------------
me 4:16: but the fetch call returns the json value as a boolean true/false
----------------------------------------------------------------------------------------
backend-dev 4:18pm: thats a feature, the flexible type system allows us to handle all sorts of data transformations. android must be limited and wonky.
----------------------------------------------------------------------------------------
me 4:19pm: java is a statically typed language....
// crickets for ten minutes
me 4:30pm: i'll just write a transform on the model when i send an update call to perform toString() on the boolean values
----------------------------------------------------------------------------------------
backend-dev 4:35: great! told you it wasn't my documentation!

// face palm forever

I would like to present new super API which I have "pleasure" to work with. Documentation (very poor written in *.docx without list of contents) says that communication is json <-> json which is not entirely true. I have to post request as x-www-form with one field which contains data encoded as json.

Response is json but they set Content-Type header as text/html and Postman didn't prettify body by default...

I'm attaching screenshot as a evidence.

I can't understand why people don't use frameworks and making other lives harder :-/

Have you heard of "Thunder client"? Meh... That shit is cool. I came across it on my YouTube recommendations, installed and gave it a try. I'm probably not going back to postman.

How did Postman go from being one of the most loved developer tools to one of the worst crap I've ever used?

So our server guy installs a log server (gray log), and tells me to read the documents online and to log our stuff in there
I'm so frustrated and can't use it.

So I tell him how am I supposed to use this log mechanism, and tells me that even he doesn't know!

And can't send logs using postman!

WTF should I do?? Losing my mind over here!!

Dang. postman is forcing me to make an account.

Is this the age where we have to make everything ourselves if we don't want to store our information on the internet?

postman is the biggest dogshit ive ever seen. FUCKING DO SOMETHING.

how do people wait FOR MINUTES until a piece of the file tree unfolds?!?!

the ui is so fucking irresponsive and slow. it is such a painfull experience

So I have this PO who is able to understand technicalities. He is also able to use postman and has access to our code - don't ask why. He is trying stuff out with our apis, looking through code to understand parts of the software, etc.
So there are two sides of having a PO who is able to understand us devs on a certain level:
On the one hand you can explain why story x is taking longer than expected. You can even discuss in a proper way, which is nice. On the other hand is he a bit over the top: when we plan stories he already analysed everything, put code into the story and is telling us how to solve an issue or implement a story.
The sad part is that none of my colleagues seem to be bothered by the fact that he is doing my work.
And recently i even heard a sentence like: "I do not understand why this story should have 3Sp. Would be way lower when I do it". Well.. then do it yourself freaking idiot.
That goes so far that he tells other teams how to fix their code when there is an issue, because he has access to the code and can (unfortunately) read it..

Very unpleasant. :/ So: do you guys have/had the same issues? Am I overreacting?

Yesterday was a horrible day...
First of all, as we are short of few devs, I was assigned production bugs... Few applications from mobile app were getting fucked up. All fields in db were empty, no customer name, email, mobile number, etc.
I started investigating, took dump from db, analyzed the created_at time stamps. Installed app, tried to reproduce bug, everything worked. Tried API calls from postman, again worked. There were no error emails too.
So I asked for server access logs, devops took 4 hrs just to give me the log. Went through 4 million lines and found 500 errors on mobile apis. Went to the file, no error handling in place.
So I have a bug to fix which occurs 1 in 100 case, no stack trace, no idea what is failing. Fuck my job.

IT decides to update machine policy today;

Chrome becomes an "officially" allowed program, so they force a homepage, disable all extensions, and disable incognito... Nice.

Postman doesn't work either.

When I hit the endpoint from Postman it works. When I hit the endpoint from my application that pushes data to the endpoint it doesn't work, returning a 404 status code. I KNOW the endpoint is there and operational and that both Postman and my application have the same endpoint configured, letter for letter.

So lost. So confused. What the hell is going on.

I decide to install Fiddler to monitor the traffic to see if I can see anything helpful.

I initiate the request again from the application and immediately see that the request size is huge. BAM. It immediately hits me, the payload to the endpoint is too big and the server is "rejecting" it with a 404. I post a smaller request with the application and it works fine.

Yay, saved by Fiddler.

Why does the endpoint default to 404 in such scenarios. The definition of 404: "the client was able to communicate with a given server, but the server could not find what was requested"

In my case, the 404 returned was a red herring. I understand that the substatus code gives more information on why the 404 was returned, in my case the request size being too big, but 404 in general feels like the wrong status code to return because the endpoint IS there. It made me troubleshoot the wrong thing.

Thanks, IIS.

Co-worker: Please finish and push your frontend asap, I need that to start working on the backend.
Me: Why aren't you using Postman?
Cw: I don't like it.

quick question: If you are writing a software to start a business around it, would you make that software (or not) open source?

I have in mind something like the Insomnia REST client by @gschier (FOSS) vs Postman (Commercial)

Thanks!

Oh look, postman has a "native" app.

After years of back-end development there's a thing which keeps bugging me: how little "interactive" the development process can be.
When I did front-end I took for granted that the application I was developing was easy to run so I could immediately test any little change I do on code but on back-end this is rare to see: you develop with tons of external dependencies (authentications, VPNs, databases...) so getting your application up and running can be an huge hassle and testing API controllers can be slow and frustrating since I have to continuously juggle multiple development environments, manually regenerate tokens, do guesswork to find which parameters you have to use for your API request, maintain my Postman/Insomnia HTTP calls collection to prevent it from turning into an unusable spaghetti mess... lots of repetitive tasks which kills my focus and makes me struggle in getting into a decent flow.

Automated testing has lot of potential in helping with that but its hard to introduce when you're rewriting a legacy sistem and you're already exceeded your budget.

I wonder if I'll keep doing back-end once I'm done with this project.

Not entirely sure if it counts, but Postman.

Used to be a simple, yet efficient tool for integration testing. And nothing more. Now it's a bloated, convoluted resource eating piece of bling-bling that tries to do a shitload of stuff, but only does them in a mediocre way.

Meh, while I was typing this I realized what a comfortable life I lead if I complain about something like this. Oh, the perks of being a middle class white man working in the tech sector...

Spending an hour trying to post via postman with no success and realize that a fucking backslash was missing from the end of Uri

Towards the end of my art degree we were encouraged to setup portfolio sites. Most people used iWeb but I went to a DreamWeaver workshop and built mine and my girlfriend's.

Then I got into WordPress, read some good books and decided to pursue a career in it. Got my masters while working part time as a postman and my first job as a front end dev with a medium sized fintech.

What tools/pluggins do you recommend for:

VSCode
Data management.
Test code
Organization and collaboration
APIs
Debugging

And other tools you like to use the most? ✌🏻☺️

Postman App logo seems like Michael Jackson doing his famous Anti Gravity Lean

Fuck my sleep habits. Why I cant go to sleep like normal human instead in 7 AM? What kind of monster am I? Should I switch to Insomnia instead of Postman? Is that what life is trying to say to me?

Have a great Monday everyone.

So I am debugging a connector library for an api that users curl.

I am fighting my ass off with errors and a lack of debug, testing or thought for CI

Take a poke around this set of classes only to find.

Postman token in the opts. and a removal of ssl check. What you straight copied from postman.

Like seriously clean up your fucking code if you are gonna put something out as production ready to your team.

Console.log('fuck');

Updated Visual Studio and now my Xamarin app can't post the login and register credentials anymore. My server api is working, I tested with postman. Can't find any help online and I'm fucking done!

For current project, client provided us with ui design and postman collections and expects us to build application based on that. I'm currently onsite, working from client's offices, trying to communicate what each api does and what they expect. And they're fucking avoiding me. Roll eyes if meeting lasts more than a fuckin hour. Laugh when we point out inconsistencies in tgeir design.
The fug? You're paying us to do the job. We don't fucking care, it won't be finished till you provide enough information.

The entire team doesn't know why the request works in Postman but not in the code and now everyone has resorted to dithering imposter syndrome riddled wrecks 😖

When I was working on my dissertation project. I was implementing a video sharing platform. Using Dropwizard for REST. I wrote the entire endpoint for uploading a video in one session. I was just taking a stab at how i thought it could work. Tested it in Postman expecting to get some kind of error.
And it worked first time.

I HATE WINDOWS' WINDOW MANAGEMENT. I have two monitors and nothing can be maximized. Windows' spaces are terrible as well.
I am building in the back end in VS Code.
I have three terminals open because I need them to run multiple parts of the app locally.
I have postman open to try requests.
I have firefox for the orm system's documentation.
I have my database tool running as well.
I have an ERD diagram floating in a window.
I have another VS Code window showing a diff of my JSON compared to the version I'm replacing.
Also all of my team communication tools.

I have never hated shuffling windows around so much. Would it kill us to use some command line tools for http instead of Postman? Could we please get a decent shell in windows? Could we get some simple ways to switch between virtual desktops? Click click click. I can't automate clicking. Why do we use the most clicky tools we can find?

After three months of development, my first contribution to the client is going live on their servers in less than 12 hours. And let me say, I shall never again be doing that much programming in one go, because the last week and a half has been a nightmare... Where to begin...

So last Monday, my code passed to our testing servers, for QA to review and give its seal of approval. But the server was acting up and wouldn't let us do much, giving us tons of timeouts and other errors, so we reported it to the sysadmin and had to put off the testing.

Now that's all fine and dandy, but last Wednesday we had to prepare the release for 4 days of regression testing on our staging servers, which meant that by Wednesday night the code had to be greenlight by QA. Tuesday the sysadmin was unable to check the problem on our testing servers, so we had to wait to Wednesday.

Wednesday comes along, I'm patching a couple things I saw, and around lunch time we deploy to the testing servers. I launch our fancy new Postman tests which pass in local, and I get a bunch of errors. Partially my codes fault, partially the testing env manipulating server responses and systems failing.

Fifteen minutes before I leave work on the day we have to leave everything ready to pass to staging, I find another bug, which is not really something I can ignore. My typing skills go to work as I'm hammering line after line of code out, trying to get it finished so we can deploy and test when I get home. Done just in time to catch the bus home...

So I get home. Run the tests. Still a couple failures due to the bug I tried to resolve. We ask for an extension till the following morning, thus delaying our deployment to staging. Eight hours later, at 1AM, after working a full 8 hours before, I push my code and leave it ready for deployment the following morning. Finally, everything works and we can get our code up to staging. Tests had to be modified to accommodate the shitty testing environment, but I'm happy that we're finally done there.

Staging server shits itself for half a day, so we end up doing regression tests a full day late, without a change in date for our upload to production (yay...).

We get to staging, I run my tests, all green, all working, so happy. I keep on working on other stuff, and the day that we were slated to upload to production, my coworkers find that throughout the development (which included a huge migration), code was removed which should not have. Team panics. Everyone is reviewing my commits (over a hundred commits) trying to see what we're missing that is required (especially legal requirements). Upload to production is delayed one day because of this. Ended up being one class missing, and a couple lines of code, which is my bad (but seriously, not bad considering I'm a Junior who was handed this project as his first task at his first job).

I swear to God, from here on out, one feature per branch and merge request. Never again shall I let this happen. I don't even know why it was allowed to happen, it breaks our branch policies. But ohel... I will now personally oppose crap like this too...

Now if you'll excuse me... I'm going to be highly unproductive and rest, because I might start balding otherwise after these weeks...

Working on a web API project in C#, our frontend is another company, the body gets to them but they claim that the json is incorrectly formatted... I'm sure that it isn't but whatever...
I keep digging around to see what can be done, a "helpful" colleague offers to help, only to start asking about everything from scratch and after frustrating and distracting me like... 10 fold, I leave him to play as he wants, then hard reset and move on...
fire postman and focus on the logs... nothing! database... nothing!
couple of minutes later, I look at that far small laptop screen to find out that he has drenched my code with break points and the IDE is blinking its tabs off over there on the screen I rarely look at!

Tell me again why do we work in open spaces?!!

Hello all (App devs) I have finalized all APIs and here is the postman collection for you. I have been working on the chat page so excuse me for my delay but I finished all the system all that is remaining is the chat. I will be working on it tonight.
Please let me know if there is anything wrong.

Dev 1: thank you will see then asap.
Dev 2: why do u want to make me lost we said u deliver the chat first and then we move forward with the app.
Me: well I had some difficulties with the chat so I finalized all else and u can fix those while I fix the chat
Dev 2: no this is not what we agreed on. This is propostrous. I will not do anything anymore. I need the chat to finale x y and z.
Me: dude the chat has nothing to do with x y and z u can finalize those and then fix the chat!
Dev 2: no I don't understand this is not right.
Me: dude I built the backend I know what u need for x y z. Anyway why all the blame and the destructive approach?
Dev 2 don't think we r kids we r not kids .. (bullshit talk)...

This is the scenario that happens Everytime a pussy of a Dev is late and is ignorant of their job and all about blame it on the weakest point.

Therefore guess what's drafted ?!

MY RESIGNATION PAPER!

when the you're waiting like a dog at the window for the postman to come and he still doesn't have your new computer parts😥

Can someone tell me why the fuck is it so hard to choose where to install electron apps? Selecting installation directory is a default feature in pretty much anything installable. Is electron somehow above that? Is clicking the two a extra buttons to choose a second drive too mainstream nowdays? What? Why? I use Atom, VS code, postman, cycligent, boostnote among others . The idea is good, the apps look beautiful and responsive. But bloated as fuck. Atom alone takes 1.4Gb! And I am ok with it! Really I am! But why the fuck not let me install it in a drive where I have 70% of space free and instead make me use my crammed SSD? Why? WHY?

* le me develops endpoint using serverless on AWS Lambda, forgets to enable cors *

Le front end dev: Your endpoint doesn't work. Gives me cors error.
Me: but that works on POSTMAN

le front end dev: We are not shipping it with postman.

*fml*

I hate Postman tests.
There has to be a better way of testing a set of apis working together than this clunky unreliable pile of shite

I just learned Serverless.com

Thats it?

Shit was 100x more easy to learn compared to the brutality of terraform devops reactive streaming kafka rabbitmq sockets and other shits i had to fuck around and find out.

Dont even have to watch tutorials for this. Just building 1 simple crud project and read the docs was enough.

However after deploying these serverless shits to aws Lambda i noticed that it takes quite some time for the api to fetch response. Why?

On postman calling the route for the first time i have to wait like 3s for api to fetch all (with limit of 10) or create 1 dto object. Then every next api call is 100-150ms which is ok. But it could be better no? Locally my spring boot rest api takes 3-7ms of load time. Why is this 100-150ms?

FUCK MY LIFE! POSTMAN! it fucking opened with a full white theme, everything was grayscaled and still it made me go blind like after a fucking flashbang, holy shit.

OK I need some help. I need to make sure I’m not losing my mind.

We are using an ERP which is hosted by another company. We are supposed to be able to access the data via a REST API. This works fine using Insomnia or Postman, but when I attempt to hit the API from my web application, CORS blocks the localhost origin.

I contacted the company’s technical team to request that they change the CORS configuration to allow localhost. They keep running me around in circles telling me that I don’t know what I’m talking about because localhost isn’t a DNS resolvable name and I’m doing something wrong and they don’t need to change any configuration.

They insist that if anything would need white listed, it would be my IP, not localhost.

I sent them screenshots and stack overflow posts and documentation links, showing them exactly what headers need to be set and where the configuration needs to be set in the ERP. They tell me I don’t know what I’m talking about.

They tell me that if I can hit the API from Postman, I can hit it from my browser.

Am I losing my mind? Have I fundamentally misunderstood CORS all these years? I’m sure I’m right. But I’m starting to feel like I’m crazy.

When i code i listen to music so i can focus on the code .
What about you guys ? What type of music you guys suggest !
Ps: waiting for postman for my new awesome headphones *smiling af*

When you realize PostMan has another meaning.

The one who sends post.

I have a question. WHY PostMan can send data in body of a GET request but nothing else?

Document your API properly or use Swagger!

Getting a CodinGame puzzle's description without scraping the page.

I spent hours playing with different endpoints and changing values in postman, all to no avail. The most promising endpoint also returned user progress, which requires authentication, which requires a dummy account, which is against their ToS (it is allowed to reverse engineer the API though).

Turns out you just had to submit “null” for your user ID and it would remove the progress field.

Why is this tagged bad design?

["puzzle-id-string", user-id-as-int]

For almost anything, you POST json arrays...

Send help.

Postman is the only app I like in light mode.

That moment you test your api and the enter key is stuck, so postman sends a lot of requests to the server and your ip gets blacklisted...

Postman freaking sucks now. It's bloated and can't easily do what's it's supposed to do without hassle. You have to login first, then it will inexplicably lose all your previous API requests.
I guess the company has forgotten who their base customers are.

tldr: i take pride of our code! It hurts when someone calls it wrong when i know it was right.

So there was this integrations team that are trying to connect to our api. This team has been throwing different people to work with us. We even taught them how to use postman/soapui with ssl, even to the point that we search stackoverflow to resolve their code-level issues and left us halfway, then came back again repeating all process. A year passed, they came back with the same issue... now all answer that they get from us was to “review past conversation”, Today, they insist that we repeat ssl onboarding process as they are having issues with their current one, we insisted not to do it, and told them we (including them) can proceed without changing the client ssl. And told them we had a snippet sent to resolve their issues, but instead told us in a rude way, our sample is wrong. I was challenged to prove that we can make it work by eod. With their wrong sense of pride as theyve been working for that issue for long, they started throwing tantrums on us, saying that we do not need to make them feel that they do not know what their doing. man! Cmon, its you who requested that snippet few years back, then you tell us you dont need it as it is not working, in the first place, it is not our job to code for you asses,...i left the channel after. it was escalated quickly to management and accounts team(those people who only cares for traffic/money).. asked to return to the channel, spoonfed the details to them, provided a working snippet and left again.not sure what happened next.,. I hope this started a fire on our management to handle such incompetence.

Not a rant but I honestly loooove vscode, I've been using it for the 2 years I think. Postman have created a vscode extension as well, I loved Thunderclient too.

Hey Postman,

Please fucking stop downloading minor updates and bug fixes automatically. Even if you do it, give the users an option to cancel the fucking download so that they can, you know, peacefully use the app for what it was built for.

I was signing up for a new account on Magic. I wasn't paying attention so I accidentally didn't change my date of birth, so it didn't let me create an account because they thought I was just born today. I changed that field but nope, it remembered I had told it I was 1 day old and it didn't let me change my mind. Delete cookies, nothing. Reload page, nothing. So I go into Postman and re-create the request and BOOM! I even got an access token for their API. This is why I love being a dev.

My coworkers get annoyed at my insistence that we stress test our inputs. Today, whilst doing just that, I tried to put a big ass integer into an environment variable in Postman. It’s been frozen for 10 minutes. 🤣🤣 THIS is why we test our inputs!!!! 😫

TLDR: Wrote a custom class for writing apibtest cases for a project with zero code test coverage.

We have a project with zero test coverage. Recently, i was tasked with writing api test cases for said project, it might have taken me months to write tests for all endpoint, plus the main issue was that each endpoint needed to tested for all available user roles and permissions.

I tried the main stream approach of writing api tests, but ended up running into a lot of issues directly linked to our projects roles/permissions architecture (cherry on top some endpoint are apikey specific). Don't get me wrong in my opinion this is by far one of the best user roles architecture out there, but writing test cases keeping it in mind is pain in ***.

After trying out different testing methods and frameworks, i decided to write my own class by extending django test framework (which uses unitest)

- It has generator and validators for request and response.
- Supports testing for user roles and permissions.
- We won't have to make any changes to code after user role or permissions changes
- I just have to copy and past request and responses from postman api collection.😂

Postman is a horrible third party hacking tool. It’s use should be outlawed.

What a time sink.

What’s more annoying than being distracted from your actual work by colleagues to make a couple of HTTP calls which can be done by them in minutes since they have everything but requires you to switch context and waste almost an hour in retrieving credentials reading documentation and filling Postman forms?

I have the following scenario with a proposed solution, can anyone please confirm it is a secure choice:
- We have critical API keys that we do not want to ship with the app because de-compiling will give access to those keys, and the request is done before the user logs in, we are dealing with guests

Solution:
- Add a Lambda function which accepts requests from the app and returns the API keys
- Lambda will accept the following:
1. Android app signing key sha1
2. iOS signing certificate sha1
- If lambda was able to validate them API keys are sent back.

My concerns:
- Can an attacker read the request from the original (non-tampered) apk and see what the actual sha1 value is on his local network?
- If the answer to the question above is yes, what is the recommended way to validate that the request received is actually from the app that we shipped and not from curl/postman/script/modified version of the app

Java and scala development:Intellij+gradle
Git: Gitlab + gitkracken
APIs: postman, insomnia
Scripted languages (most favourite to least ): Brackets(#1), Sublime, vscode, Atom
Others: Docker + Portainer, Visual studio (when playing with C#), geany for light works

working postman request with SSL , pfx cert against microservice

go to do the same thing against different microservice , SSL error , review config, looks like im supplying same certs, etc

FML

Did any test use parasoft for automated API testing before? Is it a good tool used for API test automation? Never heard that since I usually use SoapUI or Postman.

Why When I use devRant API, it works perfectly on insomnia but not in Postman !!

Did anyone faced this?
I wrote js client (React Native) and it's giving same results of Postman

FUCKING SHIT, I HATE THIS

Does anyone have problems with axios?

I've been trying to make this work for at least 1 hour. If I use Postman, it works alright, but using axios messes it up.

Practically what happens it's that Django does not picks the foreign keys, it loads all the fields except those two.

I've been like fucking crazy trying to understand what's going on but to no avail... I want to die, it's friday and this stupid thing is delaying me more than it should

They asked me to build a small website they will embed in a native application with some web wrapper in Android and iOS.

But also asked me to build a login web service that will return a JWT. Done.

They want to do a native code login form that opens up the web wrapper with my small website already logged in using the login web service.

I have no idea how to proceed in the backend.

At first i tried using postman with a POST request to the sessions/sign_in route and sending a form with the authenticity token and the email and password; but CSRF stopped me. I don't want to turn it off because of reasons.

Now i am wondering how to use this JWT to generate a cookie with a session inside it that they can use in the web wrapper.

Any help would be appreciated :)

postman to manually check api endpoint works

try again later, doing what you think was the exact same shit, which you've documented, reread your document get 404

fuck csrf

use debugger

find out its returning a 404 when the code i added fails, welp

HELP!!!, My ubuntu system exhaust all of it's ram, my system lags too much, I was currently running firefox, vim, postman, react server and node server.