Transitioning From Postman to Insomnia

As we transfer away from utilizing Postman, many people are transitioning to Insomnia for API testing. On this article, I’ll share how I’ve arrange Insomnia to streamline my very own workflow. Whereas Insomnia gives a variety of capabilities past HTTP requests, I deal with utilizing it solely for exercising HTTP requests. I hope this gives a helpful reference as you configure your individual setups.

Simply to make clear upfront, this is not an set up information. Getting Insomnia put in accurately is usually a bit difficult, and I, too, have encountered some challenges in the course of the set up and setup course of.

A number of variations of Insomnia can be found, and I’ve opted for model 8.1, which I discovered to be secure. Whereas I’ve additionally labored with earlier releases, some older variations had notable bugs. For those who’re encountering points like being unable to filter or type your collections or if the “sensible” tags aren’t functioning as anticipated, it could assist to replace to the most recent secure model.

This information presents a complete method to utilizing Insomnia, going past the fundamentals to discover superior methods. Whether or not you are a newbie seeking to get began or an skilled person searching for to streamline your API workflows, this information will present the insights and instruments wanted to maximise your use of Insomnia.

What I Admire Most About Insomnia

• Clean Startup: In contrast to Postman, which regularly will get caught with “can not load” errors, Insomnia launches seamlessly each time.
• URL Preview and Copy: The flexibility to preview and simply copy URLs, particularly when utilizing variables, is extremely useful.
• Environment friendly Endpoint Search: Shortly filtering and trying to find particular endpoints streamlines the workflow.
• Pinning Requests: The choice to pin requests, although restricted to the present folder, helps maintain essential duties simply accessible.
• Versatile Sorting Choices: Quite a lot of sorting choices within the endpoints panel make it straightforward to prepare and discover what I would like.

Workspaces, Tasks, and Collections

I exploit a single workspace — the default “Private” workspace — however inside that workspace, I handle a number of initiatives. Every undertaking corresponds to a special EAI (Enterprise Utility Integration). This setup works nicely when the hosts or availability zones for every EAI are distinct and unrelated. Nonetheless, in case your EAIs share frequent hosts or availability zones, consolidating them right into a single undertaking could also be efficient. In any other case, I like to recommend making a separate undertaking for every EAI to take care of readability and keep away from potential conflicts.

Every undertaking contains (or will embrace) a group tile (to your requests) in addition to a number of “documentation” tiles. Testing and different automation processes are outlined throughout the documentation tile however are past the scope of this text. You possibly can return to your initiatives at any time by clicking the “dwelling” icon.

After creating a brand new undertaking (highlighted in crimson above), you’ll have the choice to create both a brand new assortment or a brand new doc. Generally, you’ll seemingly need to select “assortment.”

Proxy Configuration

First issues first: you’ll seemingly must configure the proxy settings. To do that, navigate to the “Preferences” menu (discovered within the software menu or by way of the icon within the lower-left nook). As soon as there, go to the “Normal” tab, scroll down, and enter the next settings:

Now, we’re diving into the core of the matter. For many customers, creating and managing requests is the first operate they need to carry out in Insomnia.

For the rest of this information, I’ll be utilizing an instance service referred to as “DairyProducts-API.” This service exposes a number of endpoints, together with a wide range of “actuator” endpoints, and it’s operating throughout a number of environments in Pivotal Cloud Foundry (PCF) — particularly within the clwdev1 and clwprod1 areas. These environments embrace Growth, Launch, Staging, and Manufacturing.

To start working together with your requests, find the “filter” enter area within the person interface. To the precise of this area, click on the + button. This may usually permit you to create both a brand new HTTP request or a folder to prepare your requests.

Setting Up Requests for “actuator/data”

To watch and monitor the Git commit particulars of every service occasion operating in numerous environments (Launch, Staging, and Manufacturing), we’ll configure a set of requests for the actuator/data endpoint.

Steps to Set Up Requests

1. Create a New Request for Every Surroundings

For every setting (Launch, Staging, Manufacturing), we’ll create a separate request. This enables us to test the related commit data for every service occasion operating in these environments.

2. Rename Every Request

Rename the request in accordance with the setting to which it corresponds. For instance:

• Launch - Actuator Data
• Staging - Actuator Data
• Manufacturing - Actuator Data

3. Specify the Appropriate URL for Every Surroundings

You’ll must outline the right URL for the actuator/data endpoint for every setting. Whereas these are technically “availability zones,” I’m utilizing Insomnia terminology on this information, the place the environment-specific URLs will look one thing like:

• https://launch.instance.com/actuator/data
• https://staging.instance.com/actuator/data
• https://manufacturing.instance.com/actuator/data

By establishing these environment-specific requests, you’ll simply test the most recent Git commit particulars for every occasion throughout the varied environments.

Notice: This quantities to 9 separate requests, every serving the identical operate however focusing on 9 completely different availability zones. And sure, I shall be integrating a load balancer afterward.

For now, nevertheless, with the actuator endpoints, the objective is to instantly entry particular availability zones slightly than routing by the GSLB (World Server Load Balancer) at this stage. The one distinction between every request lies in a phase of the URL.

Defining Sub-Environments for Every Availability Zone

To outline a sub-environment for every availability zone and create a variable to make use of within the URL, observe these steps:

1. Entry the “Handle Environments” Dialog

Press ‘Management-E’ (or click on the gear icon, relying in your model) to open the dialog.

2. Create a Sub-Surroundings for Every Availability Zone

There are two forms of environments: shared and personal. The principle distinction is that personal environments aren’t exported, however functionally, they’re the identical as shared ones when not exported.

For every sub-environment, create a JSON-formatted doc with key-value associations.

3. Outline the “az” Variable

Add a variable named az for every sub-environment, assigning it the suitable worth for the supply zone.

4. Finalize Your Modifications

If you’re carried out, click on the Shut button to save lots of your settings. Urgent “Escape” will discard any unsaved modifications.

In my case, the worth for every az variable is:

Now, I’ll return to scrub up my assortment by eliminating duplicate entries. Please select any of the (almost) duplicate entries to start.

1. Navigate to the URL and place your cursor initially of the “AZ” part. Particularly, it must be positioned between merchandise and -rel.
2. Sort a slash (simply momentarily — that is helpful for inserting a variable).
3. Then, sort az (or press “CTRL + house”) to set off a pop-up, permitting you to pick the suitable worth.

4. Lastly, take away the non permanent slash you inserted earlier and delete every thing from -rel to dairyproducts.com.

Your end result ought to seem like this:

After which this:

Click on on the ‘Question’ tab to view the ensuing URL after the variable has been expanded. Within the upper-left nook, you may choose your required setting, and the URL preview will replace accordingly.

Subsequent, delete any duplicate requests and rename the remaining request in order that the setting identify is not mirrored within the request title.

Okta JWT Safety Tokens

At DairyProducts, we guarantee our service endpoints are secured, with some exceptions for health-related endpoints, reminiscent of /well being, /actuator/data, and /actuator/well being. To implement this safety, we use Okta and JSON Net Tokens (JWT), pronounced “jot.” 

Okta is a third-party id supplier that points (or “mints”) tokens which are legitimate for a specified interval, reminiscent of two hours. These tokens grant entry to the respective providers primarily based on the setting through which they had been issued.

JWT Domains

Okta points JWTs for various environments, and the tokens are restricted by domains:

1. Growth/Launch (Dev/Rel) Tokens

These tokens can be utilized in each Growth and Launch environments however can not be utilized in Staging or Manufacturing.

2. Staging Tokens

Tokens issued for Staging are restricted to Staging and can’t be utilized in Growth, Launch, or Manufacturing.

3. Manufacturing Tokens

Manufacturing tokens are unique to the Manufacturing setting.

This creates three distinct domains from a JWT perspective, guaranteeing that tokens are scoped appropriately for every setting.

Token Requests

To difficulty a JWT for every area, we’ll must create three separate requests. Every request requires the next 4 items of data:

• Issuer URL: The URL the place the token is issued by Okta.
• Shopper ID: The distinctive identifier to your software in Okta.
• Shopper Secret: The key key related together with your Shopper ID, used to authenticate your software.
• Scope: The scope defines the extent of entry granted by the token. For instance, it’d specify permissions associated to studying or writing to sure providers.

Instance Folder Construction

I’ve organized my Okta JWT-related configurations and credentials inside a devoted folder for simple administration:

This folder accommodates the mandatory configurations and secrets and techniques required to generate tokens for the completely different domains. When creating JWT requests, guarantee that you’ve the precise issuer URL, consumer ID, consumer secret, and scope for the precise setting (Dev/Rel, Staging, or Manufacturing).

Safety Notice

Ensure that delicate data, reminiscent of your Shopper ID and Shopper Secret, is saved safe and by no means uncovered in code repositories or logs. Use setting variables or a safe secrets and techniques supervisor to deal with these securely.

I’ve put mine inside a separate folder referred to as “Okta/JWT” like this:

Now, let’s take a look at the small print for the DevRel request. The “issuer URL” is the URL. Make certain that “/v1/token” is appended on the finish. Click on on the “Auth” tab and set the authorization sort to “primary.” For the “username,” use your “consumer ID.” For the “password,” use the “consumer secret.”

Click on on the “Question” tab and set the next URL arguments: 

Set “grant_type” to “client_credentials”. Set “response_type” to “token.” Set “scope” as applicable to your software.

Click on on the “Headers” tab. Add a header referred to as “Content material-Sort” with the worth “software/x-www-form-urlencoded.” The end result appears to be like like this:

Now click on “Ship,” and it’s best to see one thing like this:

Trace: A JWT can comprise a number of scope values. By minting a JWT with a number of scopes, you may seemingly use that very same JWT for all providers that you simply intend to name. I’ve created a variable in my “base setting” referred to as “all_scopes,” which accommodates all of my scopes. So, the URL arguments in my JWT request definition truly seem like this: 

And in my “base setting”:

Repeat these steps for the opposite two requests (for Staging and Manufacturing). 

Secured Request

For this subsequent part, I assume you have got an endpoint that requires a JWT of your individual. Setting this as much as entry one in all my providers won’t be just right for you, as you seemingly haven’t been licensed to entry my providers. That you must do that to your personal providers.

Let’s use a JWT in a request to a secured endpoint.

First, we’ll try this with a easy answer utilizing copy/paste with the token. Utilizing this methodology is gradual, tedious, and error-prone. Create a brand new request together with your secured URL. Click on on the “Auth” tab to open the authorization choices. Choose “Bearer”.

Out of your “fetch” request, copy the “access_token” worth and paste that into the “token” area for the “Bearer” authorization tab. You don’t want to offer a prefix. Insomnia makes use of the default worth of “Bearer “ for that prefix. 

You must now be capable of “Ship” your request and get a profitable response.

Utilizing a Variable

On our method in the direction of a greater answer, let’s put that very same token worth right into a variable. Go into the “Base Surroundings” dialog and create a variable named jwt_devrel. The worth is identical JWT that you simply utilized in your endpoint request.

Again to the secured endpoint request, change the token with a variable. Begin by clearing out the worth that you simply entered earlier. With the cursor nonetheless within the “token” area, begin typing jwt (or press control-space). There shall be a popup, and you’ll choose the jwt_devrel variable. 

As soon as once more, it’s best to be capable of “Ship” your request and get a profitable response. 

Variables and Surroundings-Particular Contexts

 This endpoint request is presently “hard-coded” to make use of the JWT for the Growth and Launch safety area. Having created JWT requests earlier for every safety area (correctly) implies that we are going to be utilizing the right JWT (devrel, stg, or prd) for the chosen setting.

 Begin by creating two further variables within the “Base Surroundings” dialog for jwt_stg and jwt_prd like this:

You possibly can depart the extra values empty for now.

 For the secured request above, we “hard-coded” which JWT to make use of (jwt_devrel). Nonetheless, variables may be “chained” (or “nested”).

 Variable names may be referenced nearly wherever. There are three locations to outline a variable. So as of priority, it first checks the folder-specific setting. If not discovered there, it then checks the present sub-environment (as chosen within the setting drop-down). 

Lastly, it checks the “base setting.” If the worth accommodates a (nested) variable, then the method begins over for that portion of the worth that contained the variable. (If a variable can’t be resolved, then an error will happen for the null worth.)

Placing this into motion for our secured requests, the bearer token worth would be the variable jwt. The sub-environment will outline jwt to level to one in all jwt_devrel, jwt_stg, or jwt_prd. The ensuing jwt_devrel, jwt_stg, or jwt_prd shall be outlined within the base setting. In an image, here’s what we’re doing:

Return to every of the sub-environments that we created in the beginning and add a brand new variable referred to as jwt and set the worth to one in all jwt_devrel (for the Growth and Launch environments) or jwt_stg (for the staging environments) or jwt_prd (for the manufacturing environments). A few samples will seem like this:

Lastly, replace the request’s authorization worth to jwt (permitting the sub-environment choice to correctly chain to the specified worth). Nonetheless, you should first choose one of many sub-environments within the drop-down, or Insomnia won’t be able to resolve the reference.

We’re nearly there. The request references the variable jwt. The sub-environment resolves jwt to the corresponding security-domain variables, jwt_devrel, jwt_stg or jwt_prd. That final worth is outlined within the base setting to comprise the precise JWT.

Mechanically Regenerating the JWT

 The JWT (for jwt_devrel) generated above was legitimate for about two hours. Hopefully, it’s nonetheless present, relying on how rapidly you have got labored by this information. However sooner or later, the JWT will expire. 

What we’re about to do is to have Insomnia routinely refresh the JWT solely when wanted. A JWT won’t be refreshed when it’s nonetheless present however shall be refreshed upon expiration. That is the purpose that we transfer from banging sticks and rocks collectively to utilizing the facility of Insomnia as a extra superior instrument. That is the place Insomnia will excel over another instruments (like SoapUI).

 Let’s assessment how you can get a recent JWT:

• When wanted.
• Run the “fetch request that we created in the beginning.”
• From the response, copy the worth from the “access_token” into the worth for the jwt_* variable.

Listed here are the steps to automate that course of:

1. Open the “Base setting” dialog.
2. Delete the contents of the jwt_devrel variable and place the cursor within the (now) empty quotes.
3. Sort control-space to seek for a variable.
4. Begin typing “response” and wait.
5. From the popup record, choose “Response – Physique Attribute.”

The worth shall be changed with an orange placeholder. Double-click on that orange placeholder.

The following dialog that seems is the important thing to automating the JWT refresh.

Click on on the “Request” area (3^rd possibility) and choose the request that corresponds to fetching a dev/rel token:

Click on on the “Filter” area and kind: “$.access_token” (precisely).

Set the refresh set off to be when the prevailing token expires.

Set the TTL (time-to-live) or allowable age for a token. That is set manually on this enter. For 2 hours, the worth is 7200 seconds.

(Non-compulsory) Click on on the “refresh” icon to check the refresh. The end result must be what seems to be a JWT.

And also you’re carried out (for the Dev/Launch tokens)!

Repeat this similar course of however for the staging and manufacturing equivalents.

These are among the essential areas of Insomnia that I’ve explored and located to be helpful. 

Conclusion 

To wrap issues up, whereas Postman has been the primary and hottest selection for API testing for a very long time, Insomnia is gaining momentum to turn into a favourite for a lot of builders, and for a great cause. Its easy, intuitive interface and highly effective options — like straightforward setting administration, built-in debugging, and assist for plugins — make it a fantastic selection for anybody seeking to work extra effectively. 

Insomnia isn’t simply an alternative choice to Postman; it typically gives a smoother, quicker expertise, particularly for those who’re searching for one thing light-weight and versatile. Whether or not you’re coping with REST, GraphQL, or gRPC, Insomnia has the instruments to maintain you productive. For those who haven’t tried it but, it’s price trying out — your improvement workflow may simply thanks for it.