What’s Postman
Postman is a widely used platform that facilitates interaction with APIs. Originally designed for testing APIs in development environments, it has become a powerful tool for exploring and managing API requests in both individual and collaborative workflows.
Postman is a commercial product, and while it’s possible to use it for free, some of its features are only available in paid plans. We’re in the process of writing a chapter using Bruno as an open source alternative to Postman. The interface and workflow are very similar, so the concepts and exercises in this chapter will be applicable to both platforms. We strongly encourage you to try both and see which one works best for you. :)
One of Postman’s major strengths is that it enables users without programming experience to interact with API services in a comprehensive and structured way. Users can send requests to read, write, update, and delete information from an API, all through a visual interface. This includes managing authentication credentials securely (even OAuth), defining public and secret variables, configuring headers, adding parameters, and submitting body content in various formats (form-data, binary, raw JSON, GraphQL, etc.).
Postman Applications
Postman is available as a desktop application and as a web platform. While both offer powerful features, the combination of the two provides the best experience:
- The desktop app handles sensitive operations such as managing secrets and authentication tokens locally.
- The web interface supports real-time collaboration, making it ideal for team-based API design, testing, and documentation.
When used together, Postman offers a seamless way to experiment with, document, and share API workflows, and without writing a single line of code.
This is largely a design decision, but it’s also an important security feature. By keeping secrets and credentials on the desktop client, rather than the web interface, Postman ensures that each user interacts with an API using their own credentials, rather than sharing a common set of keys.
This approach enhances security and allows for granular control over user actions, enabling organizations to manage permissions more effectively and reduce the risk of unauthorized access.
Do I Have to Use Postman to Work with APIs?
Postman is a popular, user-friendly tool, but it’s not the only way to interact with APIs. In fact, open-source alternatives like Bruno and HTTPie may be better suited for some users, especially those who prefer tools that don’t rely on web synchronization or who want more control over their workflows.
We’ve chosen Postman for this workshop because of its flexibility, feature set, and beginner-friendly interface. However, the core concepts and workflows (such as sending requests, handling authentication, and organizing collections) are largely shared across platforms. Once you understand how APIs work, you’ll be able to adapt to other tools with ease.