Restrict some HTTP Methods on Postman - postman

I need to restrict some of the HTTP Methods like PUT, POST and DELETE for my one of the environment. Is it possible in POSTMAN ?
This will help me in avoiding mistakes of doing POST,PUT or DELETE on my one of the environment.

You could add a variable to the Method dropdown - Add {{METHOD}} to the field and than add the same variable name in your environment file with the value you want?
You could also just delete the Methods you don't want to use from the dropdown, these can just be added in after, if you need it again.
https://learning.postman.com/docs/postman/customizing-postman/#customizing-request-methods

Postman does not provide any in-built functionality like this. However, you can use pre-request scripts for this. Write this in your pre-request script of the API you want to limit certain request methods-
var request = pm.request;
if(request.method.includes("POST") || request.method.includes("PUT")){
console.error("Inavlid request method");
throw new Error("Invalid request method");
}
The drawback of this approach is that you need to copy-paste this in every API's pre-request script. If you want to bypass that, you can cache this entire code into a postman variable and just eval that variable in every API. Steps-
Create an environment variable in your postman with this name as "my-script" and value as-
() => { var request = pm.request;
if(request.method.includes("POST") || request.method.includes("PUT")){
console.error("Inavlid request method"); throw new
Error("Invalid request method"); }}
Now just copy and paste this line in every pre-request script in your collection-
eval(pm.environment.get('my-script'))();

Related

Postman - access URLs from collection in a scrip

I want to chain some requests in order to always have an up to date variable containing a JWT for access.
Now i am new to scripting in Postman, i figured this can be done in pre-request scripts. There i can access (global / environment) variables, but i wonder can i also access a saved request from a collection in a script?
The saved request has body and header set, partially with environment vars.
Environment and collection variables can be accessed like this, i know:
pm.environment.get('some_var')
pm.collectionVariables.get('name')
This is the snippet provided by Postman
pm.sendRequest("https://postman-echo.com/get", function (err, response) {
console.log(response.json());
});
Is there a way so i can do something like
pm.collection.url.get('obtain_jwt')
if i have a request called 'obtain_jwt' in a collection?
Or do i have to store the URL as a variable as well and again fill body and header in the script? (which i want to avoid)
I don't think it's supported in Postman the way that you're thinking, it's a feature that's been an ask for a long time:
https://github.com/postmanlabs/postman-app-support/issues/4193
You'll need to fully construct the request in the pre-request script or you might be able to leverage setNextRequest

Clearing Cookies Programmatically is not working in Postman and Newman

I need to be able to delete cookies automatically in between requests when they I run my collection of requests in Newman and Postman Runner (mainly Newman).
I followed the suggestion given in this comment by a person from Postman: https://github.com/postmanlabs/postman-app-support/issues/3312#issuecomment-516965288.
But it is not working.
The answer to these two SO questions also tell the same way to go about doing this: Postman: How do you delete cookies in the pre-request script?
Deleting cookies in postman programmatically
Here is the code that I use that the sources above suggest to place in the pre-request script:
const jar = pm.cookies.jar();
jar.clear(pm.request.url, function (error) {
console.log("Error: ");
console.log(error);
//handle error
});
[Note: error is logged as null when I run this code]
I have tried this code many times and also many different modifications of that code. I do white-list the domain too. But I always get the wrong response in the request. When I clear the cookies manually (using the cookie Manager UI dialogue box), the request gives the right response. I need help in determining where the problem could be for me in deleting cookies programmatically.
I also tried this to see what the cookies that I am deleting are:
jar.getAll(pm.request.url, function (error, cookies) {
console.log("Cookies:");
console.log(cookies);
console.log("Error: ");
console.log(error);
});
Here cookies is an empty array. Perhaps that is the problem. But that is very weird since when I check Cookie Manager manually, there are many cookies shown. And once I delete the cookies manually the requests return the right responses.
Another question I had was: What is the purpose of the callback functions that take 'cookies' and 'error' as arguments in the code above. Are these functions called everytime or only under certain conditions? Could not find the purpose of the callback functions in the postman documentation: https://learning.postman.com/docs/postman/sending-api-requests/cookies/
Thank you
If the cookie has "httpOnly" or "secure" header, you can't delete them via script in postman. jar.clear clears all the cookies except these httpOnly and secure ones.
I think this is a bug and needs to be fixed by Postman. If this is intended, there should be a setting in Postman to activate or disable it.

Postman pre-request script iterate over request body JSON

I am sending raw POST request with application/json data to server in Postman. I need to work with this JSON object and append some data in pre-request script. However I can only find how to access environmental variables, not request body. Anybody knows, please? Thanks!
"I can only find how to access environmental variables, not request body"
You can access request body in Pre-request Script via pm.request.body.
Unfortunately, you cannot change it through script (at least not supported in Jul. 2018). Please check this thread for some previous discussion.
However, there is a workaround: you can make the whole request body use environment variable, such as {{reqBody}}, and edit that variable in Pre-request Script panel. For example:
var defaultReqBody = {
a: 42
};
//Edit defaultReqBody ...
pm.environment.set("reqBody", JSON.stringify(defaultReqBody));

Postman: How do you delete cookies in the pre-request script?

All the postman cookie-management answers I've seen refer to either the browser extension (open chrome, delete cookies viz interceptor etc) or with the app, using the UI to manually manage cookies.
I would like to delete certain cookies in my pre-request code as part of scripting my API tests. (delete them programmatically)
The Sandobx API docs mention pm.cookies so I tried
if (pm.cookies !== null) {
console.log("cookies!");
console.log(pm.cookies);
}
But the pm.cookies array is empty. Yet in the console, the GET call then passes a cookie.
There's also postman.getResponseCookies, which is null (I assume because we're in the pre-request section, not in the test section)
One answer suggested calling the postman-echo service to delete the cookie. I haven't investigated this yet, but it doesn't feel right.
new version now supports that since 2019/08, see more examples here: Delete cookies programmatically · Issue #3312 · postmanlabs/postman-app-support
Prerequisite
Cookie domains to be given programatic access must be whitelisted.
clear all cookies
const jar = pm.cookies.jar();
jar.clear(pm.request.url, function (error) {
// error - <Error>
});
get all cookies
const jar = pm.cookies.jar();
jar.getAll('http://example.com', function (error, cookies) {
// error - <Error>
// cookies - <PostmanCookieList>
// PostmanCookieList: https://www.postmanlabs.com/postman-collection/CookieList.html
});
get specific cookie
const jar = pm.cookies.jar();
jar.get('http://example.com', 'token', function (error, value) {
// error - <Error>
// value - <String>
});
According to the documentation pm API reference the pm.cookie API is only for the Tests tab, not for the Pre-request Script.
The following items are available in TEST SCRIPTS only.
pm.cookies
...
It seems that you will have to stick with this method : Interceptor Blog post
I know this is a very late answer, but for my case where I didn't want to use the cookies to start the execution of the collection, I just needed to uncheck the option "Save cookies after the collection run" and check the option "Run collection without using stored cookies" on the Runner panel.
And then if I want to manage the cookies on my own, I created a first request on the collection and used the Tests tab just to collect the cookies that I wanted and saved them on a variable.
pm.environment.set('cookie', pm.cookies.get('csrftoken'))
pm.environment.set('sessionid', pm.cookies.get('sessionid'))

Can we Pass username/pass instead of SessionID in Magento SOAP

I dont want to pass the session Id every time to get or update the information using SOAP. Because for that I would have to run a separate request every time to get the session ID. Isn't it possible to provide username/pass everytime before running a SOAP or just once per session??
Thanks,
Yep this is doable, but it will be some work to do:
You should create an custom Server Handler by overriding the default one.
Create a Handler.php file in -magentopath/app/code/local/Company/Api/Model/Server/Handler.php
Override the call method.
class Company_Api_Model_Server_Handler
extends Mage_Api_Model_Server_Handler
{
public function call($sessionId, $apiPath, $args = array())
{
$sessionId = $this->login($args['username'], $args['password']);
parent::call($sessionId, $apiPath, $args);
}
}
In this way you cand send null for $sessionId, and make an login with the needed credential on the server side.
I do not suggest this approach at all, but as a workaround it could work.