I have the following API downloaded in JSON from Swagger Editor:
PUT http://10.37.64.243/m2m/fim/items/fim:device:manager/operations/getAllDeviceTypes?exclude={{exclude}}
with exclude being an environment variable set as : href,metadata,name,arguments
Nominal use requires basic authentication, in this case it works and I get a JSON body with expected result. It properly works in Postman (so I think my import is correct)
If no authentication is provided:
in Swagger Editor : nominal behaviour, request is rejected with error code 401
in Postman : UNEXPECTED behaviour, I end up with status code 200 and it returns a response body identical to the one that I get when authenticated
if I generate the cURL code snippet from Postman and launch it out of Postman: nominal behaviour, I get the same error as the one I get in Swagger Editor (the one expected)
Why do Postman behave differently from the cURL request ??
I probably do something wrong, but I can't figure out what
Thanks for any help
Alexandre
I finally found out that the server returns a cookie that holds authentication validation. So after a valid authentication, whatever the request (with or without authentication) it will be considered as authentified.
Unfortunately, the only way to overcome that problem is to remove the cookie by hand through the "Manage cookies" window. Postman does not implement a function that erase it (even through the pm.cookies and pm.cookies.clear() function).
Postman developpers are aware of that, but there's no scheduling for this feature ...
EDIT: the feature is followed here https://github.com/postmanlabs/postman-app-support/issues/3312
Related
I'm trying to integrate Google reCAPTCHA Enterprise (without checkbox) into Vue3 based SPA.
JS is loaded in <head> tag as in the example in documentation. I see that reCaptcha code is successfully downloaded and launched, badge at the bottom of the screen stating that site is protected with reCAPTCHA is shown with no warnings.
I can request a token using grecaptcha.enterprise.execute(...) and I get the response as expected. Token seems to be "normal" and it's value is different on each request.
Then I send the token to backed and backend tries to verify it using plain REST API (same as in REST example in documentation, based on plain cURL example).
The response that I get always gives the same result:
"valid" => false
"invalidReason" => "DUPE"
Documentation does not really explain what this 'DUPE' reason means and how to avoid it. Does anyone have any clues what it really means and how to avoid it?
I've tried 3 types of site keys: test keys with low and high score, and "real one" ("test" unchecked).
I've tried 2 different browsers: Chrome and Firefox, both in normal and incognito mode.
I've tried just to wait for 3 hours (in case if I've hit some rate-limiting).
The result is always the same - invalidReason: DUPE
The DUPE reason means that (docs):
The user verification had already been seen.
In practice this means that once you received a token back from execute it was sent to the projects.assessments.create endpoint twice or more. The token will be assessed as valid the first time it is evaluated, but for any subsequent assessment calls with the same token it will come back as invalid with the DUPE reason.
I am trying to set a request after a certain request in postman, but It is not working as I want it to be. I have read through Postman documentation but got no luck. Plus, how do I get postman's request ID?
I am using the given JavaScript in the Test tab, and in postman documentation it says it should work. But no luck.
postman.setNextRequest('Login');
postman.setNextRequest('Login') will work only inside the Runner. Also, the requests need to be in the same Collection.
Even if the request is in another folder (while still in the same collection), you can reference it in setNextRequest(), without having to specify any folder.
And to answer your second question, "how to get the Postman Request Id?"
Use this pm.info.requestId which will return string value, you may set that in environment variable as well, like pm.environment.set("rID", pm.info.requestId)
I am getting familiar with both Postman and SoapUI. I already have a doubt. When I make a GET call with from the postman-echo service, I get slightly different responses shown to me in Postman and in SoapUI.
In particular, in Postman I get
"postman-token": "1ef2b330-3a46-4681-a304-d72f020cb194"
This field-value pair is not shown by SoapUI.
Can anyone explain me the apparent difference?
The parameter postman-token being added while you send a request from Postman. So, it's a custom parameter, you cannot expect it to be present with other tools.
If you check Postman doc of General settings They have explained what is that param is for:
This is primarily used to bypass a bug in Chrome. If an XmlHttpRequest
is pending and another request is sent with the same parameters then
Chrome returns the same response for both of them. Sending a random
token avoids this issue. This can also help you distinguish between
request on the server side.
You can disable it from Postman settings. Goto Settings > General > Send Postman Token header.
I have a django app built with graphene and I have a problem running a simple POST query for the GraphQL endpoint, it keeps returning a 400 Bad request syntax.
but it should work since I don't have any problems running the query from the endpoint http://localhost:8000/graphql-dev
and I can't see any issues in the way I send the postman request.
I looked online for suitable solutions but couldn't find any that would help.
Any help/tips would be greatly appreciated.
EDIT:
I still didn't manage to see why I'm having this issue with postman, but here are some observations:
first, i changed the request to GET (since in graphql, query is for GET and mutation for POST - sorry, I missed that)
I tried the same request with postman (which didn't work) and with insomnia (which did)
with postman
with insomnia
What's weird is that if i check my django console the requests look the same.
EDIT2: okay, I figured it out...removing the Content-Type application/json did the trick. Now it works with postman as well.
I am trying to setup a simple API test against a local endpoint. I have create the sample API (phone number lookup) and that works fine.
http://192.168.1.11:8080/api/simpleTest is my endpoint and the WSO2 service also runs on 192.168.1.11 ... but when I test it in 'publisher', it always fails. This is a simple GET with no parameters.
I can run it from a browser or CURL (outside of WSO2) and it works fine.
Thanks.
I assume you talk about clicking the Test button when providing Backend Endpoint in API publisher.
The way that Test button works at the moment (as far as I understand) is that it invokes HTTP HEAD method on the endpoint provided (because according to RFC 2616, "This method is often used for testing hypertext links for validity, accessibility, and recent modification.")
Then it checks response. If response is valid or 405 (method not allowed), then the URL is marked as Valid.
Thus sometimes, if backend is not properly following RFC, you might get otherwise working URLs declared as Invalid during the test because of that improper HEAD response evaluation. Obviously, this is just a check for your convenience and you can ignore the check if you know the endpoint works for the methods and resources you need it to work.
P.S. Checked it on API Cloud but behavior is identical to downloadable API Manager.