Postman request - how to get data from endpoint based on API documentation - api

I want to retrieve data from a data warehouse that has a web-based API, I need to use an API key for authentication and use the GET / Customers command to retrieve the list of customers data, but when I am using that same thing in postman, it's returning the same documentation page of the data warehouse?
I am new to this any help will be really appreciated.

The URL doesn't look valid:
You need a base URL, endpoint, http method, authentication scheme, and credential or a token etc.
I don't know details about your system and API, so let's see an example:
base url is https://stackoverflow.com; your current base url is localhost:4444, is your server running on your machine? If so, it might be correct, but I assumer you're talking about a server running somewhere else, not on your computer
endpoint (path parameter) is /questions/69883697, in your case /customers
http method is GET and you find it here in Postman; it also means it will not go into query parameters where you put it:
authentication scheme - your docs mentions an api key that goes into a header called Authorization, so you have to set it in Headers, not as a query parameter:
Read carefully what's on your screen, Postman uses the same language as your API documentation, so if your doc speaks about headers, you need to go into Headers tab in Postman.

Related

How customize API url in Postman?

Is it possible to customize URL for client ?
In detail, currently working on API project where I need to give API url, suppose actual URL like this
https://XYZ.ie/TA/sdv/sbhdv/j/ksd/filter=%sdvnj3d'2343'
Now I don't wish to show the actually locations and parameters names, also the actual URL is to long. so I'm willing to customize like
https://example.com/j/sdvn='23423'
so client would call above URL and initial URL could trigger.
I tried by changing the current values of variable in postman, didn't work.
Also would like to ask, does postman token expires after certain period?

Salesforce Commerce Cloud Ocapi

I am working on the open commerce api on SFCC, I found out something weird and wanted to know why.
When making a get request from the Shop api, the Bearer is not compulsory but on all other requests (patch, post, put, delete...) the Bearer is required.
Anyone knows why ?
The GET requests only fetches data without any modification to the data. All other request methods are usually used to modify data in the backend:
POST -> Create resource
PUT -> Update resource with replace
PATCH -> Partially update resource
DELETE -> remove resource
Also see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
For that reason you have to authenticate with the OCAPI if you are using one of these methods.

Is an authorization header required by the azure storage shared access signature (SAS) REST API

I need to read/write an azure storage table.
The client program is configured to use a shared access signature to read/write remote azure table.
Can anyone give me a good example of how to construct the authorization header in order to use the sas?
I am getting HTTP error code 403.
Microsoft documentation specified that all the rest API will have to be embedded with an authorization header. By default, the documentation suggests that I can use the storage account access key to generate the HMAC-SHA code for the authorization header. I think I am missing something here.
The whole idea of using a shared access signature (SAS) is to protect the storage account access key. At the same time, the doeumentation seems to suggest that the storage account owner needs to provide the account access key so the client can use the access key to generate the HMAC-SHA code. What am I missing here? can anyone shed some light here? Thanks,
If you're using sas_token in the request url, then you don't need to provide Authorization in the header.
How to check which header should be provided? in the related api page -> go to the Request Headers section -> check each header, if the header is required, then it will be described in it's Description. Here is a screenshot for your reference:
Here are the steps to query entities by using sas_token:
1.Generate sas_token from azure portal. You can refer to the screenshot below:
2.Check which header are required, as per query-entities -> request-headers, we know x-ms-date is required(Authorization is not required here since we're using sas_token). You can provide a value for x-ms-date, like Wed, 13 Jan 2021 01:29:31 GMT.
If you don't know how to get the value for x-ms-date header, you can open powershell -> type Get-Date command -> then it will generate the date:
3.Prepare the request url with sas_token, like below:
https://xxx.table.core.windows.net/testtable(PartitionKey='a1',RowKey='r11')?sv=2019-12-12&ss=t&srt=sco&sp=rwdlacu&se=2021-01-13T09:24:58Z&st=2021-01-13T01:24:58Z&spr=https&sig=xxxxx
4.Use some tools like Postman, send the request with proper header. Here is the test result by using Postman:

JMeter: auth2.0 Authentication Process (B2C Architecture)

Steps:
Hitting the website- It is being redirected to an URL which contains parameters such as STATE, NONCE and CLIENT-REQUEST-ID which are dynamic.
So, in JMeter, I am unable to fetch those values as those are coming directly in a HTTP request.
Any Idea, how to fetch it?
While clicking on sign in with credentials, authentication process is happening which is generating a token id.
Then in next request, redirects occur and same kind of URL is achieved (as in step1). Again same parameters are passed.
And with this request, Access token is generated.
I am unable to fetch those parameter (nonce, state, client request id). Is there anything we can do?
According to Microsoft, client-request-id is optional (so you can probably just leave it off) and if I read this right is generated by the client. So you may be able to just generate a random GUID in JMeter.
If you're being redirected to an URL which contains the parameters you're looking for you should be able to capture them from the sub-sampler
using a suitable Post-Processor like Regular Expression Extractor
Also some values like consumer key are static and never change and some values like nonce are random
If you don't need to load test the OAuth login challenge itself you can ask developers or administrators to provide you a permanent token which you can send in the Authorization header using HTTP Header Manager
Yes, you are correct but in my case I am not getting any sub-sampler(s).
That's where trouble lies!
Also, those parameters are coming from 3rd Party which is hosting the site(not in the hands of Devs)..
The whole process I am doing is for load testing.
So, any thing you wanna add for this?

Use authentication token in follow-up requests in Postman

My app API requires authentication via an authentication token. In short, we send a request to a /authentication endpoint and it responds with a JSON object containing a token, like:
{"token": "xxxxxxxxxxxxxxxxxxxxxx"}
Every other API endpoint in our application requires an authentication header containing this token. Now, in Postman it's possible to do the authentication request, copy the token, open the next endpoint and paste the authentication header in manually. But this becomes tedious and time-consuming when testing lots of endpoints.
Is there a way to have Postman save and automatically add the authentication token from one request in any follow-up requests?
Even better, could Postman automatically send the /authentication request prior to any of the other requests?
Postman allows you a wide variety of options when crafting API requests.
In your case, You can create a global variable for your token when you receive it by:
var jsonData = JSON.parse(responseBody);
postman.setGlobalVariable('token', jsonData.token);
This would go in your Tests tab, in order to execute this script after your request has been completed.
Now, a global variable token is set and can be accessed using {{token}} syntax in the following API requests you make.
I'll demonstrate it to you regarding the same, with a similar example:
1. Save the data of latitude and longitude into the global variables lat and long.
2. Reuse the data by referring to the name of the variable, i.e. lat and long by enclosing them within curly braces like {{lat}} and {{long}}.
You can also manage these global variables, by clicking on the gear icon in the top right corner, and selecting manage environments then opening the Globals tab.
Tip: You can also, save the request to obtain the token into your collections, so that each time, you don't have to craft the URL to obtain the token.