If you have a Postman Collection for an API, you can configure an API target from that Postman Collection for Probely to scan the API.
The configuration involves the following steps:
Prepare the Postman Collection
Configure an API target using a Postman Collection
(Optional) Configure the API target with Postman Environment variables
The following sections describe these steps in detail for an example of a Postman Collection with the following requests:
Authenticate and obtain an authentication token
Needs a username and a password in the request body
Get a list of users
Needs the authentication token in the request header
Get user details
Needs the authentication token in the request header
Needs the user identifier as a parameter
Step 1: Prepare the Postman Collection
Prepare the Postman Collection to run the sequence of requests from start to end without errors, so it can be exported to configure an API target in Probely.
Let's start by creating some auxiliary variables for the authentication, in the Variables tab of the collection.
For our example, we have the following variables:
username
: the hardcoded value of the username to obtain the tokenpassword
: the hardcoded value of the password to obtain the tokentoken
: the variable to store the authentication token
To obtain the authentication token, go to the authentication request and, in the Body tab, set the payload with the username
and password
variables.
To store the returned authentication token in the token
variable, go to the Tests tab of the authentication request, and add the following JavaScript:
var jsonData = pm.response.json();
pm.collectionVariables.set('token', jsonData.access_token)
With the token configured, add the token
variable to all requests, in their Headers tab.
In our example, the request to obtain user details needs the user identifier as a parameter. We could pass a hardcoded value, but since the previous request returns a list of users, we will use the first one from the list, as follows:
In the Variables tab of the Postman collection, add a new variable called
user_id
To set the variable value, go to the request that gets the users list and, in the Tests tab, add the following JavaScript:
var jsonData = pm.response.json();
pm.collectionVariables.set('user_id', jsonData.results[0].id)Finally, go to the request that gets the user details and pass the
user_id
variable as a parameter
With all requests configured, run the collection to test it and, if there are no issues, export the collection.
Step 2: Configure an API target using a Postman Collection
After the Postman Collection is prepared and exported, add an API target (see How to configure and scan an API), and ensure that you:
Select API and select "Postman Collection" in API Type.
Tick the Postman Collection schema upload radio button.
In File, choose the file exported from Postman.
Press ADD, and the API target should be added and ready to be scanned.
Step 3: (Optional) Configure the API target with Postman Environment variables
If the Postman Collection uses variables defined in a Postman Environment, some further configuration to the API target is necessary:
Go to Postman and export the Postman Environment to a file
Get the Python script to import the Postman Environment variables to Probely
This script can be found at Probely's GitHub: https://github.com/Probely/API_Scripts/blob/master/import_postman_env.py
Run the Python script and provide the following values:
Go to the Postman Environment Values section of the API target to see the newly added environment variables or, if already on the page, just refresh it