Disparate, unconnected tools hindered productivity
Prior to Postman, individuals on the PingOne team were using a variety of different tools from different vendors to interact with and manage API information. This made it difficult to standardize processes and improve team efficiency. A few on the team had some experience with Postman, but the shift really came when Ping Identity hired QA engineer Gideon McKee, who advocated for using Postman across the PingOne organization.
Postman enables quick access to our APIs for exploratory testing. The platform’s ease of use helps everyone get what they need quickly and reduces much of the manual overhead.
With Postman, the PingOne team’s developers could easily access and run various parts of the API without having to write the requests themselves, while the QA engineers could conduct testing by hitting the API endpoints without having to create and run custom commands. Postman not only unified API operations for PingOne, but it also offered a user-friendly tool that helped everyone get more done.
From Gideon’s perspective, Postman was rapidly becoming a leading API platform on the market, and as such, it was a sure bet for establishing robust API operations over the long term. He had even been advised by recruiters that familiarity with Postman was a must-have skill for API QA job seekers today.
If a QA job candidate mentions Postman, that means that they're paying attention to their tools and using the latest and greatest.
At the heart of the PingOne hub: Postman Collections
PingOne’s API powers the platform’s wide range of microservices, which include registration, account recovery, and multi-factor authentication. The PingOne team stores API information in Postman as Postman Collections; each collection is a group of requests that represent a workflow for a particular microservice. The team can create a logical file structure and attach extensive detail to each collection (including markdown) for convenient user reference and education. This helps streamline developer onboarding to the PingOne APIs, giving both customer and internal teams one source of truth to access and explore essential information related to each API.
Postman enables us to build robust collections that make it easier for any of our API users—developers, QA engineers, and customers—to understand and use our API.
PingOne maintains individual collections for internal use; however, customers can access a master collection that includes all the microservice calls they need to integrate the API into their applications. This master collection is maintained by the documentation team, which uses Postman’s automated API documentation feature to generate customer-facing docs. A Run in Postman button in the PingOne docs enables customers to easily import the collection to their Postman workspace in one click.
Setting up for automated testing on Postman
Prior to delivering the API to end users, the PingOne team runs extensive testing using Postman’s automation features. Postman environments enable the team to run requests and collections against various data sets associated with different runtime environments, such as development, staging, and production.
In addition, the team set up variables in Postman that allowed them to store and reuse values, so that commonly used data can be automatically passed between requests, collections, and environments. Variables were notably helpful for two values in particular:
- UUIDs: UUIDs are unique identifiers that are returned when creating or updating API resources. UUIDs are very long text strings, which can be tedious to copy and paste into each request.
- OAuth tokens: OAuth tokens are similarly lengthy shared strings that need to be pasted into the auth header of each request.
Storing values such as UUIDs and OAuth tokens as variables means that when Ping Identity QA engineers switch environments or build new collections, they don’t have to worry about repeating time-consuming manual steps. They can simply reference the variable, and Postman automatically inserts values where needed. If the engineers want to update the value, they only have to change it in one place. Variables have helped the Ping Identity team to work more efficiently and minimize the likelihood of error.
Using variables in Postman helps us better manage complex testing flows without having to think about the mechanics of making each request.
Adding dynamic behavior to requests and collections
For example, one script automatically grabs the UUID from a response, saves it as a variable, and inserts that UUID into the URL of the next request. Another script uses an OAuth variable to automatically set a token when running the “Create User” collection and saves the user ID returned as another variable. The user ID can then be automatically referenced in other calls associated with that user, such as to delete the account or update user information.
A more complex script uses PKCE, a security extension to OAuth 2.0, to run a cryptographic function that applies a transformation against a random string generated during a particular authentication request and then includes it in a following request.
By automating complex logic (as well as simple manual tasks) with scripts in Postman, the Ping Identity team is more productive and efficient.
Postman allows for more complex edge cases that would just be harder to work with if you had to go through every step at a lower level.
Simpler workflows give everyone time back in their day
After centralizing API operations on Postman, the PingOne team has been able to improve overall speed and productivity across the board, from development to testing to documentation. Postman has helped simplify workflows through user-friendly automation tools and capabilities, allowing the team to get more done while worrying less about the details. Going forward, the team plans to automate more repeatable tasks and free up time to focus on higher-level concerns.