[HN Gopher] Show HN: Restfox - Open source lightweight alternati...
___________________________________________________________________
Show HN: Restfox - Open source lightweight alternative to Postman
Last time I posted this it didn't garner much interest. There have
been lots of improvements and fixes since the last release. Quick
list of features: - Workspaces - Tabs -
Nested Folders - Lots of context menus - Response
history - Plugins - Runs fully in the browser and runs
offline if necessary - Chrome and Firefox extension to bypass
CORS restrictions - Desktop builds for all platforms -
GraphQL support - Import collections exported from Postman
and Insomnia - Simple user friendly interface I built
this because I love Insomnia but wanted a portable version that I
could run in the browser. If you're tired of Postman's bloated
interface and slow startup times, do give this a try.
Author : kermire
Score : 506 points
Date : 2022-10-21 12:06 UTC (10 hours ago)
(HTM) web link (restfox.dev)
(TXT) w3m dump (restfox.dev)
| sphars wrote:
| Any chance of the ability to do web sockets? Postman has started
| supporting this recently (in beta) but I really don't want to use
| Postman.
|
| Any other suggestions for web socket testing clients also
| welcome.
| easrng wrote:
| hoppscotch can do websockets and socket.io and SSE
| kermire wrote:
| I definitely intend to add web socket support eventually.
| Meanwhile, there's https://socketfox.dev which I made for my
| friends. You can use it to test web sockets.
| nerdbaggy wrote:
| I have used https://github.com/Kong/insomnia for Websocket
| stuff
| LunicLynx wrote:
| I would recommend VS Code with RestClient extension.
| locusofself wrote:
| my needs are very basic, but I've been using vs code extension
| called ThunderClient
| Joeri wrote:
| Same here, I switched from postman and that combination is
| really all I need.
| duxup wrote:
| Yeah I realized that's all I need after a while.
|
| Nice to have a file with some calls to make right in the
| client. Can take those to an outside app if needed.
| [deleted]
| [deleted]
| jetter wrote:
| If you are a minimalist, and are using VS Code, try
| https://marketplace.visualstudio.com/items?itemName=humao.re...
| which is a pure text syntax to describe API requests, and execute
| them right from the editor window. I now have api.http text file
| in every API-first project I am building and I love it.
| kxrm wrote:
| I like this one because it's easy to keep API workflows with my
| projects. The scripting ability here is phenomenal. However
| only really useful if you code in VS Code.
| jiehong wrote:
| Jetbrains also provides a similar, albeit slightly
| incompatible syntax for the same thing.
|
| In the end, I think hurl [0] is nicer, because it's open
| source and it's a cli tool (and VS code also has a syntax
| highlighting plugin for it), making it editor independent.
|
| [0]: https://github.com/Orange-OpenSource/hurl
| SwiftyBug wrote:
| Do you have a single api.http file or do you you multiple
| {route}.http files?
| kxrm wrote:
| Not OP but you can store all your routes in one file or
| multiple, it's up to you.
|
| Personally what I do is I script out full API workflows in
| different files. So one file might login, then POST to add an
| object, then GET that object off an endpoint, then patch that
| endpoint, then trigger the GET object again.
|
| Another workflow might login, upload an image, get that
| image, etc. For me the scripting is what makes this
| appealing.
|
| But you could setup one file that documents and tests all
| your endpoints similar to Postman.
| barbazoo wrote:
| Postman is the new Dropbox in terms of useless features for the
| sake of growth or whatever.
| gregwebs wrote:
| I have been trying out https://hurl.dev and so far been really
| liking it. Plain text format, everything runs very quickly
| locally, it can capture data from previous requests to run
| workflows and serve as a testing tool.
| ushakov wrote:
| If you like hurl, you may also like Step CI, which uses yaml,
| generates tests from your OpenAPI spec and is easy to integrate
| with CI/CD
|
| Give it a try: https://stepci.com
|
| It's free and open-source on GitHub, built by the community!
|
| Disclaimer: I'm the original author
| stonecharioteer wrote:
| Nothing to take away from all of this, but please learn cURL.
| Postman and all its alternatives are great and all, but they also
| hide a lot of things that will hinder your debugging skills. As
| an alternative try httpie. Not because CLIs are cool but because
| you can see the headers and the raw response more easily.
| Developers need to understand what content type is, what response
| headers are, how to limit them, how to tweak them. And the
| snippets that Postman provides are not always the right way to
| send requests in a given language
| cercatrova wrote:
| I like xh as a faster httpie as well
| Sohcahtoa82 wrote:
| I'd take Burp Suite over cURL.
|
| The command line fucking SUCKS for sending anything beyond
| basic HTTP requests.
| [deleted]
| si1entstill wrote:
| I switched to "vscode-restclient" about a year ago and never
| looked back. It has variables, everything is saved as text, and I
| can commit my request suite to source control for collaboration's
| sake.
|
| https://github.com/Huachao/vscode-restclient
| mrcaramelpants wrote:
| Nice, I wonder how it compares to hoppscotch.io
| kermire wrote:
| Previous reply: https://news.ycombinator.com/item?id=32671805
| odiroot wrote:
| I use https://kreya.app/. It is very lean and the only GUI client
| not using Electron, I could find.
| wiseowise wrote:
| There's also https://github.com/warmuuh/milkman.
| Aperocky wrote:
| > - Runs fully in the browser and runs offline if necessary
|
| Couldn't understand why this isn't the default.
|
| curl is always available and slapping a display layer on top of
| something like curl shouldn't need to talk to some backend
| server.
| ducktective wrote:
| >curl is always available
|
| curl is not installed by default in many distros
|
| Also, I don't think it's possible to call external processes
| from within the browser sandbox
| genghizkhan wrote:
| > curl is not installed by default in many distros
|
| Which ones (apart from alpine)? I thought curl was pretty
| much as basic as it got and is always there.
| flatiron wrote:
| I just installed Ubuntu using deboostrap and it did not
| come with curl (to my surprise)
| Aperocky wrote:
| On the top of the concept, not curl itself.
|
| If curl can run locally, so should all of these tools.
| [deleted]
| jhoelzel wrote:
| I like it but please dont make me right click to do something!
| please add a little plus or something like it.
|
| Otherwise great work! needs a little disclaimer though that you
| will not save any of my requests =)
| kermire wrote:
| Thank you. Will look into preventing the right click
| requirement and provide an alternative for that.
|
| It should be saving your requests automatically. Maybe your
| browser is blocking IndexedDB somehow? That's what's used by
| the application to store the data locally. Also do make sure
| you're not in incognito mode, as changes will be lost once
| you're out of it.
| iimblack wrote:
| Firefox private mode completely blocks indexeddb.
| progre wrote:
| I'm just now migrating my postman collections to .rest text files
| and the REST-client plugin for vscode (that name is both good and
| bad at the same time btw, it like marketing a new car and naming
| it "Car").
|
| Grantet it does not do everything Postman does but I'm pretty
| happy so far. Environment variables and secrets stays in a
| workspace settings.json and the .rest files can be version
| controlled and shared.
|
| Always bet on text!
| twodave wrote:
| This. My current hobby project[0] is basically something I
| started because I was frustrated with the inability to version
| control my tests in Postman alongside my API code. If it can't
| be committed to source control, then it's not really your code.
|
| Now I can run all my tests FAST locally and set up a CI/CD
| pipeline in about 15 mins that will pick up and run them as
| well. At this point I'm not even sure a UI is necessary (maybe
| for the QA folks--maybe just an import from a postman
| collection will be enough for them, though).
|
| [0]: https://github.com/davesheldon/nap
| [deleted]
| NayamAmarshe wrote:
| Why should I use this over https://hoppscotch.io ?
| tartieret wrote:
| how secure is hoppscotch.io?
| naikrovek wrote:
| well it runs in your browser but I don't know how it syncs
| between browsers.
| [deleted]
| simjnd wrote:
| Hoppscotch [1][2] (previously Postwoman) is also a very nice free
| and open-source Postman alternative.
|
| [1]: https://hoppscotch.io/
|
| [2]: https://github.com/hoppscotch/hoppscotch
| shubham_sinha wrote:
| Postman, Insomnia, Paw seem to fall in similar league. But if you
| are running VSCode simply use Thunderclient.
| Avlin67 wrote:
| it is completly garbage on mobile
| [deleted]
| philliphaydon wrote:
| I switched to insomnia when postman changed their pricing pulling
| the rug out from everyone wanting us to pay like $300 more per
| month. (Before they back tracked)
|
| https://insomnia.rest/
|
| I actually prefer it.
| datavirtue wrote:
| I have been using Thunder client in vs code. Love not having
| another app. Postman is horrible now.
| ako wrote:
| Same here, moved from postman to insomnia, now mostly using the
| rest plugin for visual studio code. Prefer using regular text
| files.
| anamexis wrote:
| I similarly use restclient.el on Emacs and love it.
|
| For those unfamiliar with these plugins, they allow you to
| simply write text files looking like: GET
| https://example.com/posts/5 Accept: application/json
|
| or POST https://example.com/posts
| Content-Type: application/json Authorization: Bearer
| abc {"title": "foo", "body": "bar"}
|
| and simply execute the requests from the buffer.
| mdaniel wrote:
| There's one built into the JetBrains editors, too. And the
| upcoming release is going to allow one to wrap very long
| URLs for better visibility and include fun things like
| "$random.email" in the request:
| https://blog.jetbrains.com/idea/2022/10/intellij-
| idea-2022-3... _(EAP releases are always free of charge, if
| one wanted to play with it right now; just please report
| bugs if you find them, as that 's the reason they're free)_
| raone1 wrote:
| Moved from Postman to Insomnia too. Postman was taking too much
| time to start and was very unresponsive compared to Insomnia,
| on my Work Laptop.
| judge2020 wrote:
| One thing I love from Insomnia.rest is the ability to import
| CURL commands, including an entire list of newline-delimited
| CURL commands from the clipboard. This makes it easier to
| modify XHR's you pulled from your browser via a right click ->
| "copy all as cURL (bash)".
| donkeyd wrote:
| Yup. Use this all the time, either when I want to automate
| something on an undocumented API, or if I want to do some
| basic security testing on API's at work.
| apocalyptic0n3 wrote:
| Postman can do this as well. I've been using this a bunch
| recently due to some project limitations and it has made life
| so much easier.
|
| ETA: I just tried the functionality on Insomnia and I have to
| admit the UX is nicer. Just paste into the URL bar. Whereas
| with Postman it's CMD+O, Click on "Raw Text", click in
| textarea, paste, press import. Insomnia looks to have added
| OpenAPI support too (it was missing it last time I played
| with it) so maybe it's time to re-evaluate Insomnia
| aliqot wrote:
| Postman's UI is cluttered
| apocalyptic0n3 wrote:
| I don't disagree. I've just been using it for so long (8
| or 9 years now I think) and it's so ingrained in my
| workflows that I haven't bothered to re-evaluate it in
| ages. This is probably the kick in the butt I needed.
| aliqot wrote:
| The world is your oyster, my friend. Restfox is pretty
| similar to Insomnia, which is what I use, so I'll
| probably give Restfox a shot and see about hosting my own
| instance on the LAN.
| Version467 wrote:
| Same here, switched from postman to insomnia when it became
| impossible to ignore how slow, cluttered and generally bloated
| it became. Haven't missed it since. Insomnia is pretty great.
| I'm sure there's lots of stuff that postman can do that
| insomnia can't, but insomnia is still very capable, while being
| snappy and not being in the way. Highly recommend it.
| alias_neo wrote:
| Same, my team and I started using Insomnia too when Postman
| pulled that stunt; doesn't matter if they went back on, good
| will lost in that way is a bridge burned that can't be rebuilt.
| Jenk wrote:
| OP states they built this because they wanted a portable
| version of Insomnia.
| [deleted]
| mch82 wrote:
| Cool project! A true, open source alternative to Postman will be
| valuable. It seems like you've got the major elements in place.
|
| Unsolicited UX notes...
|
| I read Hacker News on mobile, so tried the app on mobile and ran
| into some challenges. In order to save space, eliminate the right
| click, and work on mobile please consider changing:
| You can right click here to create a new request or a new folder
|
| To the following (illustrated using pseudo markdown):
| [Create request] or [Create a folder]
|
| It would also be helpful to replace the GitHub star link with a
| link to your README. GitHub star links are problematic because
| they require a login that adds friction that prevents people from
| getting to your README page. People will login if they decide to
| star the project, but they might never get to your GitHub if they
| don't have time to login or can't easily login on the device
| where they're reading.
| Havoc wrote:
| There is also hopscotch - unsure about licensing but it is self
| hostable
| and0 wrote:
| I dug into hoppscotch since my org balked at Postman
| enterprise costs, but was disappointed. It is open source and
| can run locally, but it still only talks to their cloud that
| stores your collections as a logged-in user (or session
| storage if you're offline). It's definitely a fledgeling
| commercial project, not a true open-source alternative,
| though you could fork it easily enough probably.
|
| I had been hoping to keep all of our APIs centralized in git
| and run the local (or cloud for our ENVs) from that repo, but
| it doesn't read any query/API/collection defs from file.
|
| (Not to come off as demanding of OSS, it's a wonderful
| product, but unfortunately you have to dig deep to figure out
| the limitations.)
|
| EDIT: Also, what I'd go with now is Thunder client for VS
| code leveraging API defs stored within each repo + the
| localized vars such as auth info.
| Havoc wrote:
| I tried Thunder too but their "please log in" popup is
| quite annoying. Wasn't aware it can leverage repo contents
| though - that seems like a killer feature.
|
| > fledgeling commercial project, not a true open-source
| alternative
|
| Yeah most of the self-host stuff tends to be like that
| unfortunately. Understandable but not ideal.
| kermire wrote:
| Thank you. The UI is not currently built with mobile in mind. I
| have been thinking of implementing a responsive layout but
| haven't had the time to do it.
|
| I did not know about the GitHub star login thing. Will try to
| rectify it when I can. Thanks for all your UX notes.
| djbusby wrote:
| Github Star link looks fixed.
| Zamicol wrote:
| The offline part is critical for me. The only other thing I would
| prefer is an application that doesn't use Electron.
| [deleted]
| steve_john wrote:
| jcuenod wrote:
| InvalidStateError: A mutation operation was attempted on a
| database that did not allow mutations.
|
| [Edit]: I'm on Firefox (with ublock origin). I see others having
| issues too.
| kermire wrote:
| Firefox with ublock origin should not cause any issues. The
| issue might be caused by Firefox's private window
| implementation which does not allow IndexedDB operations, which
| is what Restfox uses for storing the data of the application
| locally.
| npalli wrote:
| Tried to just GET www.google.com; says error and suggests
| bypassing with some plugins. Don't think I want to continue
| further.
| jcuenod wrote:
| Is there a way to get it to ignore the cache?
| ushakov wrote:
| If you want something like Restfox but as a CLI, that tests your
| APIs automatically, give Step CI a try
|
| https://stepci.com
|
| It's free and open-source on GitHub!
|
| Disclaimer: I'm the author
| roamerz wrote:
| Nice work! I wasn't familiar with insomnia so when I read your
| first line there I read it as "I love not being able to sleep
| because it gave me time to code this project..."
| kermire wrote:
| Haha thanks. Didn't think it could be interpreted like that :D
| imagineerschool wrote:
| Cool!
| alfor wrote:
| I don't understand, what is it, what does it do?
| alfor wrote:
| Ok, it's a tool to test rest api.
| jokab wrote:
| Good for you. Now did you check what postman does?
| [deleted]
| projproj wrote:
| Here's an alternative I recently came across. In Firefox on the
| network tab of the dev console, right click on an XHR request.
| You'll have two relevant options: "Resend" and "Edit and Resend".
| Edit and Resend doesn't give you all the features of Postman, but
| it is useful and a lot easier. I have spent a lot of time in
| Postman just putting in all the headers and POST body to set up
| the API call. With this method in Firefox, all parameters are
| already set because it's an exact copy of the request you already
| sent. You can change params or just hit send when you're ready to
| retest something you're doing on the backend.
| easrng wrote:
| They actually removed the plain Resend option and renamed Edit
| and Resend to just Resend.
| throwaway17474 wrote:
| I am very happy to save you a lot of time for copy&pasting
| requests to Postman. Since Postman can import curl commands,
| just right-click on a command in Firefox, Copy as -> Curl,
| click on the Import in Postman, import as text, paste curl,
| mission accomplished. Hope it helps.
| [deleted]
| tgv wrote:
| Nice. If you want to implement another feature: see the error
| response. My server returned 428, but I couldn't see the contents
| nor header, only a generic "preview".
| kermire wrote:
| That's very odd. Will look into this.
| tgv wrote:
| And the Cookie header isn't sent? (using it on Firefox
| 106.1).
| kermire wrote:
| I'm using the fetch API for making requests and fetch sadly
| forbids the Cookie header from getting passed. Will be
| looking into how I can bypass this.
| inso1 wrote:
| Hi I am one of the contributors to Insomnia. You guys are all
| invited to join our Slack channel and give us suggestions and
| feedback! https://chat.insomnia.rest/
| [deleted]
| gquiniou wrote:
| A nice feature would be import and export from/to Curl commands.
| When collaborating with clients or even colleagues it's easier to
| send curl commands.
| kermire wrote:
| Definitely something I'll be implementing soon. Importing and
| exporting curl commands is a good feature to have. Thanks for
| the feature suggestion.
| mxuribe wrote:
| I wonder if the chromium project has these functions all
| ready for you to grab from their dev tools?
| kcartlidge wrote:
| > _Last time I posted this it didn 't garner much interest._
|
| Looks good. I use Postman daily and it sucks, so always open to
| alternatives.
|
| I don't recall what it looked like the last time you posted, but
| I wonder if part of the low interest is because upon arrival it
| doesn't instantly jump out to the visitor that this is something
| you can host/run locally. It's very easy to miss the Github links
| top right. And if you don't realise that, then what you see is a
| third party website expecting you to send _your_ development
| requests through _their_ UI, which is off-putting.
|
| As I say, I don't remember, but that _may_ be why I skipped it
| last time. I 'll pay more attention this time!
|
| _(Edit: split paragraphs for clarity)_
| HatchedLake721 wrote:
| Switched away from Postman to a native Mac app and my RAM
| couldn't be happier (https://paw.cloud)
| codatory wrote:
| Now that they're maintaining versions based on web technologies
| and are now just a cog in the VC Funded RapidAPI machine, are
| you concerned that makes the writing on the wall for the native
| Mac app?
| shmoogy wrote:
| Seems pretty nice but $50 is a little high - is it really worth
| the premium?
| Fnoord wrote:
| I bought it during a BF deal. Perhaps wait a month?
| robertlagrant wrote:
| $50 doesn't look high to me, assuming it does everything it
| says it does really well. Just designing an API in a nice UI
| is worth more than that!
|
| (No affiliation.)
| steve_adams_86 wrote:
| It isn't been, in my experience. If my team used it
| collaboratively it might be.
|
| It's a solid app and worth it if you'll use it a lot. I
| simply didn't because piling things in there isn't
| particularly valuable if it isn't readily available to the
| people I work with.
| s_dev wrote:
| No -- I used and paid for PAW for a while. I gave up on all
| MacPaw products once I realized their sales staff contacted
| me after I asked them not to -- they immediately lost me as
| customer. They just wanted to 'help' me get on to a more
| expensive plan that was for Teams.
|
| There are plenty of great alternatives: HTTPie is one I like.
| Haven't found a good alternative to CleanMyMac yet though.
| samschooler wrote:
| Unless I'm mistaken, Paw isn't owned by MacPaw? It's an
| unrealted product with a one time purchase price.
| s_dev wrote:
| There is some financial relationship there. You get PAW
| with a SetApp bundle that MacPaw sell as a subscription.
| avree wrote:
| There's zero 'relationship'. SetApp bundles popular Mac
| software, of which Paw is one.
| s_dev wrote:
| >There's zero 'relationship'.
|
| It's a reseller. They probably even charge a commission
| so there is a business/financial relationship.
| simongr3dal wrote:
| You currently get 239 apps with the setapp bundle, I
| don't think there's anything special about that
| relationship.
| girvo wrote:
| I got $50 of value out of my purchase, but that was quite a
| few years ago. Dunno if I'd buy it today when there are other
| alternatives
| tecleandor wrote:
| Postman is $15, it just takes a bit more than 3 months to
| surpass the price :P
| manyxcxi wrote:
| I've been using it for a long time and I'd happily pay $100
| for it.
|
| It can consume swagger/openapi docs and generate calls. It
| can generate code snippets and cURL requests. You can extract
| values from one response body to use as a variable in another
| request, the built in features go on and on- and there's a
| decent extension ecosystem/write your own.
|
| Most importantly, it just works, and it works well and
| quickly, with pretty much any auth scheme I've ever had to
| deal with.
|
| I've only got really a couple of nits with the stand-alone
| version.
|
| I still can't figure out how to make it "use the same auth
| scheme" for every single request globally. Each request
| requires the auth config, but this is solved by just copying
| an existing request and starting from that. This could very
| well be my lack of knowledge, though I feel like I know the
| tool well.
|
| The .paw file is binary and doesn't do well checked into
| source control if you've got more than one person using it.
|
| The Teams version, which requires a monthly sub kinda/sorta
| mimics a git style branch strategy for merging different
| members changes and handles the team problem pretty well.
|
| All in all though, it is absolutely and BY FAR the best
| request tool I've ever used. A great combination of simple
| just get out of the way and advanced automation strategies. I
| use it every day.
|
| EDIT TO ADD:
|
| I forgot to mention their license is still a lifetime
| license. I paid them $50, probably 6 years ago now, and have
| never been forced to pay them another dime. I'd pay per major
| version or do the IntelliJ perpetual fallback if it came to
| it, but I've never once been bait and switched (looking at
| you Tower2).
| chewmieser wrote:
| It's quite nice. I think it's worth it but you could always
| do the same for free/cheaper with other tools out there
| and/or curl.
|
| Depends on how much you value a tool like this. And it's a
| one-time purchase for life, not a subscription.
| [deleted]
| v3ss0n wrote:
| Importing of postman is very important feature, I will take a
| look definitely.
| [deleted]
| user3939382 wrote:
| My biggest gripe with Postman is the horrible theming. Except for
| light and dark, 0 control over the appearance of this app that I
| have to look at for hours almost every day.
| datavirtue wrote:
| You don't have to put up with postman. There are better
| alternatives.
| user3939382 wrote:
| > You don't have to put up with postman
|
| Unless you work on a team that's standardized around it as a
| collaboration tool.
| topspin wrote:
| My biggest gripe is that its design leads to accumulating long
| list of slightly different "tests" whose purpose is soon
| forgotten. I suppose there are better practices that can stop
| that, but the path of least resistance is "copy, edit, run,"
| and so a huge pile of meaningless garbage accumulates.
|
| Something is missing.
| _jayhack_ wrote:
| For anyone looking for an aesthetic Postman alternative, I can't
| recommend https://insomnia.rest/ enough
| ecuaflo wrote:
| Insomnia is open source too
| [deleted]
| schipplock wrote:
| In the past I was using SoapUI. I liked it. Just because you guys
| were mentioning Postman alternatives :).
| arunsivadasan wrote:
| There was previously Postwoman which I believe is now hoppscotch
| https://github.com/f0rb1d/postwoman
|
| https://github.com/hoppscotch/hoppscotch
| [deleted]
| snehesht wrote:
| Noticed a small bug, I can't paste into the URL bar.
| Nihilartikel wrote:
| My version of Postman is to open a Jupyter notebook and
|
| >> import requests
| jdthedisciple wrote:
| Entering "news.ycombinator.com" and pressing send gives me an
| error.
| Sohcahtoa82 wrote:
| I'd expect someone from HN to give more descriptive reports
| than "gives me an error".
| Trufa wrote:
| In the error message the solution is present, install the
| addon:
|
| https://chrome.google.com/webstore/detail/restfox-cors-helpe...
|
| There's also a FF one.
| Snacklive wrote:
| Page is not working for me. I'm in Firefox
| neogodless wrote:
| Windows 10, Firefox 106.0.1, uBlock, multi-account containers,
| facebook container, bitwarden, DDG privacy, consent-o-matic,
| font contrast, dark reader
|
| Works fine for me.
|
| Opened a request to https://api.publicapis.org/entries and it
| fetched results.
| duiker101 wrote:
| My favorite testing HTTP Client is still just the IntelliJ built-
| in, pure text. You know exactly what you send without having to
| navigate menus and whatnot. In the end, 99% of HTTP requests are
| just that, text.
| [deleted]
| jicea wrote:
| I can't resist to propose my own solution: a cli tool, plain
| text based, curl, and Rust https://hurl.dev
|
| The market is overcrowded by good solutions, best wishes to
| other tools!
| nkantar wrote:
| Thank you for Hurl--I started using it a few months ago and
| it's been a delight!
| duiker101 wrote:
| This looks quite good!
| hbagdi wrote:
| I have been working on a CLI first workflow that doesn't
| require IntelliJ: https://hit.yolo42.com/. I spend my days in
| the terminal and like curl and httpie for most parts. Hit is to
| fill in the gaps rather than redo the whole experience of
| sending HTTP requests.
|
| I've a very early prototype. If you get a chance to try it out,
| please do and share your feedback.
| philliphaydon wrote:
| Can you chain requests together? Like if a request requires
| auth it will invoke login then take the token for use in the
| next request.
| onetom wrote:
| Well... that's called programming, no? :)
| kozziollek wrote:
| I haven't used it myself, but there is an option to parse
| responses with JavaScript and set variables.
| GET https://httpbin.org/get > {%
| client.global.set("my_cookie",
| response.headers.valuesOf("Set-Cookie")[0]); %}
|
| https://www.jetbrains.com/help/idea/exploring-http-
| syntax.ht...
| philliphaydon wrote:
| Interesting. I have 2 endpoints (login and get settings) I
| use for testing in a desktop app and sometimes firing up
| insomnia for that project is a hassle. But rider has that
| rest client too so maybe I'll try it for this one thing.
| pletnes wrote:
| And it fits nicely into git!
| gempir wrote:
| This is what I wish all http clients could adopt.
|
| Use plain text files (IntelliJ already introduced .http files,
| which work great) Sadly it will never work because that would
| break 90% of the incentives to pay, which his having a sync
| system. Because then I could simply commit my http requests and
| git would be my sync server.
|
| Personally I don't like the IntelliJ Client, the UI is kind of
| ugly and requires a lot of actions each time I want to send and
| review a response. Insomnia is way better in that regard.
|
| Good context might me my issue comment on Hoppscotch:
| https://github.com/hoppscotch/hoppscotch/issues/870#issuecom...
| hbagdi wrote:
| This is what I have been working on: https://hit.yolo42.com/.
|
| Early days but would love some feedback if you get a chance
| to try it out.
| gempir wrote:
| The idea is good, but I want a GUI.
| edpichler wrote:
| Be careful with Postman. It seems they upload all your secrets to
| their servers. We stopped to use it a time ago. I don't know if
| they changed in this regard.
| thieving_magpie wrote:
| Does anyone have a source for this? I need to present this to
| our team if it's true.
| _boffin_ wrote:
| They sync everything. If you store stuff in collections,
| requests, or environments, it's uploaded.
|
| Presuming it's end-to-end, but don't know about at rest
| encryption
| meesles wrote:
| How else would they sync all of the shared stuff in your
| workspace? I'm more interested if they properly encrypt my data
| in transit and at rest and whether Postman employees have free
| access to our secrets.
| zzbzq wrote:
| I got a bulletin from our security team saying Postman stores
| it all in plain text on their servers. Unbelievable if true.
| Haven't used it since. They have all your passwords.
| pletnes wrote:
| I had this gut feeling, but no way to check. The handling
| of secrets is not explicitly states, i.e probably bad.
|
| I like the looks of httpie's new desktop client but no idea
| if their secret handling is any better.
| Cederfjard wrote:
| This is from their website:
| https://www.postman.com/trust/security/
|
| > Depending upon its sensitivity classification, customer
| data is AES-256-GCM encrypted at the server-side before
| storage. Postman environment variables are covered in
| this classification and we strongly encourage you to use
| them to store your authentication keys and passwords. We
| have also added sessions in the 6.2 release onwards of
| Postman. We recommend using session variables for any
| data that you do not want to be synced to Postman's
| servers.
| aliqot wrote:
| > Depending upon its sensitivity classification
|
| What does this mean?
| natebc wrote:
| > Postman environment variables are covered in this
| classification and we strongly encourage you to use them
| to store your authentication keys and passwords.
|
| It reads to me that they encrypt Postman environment
| variables and encourage you to use those.
|
| Not sure what else is "Customer data" in that regard but
| it seems they consider at least that bit worthy of
| encryption.
| jkbr wrote:
| Here's how we do it:
| https://httpie.io/blog/changelog-0017#data-security
___________________________________________________________________
(page generated 2022-10-21 23:00 UTC)