If we are using Chrome, it is not possible to alter the web request in the Chrome’s Developer Tools (at the time of writing this) and so we use tools like Postman.Īlthough we can manually copy the contents (URI, body, headers, …) of a request from Chrome’s Developers Tool and create a new request in Postman, the process is tedious and error-prone. we may want to change the content of POST requests’ body or change the value of an HTTP header. This is just one of the many things you can do with the Postman Interceptor extension-which you can now install from Chrome, Mozilla, Microsoft, or Apple Store.Quite often during web development, we need to fiddle with the outgoing web requests from our web browsers. In this example, we’ll call it “Slack APIs.” You can keep this as a reference collection to add more APIs in the future: Generate collections from the recorded sessionsįor future reference, you can generate a collection from the session. To send the API call, you can click on Send. To view details of the request, you can click on the request to use the Postman request editor. As you stop the capture, you’re presented with the session that lists all the APIs you have captured in the last session let’s rename it as “Slack Messages API.” You can go back to this session anytime from the history tab. Sessions to slice and dice captured requests You will see the corresponding chat explaining that when you click on Start Capture and send a message in the channel, the chat.postMessage API call is captured:ģ. You are all set to reverse engineer this API. If you have disabled it in the past, you will have to enable it again by going to the Cookies tab in the Interceptor extension: This will sync cookies from domains for which you are capturing requests. This means you will have to enable cookie capture as well. The second important thing to address is that most websites use cookies to authenticate all API calls. Sync cookies to replicate authentication from the browser Then, add a domain filter-” ”-to capture only requests:Ģ. When starting the Postman Interceptor extension, you will see that it immediately starts capturing requests from all domains. Domain filtering to capture traffic selectively While chat.postMessage is already documented, we can build something interesting quickly with this example. Let’s consider the reverse engineering use case.Īssume that you want to check how Slack’s API for sending messages works so that you can automate a few message-sending flows. It can be for reverse engineering, understanding payloads, or documenting APIs with examples. How exactly does the Postman Interceptor help you?Īs developers, we have multiple reasons to inspect APIs for web apps. With the Postman Interceptor extension on Chrome already serving as one key way our community of more than 25 million users captures browser traffic into Postman, we are excited to announce the release of a wholly revamped Interceptor extension for all browsers! This makes it even easier for more developers to successfully create and build by seeing what’s going on “behind the curtain” of an API and work with web traffic outside their browser, in an environment where they have more control.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |