I stopped using Postman when it magically started connecting to a central server for… nothing useful, really. I have no idea why people would design software this way, especially a development tool that should work with any web server, under any network condition (including fully offline against localhost).
Now I just have a Makefile with a bunch of curl invocations, or Python tests with requests to match against expected responses.
We went with a mix of curl, Invoke-WebRequest, favourite scripting language, HTTP files, IDE tooling, Insomina, after Postman went cloud online and became a forbidden tool on our systems.
Also I am not counting that Insomina won't follow the same footsteps as Postman.
I get the whining, but teams need ways to share their complex workflows, and teams are where the money is for all dev focused software.
That's who pays for all your tools to have free versions.
People who use make and curl to jury rig some unshareable solution together that no-one else in their company would even bother trying to use aren't worth any money to companies.
Teams that are knowledgeable jury rig their own custom solutions without all the enterprise cruft. They make solutions that fix their problem and they do it faster than the teams who use bloated enterprise solutions.
I am tired of seeing over engineered enterprise solutions that that are implemented and never used because they can’t be integrated into the dev workflow easily. Simple bash script that does the task it was designed to do beats any enterprise crap.
The wisdom of pipes! I'd share these workflows the exact same way we share others [ie: BASH, Ansible]: Git. Needs nothing more than a directory, though an SSH daemon is quite nice.
Those of us who can survive without desperate monetization plays are worth quite a lot, actually. They say 'jury rig', we say 'engineer'.
>I get the whining, but teams need ways to share their complex workflows, and teams are where the money is for all dev focused software.
Complacent corporate teams. Agile teams need to simplify their workflows, and know that a Makefile can be better than some closed down, Cloud-first tool.
>That's who pays for all your tools to have free versions
Nah, we have free versions for stuff without enterprise editions too.
>People who use make and curl to jury rig some unshareable solution together that no-one else in their company would even bother trying
I highly recommend checking out the postman forum for posts about the scratchpad being removed, it's a fascinating and frustrating read.
It would be so much faster and easier for the postman reps to just shut down the conversation. And yet, for some reason, they keep it going for very long while still being extremely evasive when it comes to any concern raised about data sovereignty.
To be fair, Vim and Curl are almost certainly dynamically linked, so they get to "cheat" a little. 10 megs is entirely reasonable for a statically linked utility intended to "just work" when you dump it somewhere in your $PATH.
Take the Micro editor. It's written in Go, and packs a fair bit of functionality into a single 12 meg static binary (of which a few megs is probably the runtime.)
Wow, I've been looking for a postman/Bruno/foo replacement that I could use inside a remote ssh server or remote dev containers in vs code. This might be it!
Oooh this is neat! I've been using hurl (https://hurl.dev/) for the last few years and while it's fun, I've ended up with a ton of text files floating around a folder instead of any kind of organization. Might have to try this.
RubyMine, and I assume its cousin JetBrains IDEs, has a great HTTP client (Tools -> HTTP Client) that I've used when I need this sort of functionality. I've been off of Postman for quite some time, since it got so complicated, and all I wanted was something to help me make simple web requests. (No disrespect intended to those who like Postman, it's just too overwhelming for my needs.)
> RubyMine, and I assume its cousin JetBrains IDEs, has a great HTTP client
It's great. You can even paste a curl command into it and it will automatically convert and format it. You can then use the Copy button to convert your changes back to curl.
Question: Do I miss something by not using Postman? My alternatives for development are "Edit and Resend" of a request (in Firefox) and plain old curl scripts for reusable examples.
I used to use postman, before they become greedy, now I use Bruno.
But to your question - I have saved based authenticated request to our company useful APIs - github/jira/artifactory - so when I want to string together some micro tool to do something in batch, I don't have to remember where do I create API key, and how do they accept it.
Not Postman specifically but a client like that will allow you to prepare a whole set of different requests and save them so you can build up a test suite, plus some of them do things like scripting, chaining requests together etc. It's like the difference between a text editor and an IDE, so it depends on your needs really.
We use it at my work because one team will create the backend, and another team will create the frontend, and its useful to be able to share a big list of all the endpoints, along with how to use them and the expected result that can all be run, as well as handling all the auth for you
We use it a bit at our company. We have a collection file that includes a ton of requests with headers and body. Developers can with ease load that collection file and run it against their own server, and also quickly change to a different server with just a click.
I guess a substitution would be a git repo with curl scripts and environment variables?
We also have some non-tech people who use postman to run tests.
I use a mix of tools, depending on needs: `curl` scripts for things I might need to automate on barebones OS installations (Linux/macOS), HTTPie on my local CLI env if I'm debugging something where I need to mutate parameters quickly: making sequential calls, many requests with varying parameters; and Insomnia as GUI where I can save requests with parameters, headers, etc. to be re-used during development.
Each one has its strengths, and weaknesses, Insomnia can export the saved requests as `curl` commands so it's a nice visualisation to iterate over a complex call until it's working, and then be exported if needed to be automated; `curl` is quite ubiquitous but clunky to remember the exact arguments I might need; HTTPie has a nice argument syntax so it's quite readable to be quickly edited but isn't present without installing Python, pip, and pulling it.
At the end of the day with Postman you wind up trying to codify requests via collections, which tends to just be programming in a more limited language.
A lot of organizations have very large suites of postman collections that serve as API documentation, regression and QA testing… they often heavily rely on the postman Javascript libraries and have custom code embedded directly in the collection.
Been using Yaak for 6-9 months now, initially built from source, but now a paying subscriber. Recently saw that you post open metrics[1] on subscriber count and revenue, and love getting a little look behind the curtains.
Curious to know more about the commercial licensing scheme for Yaak: if i’ve read correctly, purchasing a pro license if based on « good faith » as the features are exactly the same as the MIT licensed Hobby version?
Sincere question, been studying lots of OSS commercial licensing and always wonder what works in which context
Yes, it's a good-faith license. The license doesn't even apply to the OSS version (only prebuilt binaries).
The bet is that super fans will pay for it in the early days and, as it gets adopted by larger companies, they will pay in order to comply with the legalities of commercial use. So far, it's working! The largest company so far is 34 seats, with a couple more in the pipe!
You can be an Oracle and audit your customers and develop that adversarial relationship. The idea is that that sort of thing makes you rot in the long run.
I am sure everyone making shareware in the early 1990's would have loved to spy on people to know how many used their software for free (and have a way to spam those users to try to sell more licenses), but they couldn't and just did without that.
Thank you for your honest and detailed answer! Great to see it’s working so far and this allows you to build a true OSS product in the meantime, i really appreciate that (i think this is the biggest benefit of your licensing scheme)
Under pricing for the hobby tier you could add as free or pay what you want. $50/yr isn't crazy but might get a few smaller donations if that was an avenue.
If I asked my security team could I use yaak, they would (probably) say yes, and legal would say under no circumstances am I to use a personal license, they will pay for a commercial license. Large companies are incredibly risk averse when it comes to stuff like this.
I love a solo dev building from scratch is going up against an entire team and company who have years of head start, alot more money and a product that the solo dev originally wrote for them.
And the solo dev has a better product already and might actually win haha.
I was looking at Yaak, and wondering if you've plans to bring it inside VS Code some day?
how would someone use this in a project that operates within VS Code Remote where the source sits on a remote server and isn't physically on the file system.
In case you aren’t familiar (and with apologies for my verbosity if you are): VSCode Remote can be best understood as a sort of hybrid of a local text editor and a remote web-based or X11 view of an editor for a remote session.
When you use a remote, the code is on the remote and all your editing functions (search, version control, terminal, extensions) happen in the remote via a worker process.
So in a remote session, everything is “local” to the remote. You may have no file “mount” of the thing at all on your host desktop machine. If you do a git commit, it’s running inside/on the remote. If you do a file search the files are searched on the remote, rather than downloading them over some network filesystem and searching locally.
The GP’s point is, I think: if you implemented Yaak as a VSCode extension, it could be made to function either in a local session or inside a remote (on a server accessed via SSH, a docker container, on the linux side of WSL etc.) and therefore have fast rather than slow access to the code, git repo etc.
I do essentially all my dev work (apart from compiling the odd mac app) inside remotes of various kinds to create reproducible environments, avoid cluttering the host, sandbox the tools, give me freedom to work from more than one machine etc., and I run into this sort of thing quite a bit.
There are at least two clients like this for VSCode —- Thunder Client and EchoAPI, and I believe both function in a remote session.
P.S. I loved Insomnia before the bad happened; it really helped with learning APIs. Thanks.
Wrote this late at night and didn’t explain what I meant by X11 view.
I was thinking back to running X sessions on remote machines, sending for example a text editor view back across the network to my desktop.
VSCode remote feels to my fiftysomething brain to be logically quite like that, only you are sending the display back from the remote worker using web techniques, and rather than to a display manager, you are sending it back into the shell of an editor, so it appears to be largely indistinguishable from a session running on your local machine.
Maybe I’m misunderstanding, but I think what you want already exists as VSCodes remote SSH tunnel port forwarding (not the one that makes it publicly accessible).
Startup a dev server on the remote machine and forward the port to localhost. It should now be accessible via http://localhost:[port] on your local machine in the browser or any application, as if it’s running locally.
I find it’s very useful for also for interacting with DBs/Redis. Just forward the port your DB communicates on and use whatever client on your local machine to interact with it.
As far as I know this works with any service that communicates via TCP
The REST Book extension was made by a VS Code dev and does a decent enough chunk of what is needed, at least for simple use cases.
Handy Dandy Notebook as well, but that requires some reformulation to get everything in terms of standard curl/node/python/etc commands. (whether that’s better or worse than a custom http dsl is a matter of some debate)
off topic, sorry: Looking at the docs and I don't find a quick answer. I really want an API client that will do OAuth and handle token refresh, and I haven't found one. The use case is that (obviously) I control the redirect URI, so I'd like to map it back to client (some kind of proxy that I run and make external with all of the requisite DNS and TLS) or maybe via a hosted service (which I'm willing to accept for the convenience.)
I haven't used postman or insomnia in a while since they went to the cloud, so I could just be missing it, but that's also a non-starter for me.
Can you provide clarity on is a commercial license is needed. The license appears to be MIT but the yaak.app website gives the impression a license is required, even stating as such in FAQ.
The commercial license terms only apply to the prebuilt binaries. You can build and run the OSS version for whatever purpose you'd like. Check the last FAQ on the pricing page
You should consider updating your free license to allow some time period of professional use, otherwise it's not possible to evaluate it at work without violating the license.
It's possible if you build from source, even in the commercial environment. As the last item in the pricing page says, the license only applies to the prebuilt binaries.
Quick request, if it's doable: would you mind making a portable version of this? We're super locked down on our machines (even as developers), and all programs that need to be installed need to be approved. Portable programs fly under the radar, so they're easier to try discreetly, then we can make an official request to get them approved or buy a license.
Edit: oh my, you also made Insomnia, that I used when Postman was on the enshittification path...
This looks awesome! I've been wondering what to do with Insomnia since its enshittification.
One idea: since you are doing good-faith licenses anyway, maybe you could add in the possibility to pay for some kind of one-time license? I don't particularly need or want updates from my API tool, I just want it to work and not break. I would be fine with paying a one time commercial license that gives non expiring right to use a particular version.
One thing I despise about postman is how much friction there is to creating a new request. In my line of work, I'm often using an API client as a scratch pad to validate /poc. At the same time, it would be nice to just have a simple "history" that I could go back and search if I needed to find some request I made a few weeks ago.
This looks great. If you can wait 8 years before you sell out, that should be long enough for me to retire. Give me a headsup if they offer you a billion earlier so I can start looking for Yaak's replacement.
I think for the most part everyone has accepted that Postman grew into a monster that bloated with features and presumably that comes with online dependence.
$dayjob sent an email to everyone with postman installed and asked us to uninstall when postman switched to online. $dayjob IT still maintains a wiki page and includes it on the banned software list. Used to be ubiquitous over there.
For a long time I used Paw, which became RapidAPI a couple years ago. Nice little app that does it's job well.
Lately I've just been using a Phoenix LiveBook notebook, with the Req package loaded into it. I can make requests, do arbitrary transforms on the data, and generally stay right at home in a language I like and understand
If you don't know elixir, I'm sure jupyter or some other notebook system would do just as nice of a job
If you take a peek at the commit history [1], you'll see that the project started only last week with some very vague commit messages. The code is also quite messy and unoptimized. It's a cool project but not exactly industry-level software.
If you're willing to use a CLI, you can try Hurl [1]. It's is an Open Source cli using libcurl to run and test HTTP requests with plain text.
We use libcurl for the reliability, quickness and top features (HTTP/3 IPv6 for instance) and there are features like:
- requests chaining,
- capturing and passing data from a response to another request,
There is nice syntax sugar for requesting REST/SOAP/GraphQL APIs but, at the core, it's just libcurl! You can export you files to curl commands for instance. (I'm one of the maintainers)
It isn't working locally for quite some time now, hence why many companies have forbidden using Postman, given the issue of testing internal APIs with security information hosted on Postman servers.
I remember when one of the "Core Goals" of Postman was "Complete control over your data - Keep simple JSON based data formats which can be exported and shared as per user needs".
There seems to be a common theme here. Some project gets traction, it works very well. Then they got VC money and the project turn to crap for the community. Not all VC project, but seems to be common theme. I also aware that devs need funding to keep a project going for the long run. Are there any better alternatives for funding now days?
Not sure if this applies to Postman specifically, but I think a lot of software projects start out largely as hobby projects, and might not have even had an ambition of making serious money out of it, and as such there's no reason to be hostile to the community.
Then a VC fund gives these developers a dumptruck full of money and expect returns immediately afterward. Something like Postman likely doesn't make a ton of money unless they're doing something anti-consumer like selling data.
Devs have to eat and if someone offers you a life altering amount of money to work on their hobby project, a lot of them would probably take it. It's hard to turn down something that might assure your family a comfortable life.
That's all good, and I hope they're happy, but they shouldn't expect their audience to stick around if they start to ruin the project that got them there.
This is not what I said. I meant that users should contribute and not expect FOSS projects as a separate channel of getting material for their corporate work.
I want to judge the devs for it but if a VC walked up to me with a bag full of cash and the opportunity to work full time on a passion project I can’t be anywhere near sure I’d say no.
That bag full of cash will keep being a bag full of cash but the passion project will likely become driven by whoever hands you the bag and will head towards their goals, not yours. Anyway you'll keep the cash. It's not different from what the vast majority of us do with our jobs every day.
Why you and other devs say Insomnia is unmaintained?
There has been a release in september, issues has been solved within last month, and multiple pull requests has been managed (merged and rejected) also recently.
Maybe you refer to issues specific to a platform? Thanks in advance.
The plumber doesn't start to install additional pipes that require an annual fee, or spying on me "because you know, nothing to hide", or any other nonsense we are seeing in software.
One of the things I've thought about for startups are things with the general theme of "complete control over your data", how could I write something like this into the articles of incorporation (or similar) to make some of those values at least somewhat irrevocable?
Same but since a lot of bigger scenarios I need to test the scripting quickly becomes a lot so I often do this using Groovy (as I am a Java developer this is nearly the same). I now have a collection of scripts I often reuse and adapt.
I'm looking at alternatives that are guarantee to work locally and only found the following:
Posting.sh -> Postman imports are experimental which makes it a non-starter for people like myself with large Postman collections. TUI only also makes it harder to switch.
Insomnia -> Owned by another large tech company.
Yaak -> Made by the same guy who created AND SOLD Insomnia above. Not exactly comforting to switch over for. How long till this one also gets sold?
Any other great local tools out there? I would like to be done with Postman.
Restfox [1] is worth checking out. It's fully offline and lets you version control your collections with git or any sync tool you prefer. The postman import is well tested and the app also allows you to export back to Postman collections.
I'm using an old version of Postman with their servers blocked through the system hosts file. I keep meaning to migrate to whatever the next best thing is but this setup just works for me.
OK which dumb engineer unsafely wrapped the entire feature flagging / observability / telemetry tooling around the main process of the app such that it wouldn't load unless those libraries resolved?
The red flag appeared a few years ago already. My company forbade us to use it. This wan no problem for me, because I mostly use curl, but people got upset. We thought this too much restrictive, but ...
I ditched Postman for Insomnia (Open source) after Postman refused to adhere to customers to disable auto-updates for 6 years+. I checked on their GitHub issue tracker and it turns out, the solution was to upgrade to their "Enterprise plan".
Don't you love how slimeballs cant help themselves though? Instead of just letting free and easy happen the one time a year they go down... they just spit in everyones face to remind them now they have time to go find an alternative
Postman founder here. I did not time this with an AWS outage of this magnitude but I posted about filesystem, git, and offline support coming to Postman last week: https://x.com/a85/status/1978979495836356819?s=46
Postman has a lot of capabilities now that require the cloud but there is still an offline client built in just for requests.
Building sign-in and cloud features were not due to a VC-led conspiracy. A large number of companies depend on APIs (like AWS) and have thousands of services and APIs. Customers need to manage them and wanted us to build it.
Postman allows for turning off history, keeping variables local, setting up a local vault all in the free product and in more advanced plans, there are secret scanning capabilities for IT and security teams.
These issues are not unique to Postman and apply to all cloud products like GitHub as an instance. Products that are “offline” just shift the burden to the user.
All good security measures, for sure, but the blog post you linked doesn’t mention anything about telemetry (ie request data sent to those *.gw.postman.com endpoints). As a user, it would be great to know exactly what data is sent to Postman servers (eg we send resolved query strings, we don’t send headers, etc), as well as to have an easy way to opt out of telemetry altogether.
maybe it doesn't do everything postman does, but I'm very happy using the rest client extension in vs code, the http files with the api calls are commited to the source code repository along with the code is easy to use, does what i need, and is easy to share with my colleagues.
In the beginning, there was Postman, and we used it, and it was good. Then, Postman became enshittified, so we switched to Insomnia. Then, Insomnia became enshittified, so we switched to Bruno. Then, Bruno became enshittified, so now it's Yaak.
Let's see how long it takes for one of these programs to break the cycle.
And each of those are just thin wrappers around curl I guess. We should be glad that some good free software could be produced in the past to serve as the foundation for today's greed.
I'm stealing your thread to ask a question: How would you explain what an API Client is to someone who's never used one before, and has always just consumed/produced/tested API's the old-fashioned way?
Is it basically "an IDE for playing with API's"?
Is it only for HTTP-based API's?
Does it come with canned functionality for popular services out there?
I am against government regulation, but at times likes this (or your sous vide and washing machine requiring online accounts to function) the idea for regulations that mandate availability of local server for client server applications is alluring. And making all cloud functionality optional.
It will never disappear, enshittify, or let you down. It's already modern, and has a great UI. It's available everywhere. It supports every protocol and feature under the sun. Those fancy features you think you need: you don't. Whatever you're missing can be easily added via simple shell scripts or aliases.
It’s annoying that the marketing and brand recognition has worked so well. My whole company uses postman and it’s a huge uphill battle to use anything else.
There are SO many alternatives. It’s curl UI wrapper with secrets* management! Why do we all need enterprise licenses??
Off-Topic: I read about yaak app as an alternative to Postman - can anyone recommend an alternative to Stoplight Studio for covering "the other side" by any means?
I loved to use their free desktop app for building API documentations which can be used for scaffolding / generating APIs but for some reason I don't remember right now I had to stop using it.