Postman – Using Environments and Tokens

Rick Herrmann

Postman is an incredibly  useful tool for testing API’s.  I’ve been using it for a few years now and have found some features that make it a breeze to work with when it comes to secured API’s. It’s good for handling different environments as well.

Login and Tokens

A common pattern we use with our API’s is to use Javascript Web Tokens(JWT’s) for authentication. To work with this in Postman, I typically have a /login post call which returns a token. Then for any other calls to that API, I manually copy the returned token, and set the Authorization header to “Bearer <token>”. Although this works, it’s a pain when the login token expires and I have to copy a new token to the Authorization header for every saved API call.  For an API where you have a lot of endpoints saved, updating all the Authorization headers can become tedious. Continue reading “Postman – Using Environments and Tokens”

HTTPClient

Rick HerrmannIn the 4.3 release of Angular, there was a new HttpClient API introduced.  HttpClient is an alternative to the existing Http module and exists in its own package (@angular/common/http).  For any projects that are using Angular 4.x, both Http and HttpClient are supported so you don’t have to migrate to the HttpClient all at once.  However, in Angular 5x, the original HttpModule is deprecated so only HttpClient is supported.  Hopefully with this overview you will see that HttpClient is actually easier to use and switching from Http will simplify your http service calls. Continue reading “HTTPClient”

Weather APIs – Which One is Best?

Mike BerrymanWe recently had a client that wanted to display weather data alongside data from store sales for marketing purposes. The requirements were actually pretty simple: they wanted to show the overall conditions, and high and low temperatures for the day. The critical piece was they wanted this information both in real time and for any given day in the past. I was tasked with figuring out how to get this information, so I started looking at the various weather APIs out there.

Continue reading “Weather APIs – Which One is Best?”

ASP.NET MVC 4.0 Custom Authorize Attribute

DaveI was working on an MVC 4.0 web application that contained some WebAPI controllers.  The requirement was to secure the site using Windows Authentication.  However, only the web pages required security but, the Api controllers did not. I changed the web.config and IIS 7.5 to provide Windows Authentication.  I then added an authorize attribute to my MVC controllers like “[Authorize(Roles = “FooWebUsers”)]”.  Since, the WebAPI controllers did not need security I added the [AllowAnonymous] attribute to those controllers.

I tested the site and discovered the MVC Controllers were properly secured, prompting a login – ok good. Hit one of the API routes in fiddler and got a NT challenge and response or prompt for Login. What’s going on here?  I added [AllowAnonymous] to the API controllers – not working.  After much digging around I found what I wanted by implementing a custom Authorization attribute. Here’s the steps I went through to implement this.

Continue reading “ASP.NET MVC 4.0 Custom Authorize Attribute”