5 min read

Postman: The IT Admin’s Secret Weapon

Postman: The IT Admin’s Secret Weapon

Finding a new tool that simplifies my work and opens up new ways of getting things done is always a fantastic feeling. For me, discovering postman was like finding a skeleton key to a backdoor I didn't know existed. Suddenly my toolbelt went from a few standard tools to an entire hardware store. Ok enough analogies, you get the point.

Quick Navigation:
What can Postman do for you?
Familiarize with APIs
Get to know Postman
Get Fancy with Collection Runner
Further Study

What can Postman do for you as an IT Admin?

Postman's core use cases are advertised for developers to design and test APIs. However, it can also act as a GUI for admins who don't use APIs every day. I've used them for quite a few SAAS apps, including Slack, Teams, Atlassian, Asana, and even VMware Workspace One. Here are some non-standard ways I've found myself using postman as an IT admin:

  • Bulk User Provisioning - If your SSO/IDP doesn't support SCIM Provisioning, Postman provides a way to Create, Read, Update, or Delete users in bulk without learning cURL, Python, or any other scripting language
  • Role/Permission Changes - Change access levels and/or move users between groups with ease
  • User Audits - Pulling a list of all users that are provisioned in an application to be able to see who is inactive, then de-provisioning to save money on licenses and maintain a clean directory
  • General Upkeep - Find resources that are no longer being used such as channels, projects, documents, etc, and archive them in bulk
  • Usage Analytics - There's a lot of data just sitting behind the scenes for a lot of SAAS apps, and if the app itself doesn't provide the level of detailed analytics desired, you can pull raw information yourself for analysis

Essentially Postman allows IT administrators to automate repetitive tasks and gain additional insight into their applications. This automation can help to reduce the time and effort required to perform these tasks, allowing administrators to focus on more important work.

Familiarize with APIs

If you are new to APIs, I recommend brushing up on their fundamentals, how they work, etc. There are plenty of great resources online for this but here's a quick snippet from Postman to cover them at a high level:

APIs provide a structured way for one application to access the capabilities of another application. Typically, this communication happens over the internet by way of an API server. A client application (like a mobile app) sends a request to the server, and after the request processes the server returns a response to the client.

A request includes the URL of the API endpoint and an HTTP request method. The method indicates the action you want the API to perform. Here are some of the most common methods:

GET retrieves data from an API.
POST sends new data to an API.
PATCH and PUT update existing data.
DELETE removes existing data.
Source: https://tinyurl.com/ta5hsvrk

Aside from that, here's the stuff you really need to know:

  • Endpoint - This is the URL where you send your request
  • Headers - Headers are the context that the API checks before completing the action. This is where you include things like authorization, content types, and more.
  • Authorization - This is the way you authenticate to use the API. Most of the time a Bearer token is used to tell the application who you are and what you have access to. You'll get this from the application you are trying to interact with
  • Scopes - Scopes are essentially the individual permissions granted to allow specific actions by a user/client/token/app. These are set up in the application when creating your token
  • Content types - Tells the API the format of the data you are sending so it can read it correctly
  • Parameters - These are options you can pass on a request, and usually get added to the URL. Most often used on GET requests, they can help filter or limit data received.
  • Body - The body of a request contains the data being sent to the application. GET requests have blank bodies, while most other methods can contain form data or raw JSON.
  • Response Codes - These are numeric codes that are a response back from the server that you sent the request to. Each set of codes has different meanings:
Source: https://www.youtube.com/watch?v=LtNSd_4txVc

Get to know Postman

  • Collections - Collections are a group of API requests. These groups can share data and variables between them and can be shared with other users for collaboration.
  • Runners - The Runner allows you to run a sequence of multiple requests in a row, or a single request with multiple iterations of data that you can upload from a file
  • Variables - There are multiple types of variables in Postman. Variables are placeholders that allow you to reuse data in multiple places without having to enter it manually. The 2 most relevant to admins are:
    • Collection Variables - These are variables that can be defined at the parent level and inherited to all requests within the collection
    • Data Variables - These allow data to be imported from a CSV or JSON file and in Runners to perform requests in bulk

Time to get your hands dirty!

Now that you have a general idea about the terms and how things work, time to learn by doing! Pick your favorite app, refer to their documentation to get set up with an API token or configure OAuth, and try out a couple of requests.

It is strongly advised NOT to make API requests to production environments until you are extremely confident in using the tool. Damage can be done that isn't always reversible. Ask your SAAS account rep for a Sandbox Environment to test their APIs so you can get comfortable.

Get Fancy with Collection Runner

Once you have a good feel for sending individual requests, time to step it up a notch. Using the Collection Runner and a data file, you can make bulk actions on users and more. Run through this tutorial and add the Ramen collection to your postman workspace to get hands-on with the process:

Looping through a Data File in the Postman Collection Runner | Postman Blog
Update, January 2020: Want to see how the Postman Collection Runner has evolved even further? Read our more recent blog post about...

Further Study

Once you get really into the weeds with things, you might start running into issues with large amounts of data. At this point, it's best to learn some more advanced topics like rate limits, pagination, filtering, and sorting:

REST API Design: Filtering, Sorting, and Pagination
Advanced REST API design guidelines for API filtering, sorting, and pagination.

If you found this guide helpful, please share & subscribe to stay updated on new articles!