As a junior frontend or mobile developer, it can be quite intimidating to work with your companies backend API for the first time using a tool like Postman. In a corporate setting, there’s a good chance that you may not have access to the backend code, and that there may be little to no documentation available to you to help guide you through working with the backend API. In the real world, a lot of the knowledge regarding how the frontend and backend systems work may be locked up inside the heads of other teammates, and you may find yourself having to figure things out for yourself.
But fret not! Many companies follow a pretty straightforward convention for granting access to the backend API, so that’s what I would like to share with you here in this blog post. Obviously, companies don’t want to let anyone access their backend API. Take Snapchat for example. Snapchat doesn’t want anyone to be able to query their API and read any message they want. Snapchat only wants users to be able to read their own messages, not everyone’s messages. And this goes for pretty much all companies. Backend APIs need to be able to authenticate requests to make sure the person or computer making the request is who they claim to be and that they have access to the information they are requesting.
And how do backend APIs handle this authentication? Bearer Tokens!
Just like you have usernames and passwords for logging in to websites and apps, backend APIs have a similar method of authentication. But instead of a username and password, backend APIs roll all of that information into one– a bearer token. What is a bearer token? A bearer token is long string of text which essentially represents a username and password. You can think of it as a magic passphrase that grants the bearer access to all of the data for a given account. And why is this important? Well the bearer token is the primary thing that you will need to access your companies backend API using Postman.
So without further ado, here’s how you add a bearer token in Postman:
First, you’ll need to sift through your companies frontend code and programmatically retrieve a token for the test user you want to access the backend API as. Let’s say your company has a test user with an email address of johndoe@gmail.com and a password of p@$$w0rD123. You’ll run the development version of your companies app on your development machine, log in as user johndoe@gmail.com and see if you can programmatically retrieve a token for this test user. Somewhere in your companies codebase there will be a variable or method which will let you retrieve the user’s token. Find the token, print it to your developer console, then copy and paste it to a text file and you’re all set. Now you have the magic word!
Second, you’ll need the URL for the API endpoint which you want to query. Just like with the token mentioned above, you’ll need to hunt through your companies frontend codebase to find this, then print it to your developer console, and then copy and paste it to a text file to save it.
Third, you will need to find the JSON data which you want to send to the backend API. Typically with a POST request, you will be sending information to the backend API in the form of a JSON object. So find the JSON which you want to send the backend API, print it to the console, and copy and paste it to a text file.
Now we’re all set. We have our token, API endpoint URL, and the JSON data we wish to send via Postman. You can either fire up the Postman desktop app to send your request, or log in to getpostman.com and use their web-app. For this example, we will be making an HTTP POST request (as opposed to an HTTP GET request).
Once logged in to Postman, click on “Create a Request” to get started. Select “POST” from the dropdown menu and paste the URL for the endpoint which you wish to query. Under the “Authorization” tab, paste your bearer token. Under the “Headers” tab, enter the key “Accept” and the value “application/json”. And under the “Body” tab, select the “RAW” radio button and select “JSON” from the dropdown menu, then paste your JSON into the text field.
Press “SEND” to make your HTTP request, and that’s it!