WSO2 3 min

Postman makes API discovery and try out easy

In the last couple of versions, the API Manager’s Devportal has the possibility to not only download the Swagger file (or OpenAPI as it is also called) but also something called a Postman Collection.

Rob Blaauboer
Rob Blaauboer
Integration Consultant & WSO2 Trainer
Postman makes API discovery and try out easy

WSO2 API Manager core functionality is of course creation and management of APIs. The Publisher and Devportal are the two main components to do this. Where The Publisher is meant for the organisation itself that publishes the APIs, the Devportal (or store as it used to be called) is where developers can try out the functionality of the API, look at the documentation and interact with the APIs developers.

API Manager Devportal

In the last couple of versions, the API Manager’s Devportal has the possibility to not only download the Swagger file (or OpenAPI as it is also called) but also something called a Postman Collection.


For those of you who are unfamiliar with Postman, A Postman Collection is a group of saved requests. For the Pizzashack API of which I downloaded the collection it means the API and all the resources / HTTP verbs are loaded into Postman.

postman collection

We will look Postman installation later on but first, what does a collection look like and how is it different from OpenAPI definition?

As you can see, the content looks the same. Where OpenAPI is more generic and is also used for the creation of the API and schema validation. However, the Postman collection should be considered a subset of the OpenAPI definition. There are tools to take a Postman collection and transform it into an OpenAPI definition with the addition of some extra fields required.

transform postman collection into open api

Postman install

The installation of postman depends on your operating system. For my Linux training machines I use this resource for the manual install. Other OS can go to the downloads page of Postman.

Postman is not a free tool but has a Free version which suffices for the purpose of this blog, testing a Postman collection. If you need more functionality, take a look at the pricing page.

Software that adds value to you deserves a paid version! There is also a browser-based version of Postman, but I describe the desktop app in this blog.

postman workspace

After Downloading, create a Free account, you will need it in order to import the collection in a workspace.

Use the default workspace or create a new one. Select Import.

postman default workspace

Click on Import and upload the file we downloaded from the Devportal. I will be in the downloads directory when downloaded via a browser in most cases.

postman collection workspace

The Collection is shown in the Workspace. Here I opened all the resources.

postman menu resources

Clicking on get shows the GET on the /menu resource.

postman invocation 404

I am actually getting a 404 not found on the invocation. CORS was indicated to be the issue. I’ve enabled the CORS in the Publishers API Configuration and created a new deployment.

enable cors in api

Devportal gives me a response, Postman does not. Well, it does give me a response, but it is

{"code":"900902","message":"Missing Credentials","description":"Invalid Credentials. Make sure your API invocation call has a header: 
'Authorization : Bearer ACCESS_TOKEN' or 'Authorization : Basic ACCESS_TOKEN' or 'apikey: API_KEY'"}

Which makes sense since I did not add a token. Copy the token from the devportal into the AUTH config of Postman.

configure token

The token is a JWT token and quite long. You only see part of it. Click on send.

paste jwt token

You will see the response:

token postman auth

This shows how you can test your API using Postman with the benefit of having more control over the Request and Response than in the Devportal. Generation of a token in Postman is also possible, copy these fields to the Postman AUTH config.

sanbox oauth2 keys

And Press Get New Access Token.

pizzashackapi access new token

You will get

manage access tokens

You can now Press Send again. The token will be used.

More Collections

There will be collections for all you APIs but there are more valuable collections as well. Like the APIs that the API Manager exposes.

api manager documentation

If you click on the Run In Postman from the browser, it will connect to your Postman app and import the Collection in a workspace of choice.

result postman workspace

The result looks like this:

authentication publisher result

You see the Authentication part (required for first time use) and the exposed APIs for the Publisher. For the other APIs like the devportal, admin and so on there are similar collections.

Advanced API Management Guide

advanced api 2
Get it now
We appreciate it
Care to share

Please select one of the social media platforms below to share this pages content with the world