Also see "Postman to check Open API's are Running"
Fire Postman collections on demand using curl
A monitor is already setup: I need the postman monitor id and an API key
Run local postman collection using Newman via Powershell (call from CI pipelines or a short-cut on the desktop)
Problem: Our teams rely on a 3rd party API for a new project being delivered, the API's are in a state of change and are constantly up and down making life tough for the teams replying on the API.
Hypothesis: I need a quick way to check the API's to see if they are all working in dev, and test. I have two postman collections for the REST API's. If i combine them and check the key API's using postman I can save myself and other time as I'll know the current state of the API's.
Solution: Create a site collection that does the API verification, you can make it more complex with data and variables.
Problem: I can open Postman and run the test which takes a few minutes. We need to do this quicker.
Hypothesis: I'd like to be able to run the tests quickly on demand. Use postman CLI and Powershell to run the collection and display the result.
Solution:
1) Add the Postman CLI to my machine:
PS> powershell.exe -NoProfile -InputFormat None -ExecutionPolicy AllSigned -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://dl-cli.pstmn.io/install/win64.ps1'))"
2) In postman generate an API Key for the Collection > Run Collection > Automate runs via CLI > Generate the API Key > Copy the generated code
4) Copy the PS code into a newly Created ps1 file on your local machine, I added a read line so I can see the result.
6) Setup a desktop short-cut to run and see the result. Right click the API.ps1 file and create a shortcut on your desktop. Right click and amend the target and amend the target value:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File C:\Users\PaulBeck\Downloads\Projects\PoC\Postman\API.ps1
7) Save and run the shortcut to verify.
Problem: Monitor and alert DTAP API's are working and performance
Resolution: I want to monitor that my endpoints specified in my Postman collection in Dev, UAT et al. are working, can be more than 1 endpoint using Postman Monitor.
Next steps: Add to automated DevOps processes, using Newman.
Overview: App Insights provides independent infrastructure for logging and tracing activities. It is tightly coupled with Azure services including PaaS. This allows for consistent scalable logging. App Insights now stores logs in Azure Log Analytics, these are all under the umbrella of Azure Monitor,
On a SaaS solution, I am looking for App Insights to log any errors have the ability to log trace information. I want a unique correlationId (to allow for distributed tracing) on the front end if there is an error so support can identify the exact issue/transactions. A unique correlationId in the http header allows for identifying a transaction and this is useful for tracing and performance monitoring. Using the App Insights SDK's and implementing a common logging module is a good idea. There are two common areas that need call out to ensure the ability to trace transactions:
Support & DevOps:
Having a correlationId allows first line to log the correlationId and quickly follow the request without asking for replication steps. This context tracing approach is common on newer applications. Third line support has full traceability of an issue to support who can empirically see the perceived performance parts broken down using the correlationId in the header.
Key API's can be continuously monitored for errors and slow down in performance, alerts can be configured around this monitoring.
Building a first line support tool that displays the errors in a hierarchy, has help scripts and knowledge bases is a good option for streamlining support.
App Insights has live monitoring and also has Kusto query language is useful for monitoring specific queries.
 |
| source cloudiqtech |
Alerting: I all to often see an overuse of alerting resulting in recipients ignoring a plethora of emails. I believe in minimising alerts especially via email, and SMS type messaging. For me, I like to create a dedicate channel for alerting that includes all DevOps members and either notify via a Teams card, and even easier is to email the channel. This can be broken down further but to start I create a channel for alerting for each DTAP environment.
Note: The default channel setup only allows members of the teams channel to send email so the alerts from Azure monitor using rules won't be accepted. On the channel, and admin needs to go to the "advance settings" and change the option from "Only members of this Team" and change it the setting to "Anyone can send".
Options: There are great services for logging so my default tends to be Azure Monitor. The main players in Application & API observability and monitoring include:
 |
| High-level Architecture |
 |
| Dynatrace Admin Monitoring |
 |
| SolarWinds admin UI from circa 2013/2014 |
 |
| Dynatrace |
Tooling:
Code reviews:
Code review is used as a verification technique to ensure that each unit is coded as per standards and expected business logic and inline with coding standards and best practices. Automate code review built into Azure Pipelines should include:
Unit testing:
Unit tests are written to ensure every unit of code is working as expected, and to prevent a defect from going to the next level on all C# code. Xunit and Moq are the tools to be used for unit testing using the standard Arrange > Act > Assert pattern.
As long as Unit test coverage is high and of a good standard, I don't mind if the tests are written before the code (TDD) or as most developers tend to do the tests after the code is written.
API testing:
All API must use Postman collections and Environments for local testing. The tests need to cover all API's dealing with authentication, authorisation, checking status codes, body responses, headers, data persistence, and post test clean-up. Use Newman to integrate postman tests into Azure pipelines:
https://www.npmjs.com/package/newman-reporter-htmlextra
Selenium testing:
Code for UI must be automated where possible.
SonarQube: "automatic code review tool to detect bugs, vulnerabilities, and code smells in your code" SonarQube documentation
Code Smells: Bloaters, OO abusers, ....
 |
| Checkmax detects potential security issues |
Disposable email addresses: You often need to test login/account creation and it's useful to have temporary disposable email addresses:
