Showing posts with label Postman. Show all posts
Showing posts with label Postman. Show all posts

Thursday 7 September 2023

Extend Power Automate Logging

  1. Power Automate has a Connector to query other Power Automate environments to list, update flows,...
  2. PowerShell to examine Flow/Power automate

https://www.cloudsecuritea.com/2019/09/generate-an-overview-of-all-microsoft-flows-with-powershell/

Use postman to Interact with an API - get the bearer token first.

Thursday 27 July 2023

Friday 9 June 2023

App Insights for Power Platform - Part 1 - Series Overview

Overview: Microsoft have great capabilities for logging and monitoring.  In this series of posts I will be examining the various parts of logging that may be useful in building solutions that are well monitored, provide alerting, easy tracing, and identifies issues or potential issues as soon as possible.

I am looking at App Insights for Power Platform monitoring.  So this includes: 

  • Power Apps (Canvas, and model apps),
  • Power Automate,
  • APIM, 
  • Azure Functions, 
  • Azure Service Bus, and
  • App Insights.

I shall be setting up a demo environment and these are the logical components being covered.


All the components making up the solution shall log into Log Analytics (left-hand side of the diagram).

For Continuous Integration, my clients will be Postman monitor (it's awesome and so easy to use all those postman collections), DevOps is great and I'll use it to run smoke tests after new releases.  I also use flows, to report on flows (sounds nuts but i love it).  These are at the bottom of the diagram. 

Lastly on the right of the diagram, I look at extracting logs for reporting (Power BI), and Monitoring using Azure DevOps (p.s. think about Grafana instead of DevOps Dashboards, it so nice).

Couple of extras are: Availability Logging, alerting, automating Canvas app testing, Playwright.  

From the diagram, you can see the data is now held in Log analytics and it can be queried via Log Analytics or App Insights using Kusto.  Note: the syntax is slightly different.

Series

App Insights for Power Platform - Part 1 - Series Overview (this post)

App Insights for Power Platform - Part 2 - App Insights and Azure Log Analytics 

App Insights for Power Platform - Part 3 - Canvas App Logging (Instrumentation key)

App Insights for Power Platform - Part 4 - Model App Logging

App Insights for Power Platform - Part 5 - Logging for APIM (this post)

App Insights for Power Platform - Part 6 - Power Automate Logging

App Insights for Power Platform - Part 7 - Monitoring Azure Dashboards 

App Insights for Power Platform - Part 8 - Verify logging is going to the correct Log analytics

App Insights for Power Platform - Part 9 - Power automate licencing

App Insights for Power Platform - Part 10 - Custom Connector enable logging

App Insights for Power Platform - Part 11 - Custom Connector Behaviour from Canvas Apps Concern

Tip: The Power Platform Admin Centre has a good overview of the Power Platform, but to make logging and monitoring better push data into Azure Log analytics and monitor and alert centrally.

Also seeView and download Dataverse analytics - Power Platform | Microsoft Learn

Monday 10 April 2023

Postman automation reminders

Also see "Postman to check Open API's are Running"

Fire Postman collections on demand using curl

A monitor is already setup: I need the postman monitor id and an API key

Run local postman collection using Newman via Powershell (call from CI pipelines or a short-cut on the desktop)




Friday 17 March 2023

Why is Postman so fantastic?

Overview: lots of IT technical people user Postman for API creation, exploration, testing.  There is so much more to the product than most developers are aware of.  Initially Postman was for developers to explore and test API's, basically a test rig for API's.  Postman built a Minimum Lovable Product (MLP) initially, they have added multiple features over the years and they are so useful.  Most users tend to use the most basic features but could use additional functionality

List of Features I like:

Monitor - Postman has a Monitors option that is great for continuous monitoring, you can link to your collection and run them on a schedule. I like to take a small key set of API's to run every 5 minutes using Monitor to schedule my collection runs (from Postman cloud), this provides me with: Are the APIs running and is their performance decreasing.  The monitoring Dashboards are fantastic, and alerting allows for webhooks or email.  In this post, I monitor API's with OAuth security and send alerts into Microsoft Teams using email on the Teams channels. 

Postman API Builder - Allows me to build OpenAPI contracts and mock the API to allow contract first/API-First  design (UI and backend development can be done independently.  I tend to use Swagger tooling and APIM to mock to do this but I'm very tempted to do use Postman Mock Servers

Postman CLI - This allows me to run collections on my local machine or from a server.  In a post I cover using the Postman CLI to run a postman collections using PowerShell, adding a shortcut to quickly verify and API is running, and I added Elgato Stream Deck so I can click a button and it will run my collection on my laptop. 

More Features: Environments, Tests and collecting responses into variables, Collections, Authentication Reuse, Workspaces, Loading test file data, source control/Git, Pipeline testing Integration,

Friday 17 February 2023

Postman Monitor for Continuous Monitoring and Alerting in MS Teams

Overview: Pretty much every tester and developer loves postman. And that is because it makes our lives easier and it just plain awesome.  Postman is bringing out tons of new features and I was playing around today looking how I could do continuous monitoring with my postman collections.

Thoughts & Playing:

I have a postman collection that runs 8 requests and does 14 asserts.  The first request gets a new OAuth token using AAD login.  Then I do a series of requests and I do an assert to ensure I am getting a 200 response code and that the response time is less than 3 seconds on each call.  I can run the collection locally.  Level 100 API verification looks good.

In the past, I have taken this collection and run it as a shortcut on my desktop using Powershell with the Postman CLI to display me the results.  Makes my life easier.

I then added Elgato stream deck so I can run the monitor with a single button push (more me playing than real value).  I'd say I'm at level 200 in continuous monitoring capability.

Next, I setup a monitor on the collection, and this allows me to login and view the dashboard and trace, great stuff, and I get an email if anything goes wrong as an alert.  So now I'm getting serious about monitoring and alerting on my API's.  Level 300 is approaching.




Postman monitoring has integration for MS Teams, and Slack.  It also can send logs to Data Dog and New Relic but now Application Insights (recon this will come soon).  I setup a channel in teams to have a webhook, and I can send in the results using Postman but it's way easier to use the integration on the Monitor to push the result of each run or automatically after 3 failures.

Summary:  This Postman monitoring allows me to send detailed API requests at different intervals so I'm thinking for production: 
  • 5 min for health and basic check (look for performance and service slowdown or failure; add alerts but don't over alert so use teams except if service breaks then Teams groups),
  • Hourly, check key functionality/API's including CRUD operations and clean up (ensure the service is operating for most key endpoints), and
  • Daily, in the early hours run a full regression API set of tests, and clean up afterwards (Support/help desk need to review each day).
Don't over alert, let me say that again don't over alert.  Alerting is like water, you definitely a little but floods are not great.  So with Teams & Slack, it's easy to push results and issues into a channel so key people are aware, and it gives a much better experience than email alerting.

I like the idea of using Postman as it's infrastructure is separate as I generally use the Azure/MS stack including Application insights. 

What Next:  I'd like to figure out how to push results into my logs for reporting off a single source.  I could embed the postman monitoring into iFrames but I'd probably use an Azure logic apps Azure function to listen for the Postman POST, then I can format adaptive cards for Teams, and outlook, easily integrate Twilio for SMS or maybe What's app.  From the logic app i can use a Application Insights SDK to add Tracing.  

Combining with Correlation Id's and App Insights, I can see issues, have them summarised, get the right level of alerting, trace specific issues quickly.  Ideally we capture issues before customers report them. and if a customer reports and issue it can be 100% traced, remediated and fixed for all customers quickly.  Changes to API's and compatibility is also a nice benefit of this approach.

  


Sunday 15 January 2023

Postman to verify OpenAPI's are running

Problem:  Our teams rely on a 3rd party API for a new project being delivered, the API's are in a state of change and are constantly up and down making life tough for the teams replying on the API.

Hypothesis:  I need a quick way to check the API's to see if they are all working in dev, and test.  I have two postman collections for the REST API's.  If i combine them and check the key API's using postman I can save myself and other time as I'll know the current state of the API's.

Solution: Create a site collection that does the API verification, you can make it more complex with data and variables.

Problem:  I can open Postman and run the test which takes a few minutes.  We need to do this quicker.

Hypothesis: I'd like to be able to run the tests quickly on demand.  Use postman CLI and Powershell to run the collection and display the result.

Solution

1) Add the Postman CLI to my machine:

PS> powershell.exe -NoProfile -InputFormat None -ExecutionPolicy AllSigned -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://dl-cli.pstmn.io/install/win64.ps1'))"

2) In postman generate an API Key for the Collection > Run Collection > Automate runs via CLI > Generate the API Key > Copy the generated code


3) Run the code in PS to verify it works correctly.

4) Copy the PS code into a newly Created ps1 file on your local machine, I added a read line so I can see the result.


5) Run the API.ps1 file and verify the result

6) Setup a desktop short-cut to run and see the result.  Right click the API.ps1 file and create a shortcut on your desktop.  Right click and amend the target and amend the target value:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File C:\Users\PaulBeck\Downloads\Projects\PoC\Postman\API.ps1

7) Save and run the shortcut to verify.

Problem:  Monitor and alert DTAP API's are working and performance

Resolution: I want to monitor that my endpoints specified in my Postman collection in Dev, UAT et al. are working, can be more than 1 endpoint using Postman Monitor.

Next steps: Add to automated DevOps processes, using Newman.

Sunday 3 July 2022

Personal Access Tokens (PAT)

Personal Access Token (PAT) are used a lot for automation in DevOps, once again need to lookup the informal on PATs.  I use Postman and I use PATs to automate connecting to Azure resources.

https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows

Store the PAT as it won't be retrievable again.





Sunday 7 November 2021

Power Apps - MicrosoftTeams.CreateATeam() connector method not working

Problem:  I am provisioning a new team inside my tenant using Power Apps.  The code throws an error and I can't get the TeamId, however, the Team is being created.


Hypothesis:  The call creates the team and using the Monitoring Tool inside Power Apps I can see the call is working.  The issue appears to be when Power Apps reads the response.

Possible Resolutions:  

  1. Use Power Automate and fire from the Power App
  2. Create a custom Postman Collection using the Teams Graph API



Thursday 3 June 2021

Post a message into a Teams Channel using any HTTP client

Overview:  I need to post messages into Teams channels from my application, it is extremely easy to do and took me 15 minutes. 

Steps to Post a message from Postman into a specific Teams Channel:

1. Setup a channel to accept POST requests


Add a connector to the Channel




Find the "Incoming Webhook" connector


Create/Configure the new Webhook

Copy the webhook endpoint

2. Send a postman POST HTTP request to push the data into the Teams Channel


3. Verify the result in the teams Channel
The custom message is displayed in the channel.

Tip: Format the card/message using these instructions.

Tuesday 1 June 2021

SaaS Azure Testing Thoughts

 Tooling:

  1. API Automation - Postman, Newman
  2. UI Automation - Selenium
  3. IDE - Visual Studio 2019
  4. Test Organization - Azure DevOps Test Plan
  5. CI/CD - Azure DevOps

Code reviews:

Code review is used as a verification technique to ensure that each unit is coded as per standards and expected business logic and inline with coding standards and best practices.  Automate code review built into Azure Pipelines should include:  

  • WhiteSource Bolt - Scan packages for vulnerabilities.
  • SonarQube - Static Analysis, 
  • Blackduck - Open-Source Scanning (OSS) tool.  Used to look for license risks and unused references.
  • Checkmarx - Static Application Security Testing (SAST) tool benefits include: Detect security vulnerabilities, Improve developer practices, and reports on code ownership.  Static code anaylsis.  VeraCode is a competitor product.
  • BugSuite
Code should pass OWASP (Open Web Application Security Project) shows the most common code vulnerabilities.  OWASP ASVS (Application Security Verification Standard) - framework for controls when building applications to cover functional and NFR's for web applications.

Unit testing:

Unit tests are written to ensure every unit of code is working as expected, and to prevent a defect from going to the next level on all C# code.  Xunit and Moq are the tools to be used for unit testing using the standard Arrange > Act > Assert pattern.

As long as Unit test coverage is high and of a good standard, I don't mind if the tests are written before the code (TDD) or as most developers tend to do the tests after the code is written.

API testing:

All API must use Postman collections and Environments for local testing.  The tests need to cover all API's dealing with authentication, authorisation, checking status codes, body responses, headers, data persistence, and post test clean-up.  Use Newman to integrate postman tests into Azure pipelines:

https://www.npmjs.com/package/newman-reporter-htmlextra

Selenium testing:

Code for UI must be automated where possible.

SonarQube: "automatic code review tool to detect bugs, vulnerabilities, and code smells in your code" SonarQube documentation

Code Smells:  Bloaters, OO abusers, ....

Checkmax detects potential security issues

Disposable email addresses: You often need to test login/account creation and it's useful to have temporary disposable email addresses:

Wednesday 24 June 2020

Postman API Builder Intro

Overview: Tools for building and mocking API's.  Swagger has good tooling and my original preferred choice.  APIM - Great tooling, part of Azure and easy to replace mocks as you go along with the live implementation.  Postman is offering a great set of functionality to rival Swagger and APIM.  This post looks at Postman's new functionality around building API's.

Postman API Builder:
Not only a test rig, it now offers the ability to build API's and mock:
  • Mock - so you can test supports key and OAuth authentication
  • Assert Tests - You can specify asserts in postman
  • Test suite - generate collections/Collection Runner - Allows a set of related tests to run sequentially.
]
  • Document the API
  • Monitor
  • Version control for changes e.g. GITHub
  • API Versions supported
  • Note: Free plan has all of this, limited on the number of API's but all the features are on the free plan.  The main notation formats are support including:  Open API specification (OAS) & GraphQL
Summary:
I like Swagger tooling, I have done a few projects find APIM fantastic for building API's quickly.  Postman historically was merely my test rig but looking at the functionality, Postman API Builder is a great option for designing and building API's.  Postman is a good tool for building into CI/CD pipelines to validate API's.

Few more assert examples:

Postman offers a service to monitor API's using your postman collections, these can be triggered using Curl so can build into DevOps, Power Automated scheduled flows,....
sentry.io looks good as an alternative option

Sunday 12 January 2020

API Management Mocking

Problem:  Create an Open API Specification (OAS) endpoint for testing using APIM

Background:
  • Azure has a great service to bring multiple API's under a single publishable layer (think MuleSoft).  I like to use APIM to setup an initial contract that developers can use before setting up the actual API.  This allows both the consumer teams and the back-end development team to work independently to this OpenAPI agreed contract. 
  • Swagger originally owned and ended up creating the OpenAPI specification (OAS) that now of companies now use.
  • Swagger has great tooling for creating OAS API's, documentation, stub hosting and generating code such as .NET core that you can import into your dev environment. 
  • Azure has a developer APIM instance licence that is relatively inexpensive (creating an APIM instance takes up to 20 minutes) but leaving it running for my personal dev is pretty expensive.
Overview:  This post outlines the steps to setup an APIM instance using an OpenAPI file created in swagger.  The APIM service shall be setup to return mock data.

Steps:
1. Create a new instance of APIM - Do this first as it takes up to 20 minutes before the service is ready.
1. Create an APIM instance
2. Open swagger.io in a browser and signup, "Create New", this gives you your starting OAS file for your custom API.

2. Login to Swagger and create the Open API file using YAML
3. Using the Swagger Editor, create the desired endpoints.  It took me a few hours to get use to YAML as it is space sensitive but very readable.
3. Swagger editor
4. On the top right of the Swagger editor is the "Export" option.  Click Export > Download API > JSON Unresolved.  And keep the .json file ready to import into your APIM service.
5. Open APIM, and add a new API.  APIs > Add API > Open API as show below.
Import OAS file into APIM
 6. Import the file and the fields get populated per you instructions.
Upload the OpenAPI json file into APIM
7. The list of operations shows up - in my case i only have a single GET operation call \Get Customers
APIM Service is now created but not connected to a back-end

8. Add Mocking to the end point.  Highlight the Operation i.e. \Get List all Customers > Inbound Processing (Add Policy) button.  Select "Mock-responses" > Save


9. Generate the JSON responses:
a) Select the Operation i.e. \GET List all customers
b) Frontend drop down > Form-based editor
c) Click the "Responses" tab
d) Click the "200 OK" link
e) Click in the Sample Box, and "Auto Generate", Save


 The APIM service is now setup and we are ready to test.

1. Test using APIM's Testing tool


Check the 200 Response
Mocked response from APIM test tool

2. Testing using Postman
Open Postman, and craft the request as shown below:
Postman APIM testing

NoteThere are several competitor products like Mulesoft, Amazon API gateway, Postman and Swagger also offer a lot of these features.  There are other products that I have not used such as Kong API Gateway, GCP has Apigee, Gartner has a list of competitors and the magic quadrant done each year.

Summary:  It is pretty straight forward to setup APIM mocking as shown above.  And then easy to test it using Azure APIM tests and Postman.   This post show how to add various mocked APIM responses.   

Sunday 27 November 2016

Web Service/WebAPI test tools


  1. https://www.getpostman.com
  2. https://insomnia.rest
  3. http://www.telerik.com/fiddler (if you are pretty advanced)
  4. BURP
  5. IE or Chrome Developer Tools
  6. FireFox plus addins

Postman
Azure Power Platform has custom connector testing tool which is fantasic if you are on the platform.