Is Postman ready for Enterprise?
21 May 2024
Sometimes I’m blown away that it’s 2024 and we have so few mainstream user-friendly, collaboration-friendly, secure tools to support people who need to make exploratory or repeatable HTTP requests.
Postman has been the weekend warrior gold standard for about a decade now.
However, I just don’t see Postman as a mature enterprise tool, because despite being all about APIs, Postman itself is not an API-first product.
- TODO: Explore the Postman Scaffolding API.
Here are some things an enterprise would probably want to automate that you can only do by clicking buttons on Postman’s web site, and can’t do through Postman’s API or CLI:
- Read, create, edit, delete, enable, and disable API Governance custom rules.
- Create/update API Definitions so as to make them derived from a given Git repository.
- Refresh the contents of an API Definition that’s already marked as derived from a given Git repository.
In enterprise, I don’t care about some stupid “AI” bot that’s going to introduce even more herding-cat behaviors on the part of Postman users at my organization. I want to govern. I want to administer. I want to author and regularly run scripts that:
- Query for people using Postman in a way I told them we don’t do at my enterprise.
- Delete/disable/fix such things, when found.
- Constantly overwrite any in-Postman “drift” from state that can be found in external (e.g. cloud provider) sources of truth – that includes its private API network, its API Definitions, its associated Collections, its Environments, and its Mock Servers.
Even worse, here are some more things you can’t do at all:
- Use a nonhuman identity (one without an email address) from your SSO source as a Postman account. (With what, exactly, are enterprises supposed to invoke the Postman API or CLI during those times that it actually does have an appropriate endpoint available?)
- Add path items, operations, etc. to API Definitions with a point-and-click UI like SmartBear’s SwaggerEditor website provides.
I can’t decide if I’m cheering for Postman to stop scope-creeping and start properly supporting enterprise-style (ahem – automatable) use of their product, or if I’m cheering for Microsoft to just make a dupe (it’s 2024 … we’re all Microsoft captives because of VSCode anyway, and lots of enterprises are doing their API work in Microsoft’s cloud and version control products on top of that, thanks to a history tied up with Windows, Active Directory, and Office).
Sadly, I suppose I’ll have plenty of lung capacity with which to cheer. Because I’m not holding my breath. (I’m looking at you, “There are no changes to the Postman API with the v11 release.” SERIOUSLY?!)