Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: I created Postwoman, an online, open-source API request builder (indiehackers.com)
280 points by liyasthomas 51 days ago | hide | past | web | favorite | 99 comments

I'm surprised that nobody has mentioned Insomnia.


It's an excellent tool that allows defining workspaces and even sharing sets of routes with members of your team. It's one of my favourite tools.

Personally using Nightingale when on Windows and couldn't be happier. I don't need or want another electron app running on my machine and currently all the cool kids in the space of API clients seem to be using just that, including Insomnia.


Thanks for the tip! I will try it out.

I installed this yesterday after having a strange issue with Postman eating an environment variable and spitting out an undefined request body. Surely a small issue, but really enjoying insomnia since. I'm also writing some automated tests that work mostly in http requests, but also do some grey box setup / inspection (of the queue, database, pre-create an account, etc). It got me thinking, it would be great to be able to mix that test logic with requests and use insomnia (or something like it) as a gui for test writing / debugging (when I can stay at a high level). I'm sure this is being done in many ways now, so I"m eager to research it a bit more when I can afford the time.

Can you comment on the I/O of documentation from it? Ie, I hate how Postman and friends want to be the nexus / saas of my products API documentation. I want to work with something in a common format, like OpenAPI, RAML or BlueprintAPI. These HTTP clients are nice, but I want them to be a tool, not required.


I've used them all: Postman, Insomnia, Paw, and other online web apps. Unfortunately none come close to being usable for large APIs imo. Some of the problems I faced off the top of my head (it's almost 2 years ago now since I tried them all though, but I haven't seen much change to be honest):

Insomnia: doesn't really have any support for documentation stuff. It is just an HTTP client that if you share your workspace with your team, is some kind of documentation. But you cannot share this outside of your organisation.

Postman: their documentation implementation seems one of the better ones, but Postman itself just isn't very DRY. For example we have a slightly different authentication scheme which isn't supported so we had to add a simple Javascript snippet to each request, but keeping all of them updated is impossible. I personally also wasn't a big fan of their client and it's not very user-friendly imo.

Paw: honestly pretty good. I asked them a few years ago to implement this and keep me posted. They eventually implemented some documentation stuff, but it's proprietary and using a plugin to convert to RAML or something else is a pain. When I used it, it also wasn't very expansive. It also faces the same problem as Insomnia: you are not able to share it outside your team. Though it also requires everyone to buy Paw and own a Mac. I switched to Linux a few years ago and so don't use my account anymore, that I paid for.

OpenAPI/Swagger: OpenAPI itself is great, but the website GUI that Swagger converts it to is basically useless for large APIs. You cannot nest anything and it is not very good for public documentation.

RAML: I personally love this syntax the most. Though there barely is any support for it. You cannot find any mature library or application that can convert it to actual usable documentation pages. It's also honestly a big pain to write all of the documentation at once.

BlueprintAPI: this is just way too barebones. I immediately stopped using it after trying it.

There were some others I tried, none really noteworthy. It's been a while as well so it's possible that some of my opinions are out of date.

It's always surprising to me that something so central, api documentation, is so abandoned in the industry. It's.. weird.

I guess it shows how little devs prioritize documentation.

Not sure about open source projects, but in corporate settings it is often driven by short term thinking in priorities, sometimes driven by short term incentives that reward features over usability/support.

With products like Swagger, I find the term ‘documentation’ a misnomer. Oh-well.

I like the fact insomnia has no extended support for documentation, I want it to only be a simple http tool.

I use swagger for endpoint documentation. ideally, I could just post an example from swagger into insomnia, or import basic examples.

What do you mean by "You cannot nest anything" wrt swagger?

I have been using Insomnia since it was shown in HN. One of my recent favorite features is request chaining introduced in v6.4.2.

Another vote for insomnia!

I really like how insomnia / postman let you collapse objects. It helps keep everything neat when poking around the data returned. I didnt see the ability to do this with postwoman

I've used Insomnia for a while and absolutely love it. It's become an essential tool in my development process.

I've been using Insomnia since I had some issues with Postman, and I have not looked back.

I switched to Insomnia from Postman a couple of years ago - love it!

I'm just a user of this, but if anyone is looking for a truly native MacOS version of Postman, you should take a look at Paw.


Paw is the gold standard for these kinds of utilities. If you're still using something else, you're missing out.

I never knew this existed, thanks! After looking for a Postman alternative (Due to Electron) I took a look at Paw and I am really enjoying using it on my MacBook and replaced Postman with Paw.

Paid for Paw years ago, no regrets. Only use it occasionally, but super pleased with the experience when needed.

Using this for years already and the developer is very responsive if there are bugs. Can highly recommend it.

Paw has excellent features and native support. Totally loved it. I regularly use it and never ever thought for any alternative. The best feature I love is sharing request with private url .

Adding to the praise, I adore Paw and the developer is amazingly responsive. Highly recommended on my end.

Paw is fantastic- just missing GraphQL support to be even more fantastic.

Can it use postman collections?

Yes, it supports plugins, one of which can import Postman Collections. There is also a plugin for exporting Postman Collections in case you work with people who use Postman.



> I use a low-end PC and can't possibly afford to run another Electron app

> That's why I created my own API request builder with pure JavaScript (I used Vue.js) + HTML + CSS

So... the only differences are not running this as a separate process and NIH?

Presumably lower memory usage due to not running in a separate process. On a low-end PC this is a completely valid concern. Chrome is memory hungry. Running one instance might be viable. Running 2, 3 or 6 probably isn't (and you can always choose a less memory-hungry browser).

If performances are a concern I would build it in QT, not Javascript. Just opening Firefox eats like 400 MB ram on my PC !

If you're developing a web application...isn't firefox already open?

It makes me question, is there any way to run a slim browser for these kind of tools?

It would be cool to have a tool that would: * run a very slim browser tab for each tool * I cloud load/save sites into tools (So I can really run them offline) * Could have a shortcut or a starting page that's just links to my saved tools

Considering this tool uses JavaScript rendering, I'm not sure you could get away with a "slim browser". You're going to need all the bloat that makes CSR work.

Saw this on Hacker News a short while back and it was pretty easy to set up. Might be pretty close to what you're looking for. It aims to be a sort of a replacement for what Electron does, without embedding a full browser.


Check out Fluid[0], it might fit your needs.

[0] https://fluidapp.com/

Don't CORS restrictions basically render this whole tool useless?

It seems the user created this because they thought that Postman required too many resources as an Electron app.

I'm not sure why they didn't just use a commandline tool (e.g. httpie [1]) that would work with any API, rather than just those with permissive CORS headers.

[1]: https://httpie.org/

So Postman used to be a lightweight Chrome plugin. Then its developers turned it into an electron app with lots and lots and lots of features. They did this as a vehicle to begin offering paid features and enterprise plans.

To your second point, despite years of writing Curl some times its nice to have an interface and for some people that is their personal preference.

Another reason why they moved to Electron may be that Google announced [0] in 2016 that they will discontinue Chrome Apps (outside of Chrome OS).

[0]: https://blog.chromium.org/2016/08/from-chrome-apps-to-web.ht...

I suppose it's useful for APIs with permissive CORS headers. Maybe there's also some way to run it locally as a separate app with SOP disabled?

Maybe something like:

  $ chromium-browser --disable-web-security --user-data-dir="/tmp" --kiosk https://liyasthomas.github.io/postwoman/
Unrelated, meta note: why does indiehackers need a separate interstitial splash screen, visible for ~4-5 seconds to load a simple article page?

Then you're launching a second chromium instance and practically recreating Electron.

Yes, indeed. Sort of defeats the point of Postwoman being more performant..

Still, this seems safer than the various extensions that have been recommended in order to disable the SOP. I'd rather the user's data wasn't on the line.

Right, so I don't see any reason why I would ever want to use this tool when far superior alternatives (like postman) exist.

load balancer /s

I use Postman a fair bit, and looking through my history it's mostly playing with 3rd party APIs to see what format they return and how they respond to query params and such. So it works for that purpose, since those generally won't have CORS restrictions.

It probably won't work for testing of your own API endpoints for, say, a SPA, though, which is likely to have CORS. But for local testing where I control the backend, I mostly just rely on printing responses to the terminal anyway.

It indeed seems to be totally broken.

it could proxy the requests through a server.

I don't understand. Plus it has 1700 stars on github.

What exactly is there to "understand"?

~~Does Postman work with JS? I've used it with Python.~~

Oh nvm I'm thinking of a different service

After Postman lost all my saved queries after an upgrade I switched to Insomnia - https://insomnia.rest/ and am quite happy with it.

I'm curious to know what gives you the confidence that Insomnia won't lose your saved data? Are you paying the premium for the data sync?

Not OP, but since Insomnia is a native app, it'll probably store its data and preferences in ~/Library. That is of course backed up via Time Machine.

It is not nattive , very hard to find native apps https://github.com/getinsomnia/insomnia

Why wasn't the Postman data backed up by Time Machine?

Since it was added, my favourite way to do API requests is IntelliJ Http client


You just write the requests. That's it. Not much of an interface or anything.

It also supports creating requests from a cURL command (so in Chromium devtools you can copy the cURL request and then paste it in IntelliJ).

This is also what I use. Others mention insomnia, but it does not support testing responses (validating them) with a script. With the Http Client in IntelliJ you can do that, as well as with Postman. But with Postman you need to import/export everything and put it into you projects, so you can check it in with your source code. Using IntelliJ you don't need to do that anymore too.

Having used Postman, Insomnia and the IntelliJ Http Client, the last one is the best out of them all.

That's pretty nice! I'm a Rider user, which is based on IntelliJ... Will need to check if Rider has this!

I like wuzz. An ncurses interfaces for HTTP requests that allows me to save my configuration. It's super lightweight and all I need.


Is this affiliated with Postman? It seems disingenuous to reuse their name if not.

Came here to say the same. Seems needlessly antagonistic.

But inclusion!

Navigating to the site[1] and asking me to install it on my Chrome browser without providing any relevant information is a big security no-no. I think the developer should have provided more information on the product and link to a trustworthy site where the binaries could be verified and added (safely) into the browser.

[1] https://liyasthomas.github.io/postwoman/

Hm, web based so defeated by CORS (plus privacy issues unless you install it on your own server, but then Postman itself is closed source …). Fortunately there's an Emacs package for this =P http://emacsrocks.com/e15.html

I'm pretty happy with the features of the vscode-restclient called VS Code extension. https://github.com/Huachao/vscode-restclient

Opening the link I was hoping that this would be a postman with better support for file uploads. I have a long lived desired to be able to have postman request which embeds a file to upload. I really like postman features and UX but when I need a test suite for a file upload endpoint it doesn't match.

Tried several hacks to achieve to embed files but none worked. If the endpoint supported Content-Transfer-Encoding it would be kind of easy to do.

If you're on macos, you want https://mmattozzi.github.io/cocoa-rest-client/

You don’t need a hack. I do it all of the time.


That doesn't work for the test runner, just for one time off requests. Just closing and opening postman it looses the file you had choosen.

Use the export functionality to create a script in your language of choice? (c#, Java, Curl, etc.)?

In my opinion that would defeat the purpose of the tool. I like to have a postman suite file that I can share... using other tools and integrations would kind of break that.

Postman best thing is that an easy enough tool for beginners and customizable enough to be a test suite for an API. The cost of leaving the tools for it's pretty high.

That's a neat side project, and I like the idea of having a quick website I can go for testing quick requests rather than having to open a full-fledged app.

Working on integrating other companies APIs and find declarative approach easier like VSCode has this extension where you could write all API calls in code. https://marketplace.visualstudio.com/items?itemName=humao.re...

If you're already in VS Code I prefer the rest extension as well. It's great for making quick one-off calls but is a little under-powered for organizing larger sets of endpoints, credentials, etc

You can create env variables, local variables, use response results in next request etc.

How does performance compare to PostMans laughably bad performance? I'd love to drop postman.

Plenty of alternatives. Paw[0], Insomnia[1] to name a few.

[0] https://paw.cloud/

[1] https://insomnia.rest/

Great, You can host your open source API on www.inventrust.com as well. This is a blockchain enabled, collaborative Exchange for Trusted software code.

Don't forget to paste your auth tokens into a random website today.

Is it any safer than pasting your auth tokens into a standalone application like Postman? That can just as easily send that information somewhere else, but now you can't press F12, get a network tab, and look at outgoing requests.

You actually can press CTRL+SHIFT+i to open dev tools in Postman. It is just electron after all. Also even if it were some other UI toolkit you could view the network requests via Fiddler/Wireshark/etc.

FYI, only requests made with the XHR/Fetch APIs in Electron apps show up in the console. Insomnia (I am the maintainer) uses libcurl to send requests, which do not appear in the console. The NodeJS http/https APIs also do not.

Everyone: don't use existing please make new, unique keys for services like this. Time-box and revoke!

How does that stop the operator from watching the logs, and stealing all my data?

Can you please elaborate on what you mean by time-boxing and how you achieve it? I'm assuming it means to assign a time scope to a key and then revoke it's access outside of that time period. This would require access to the API authentication methods, correct? Otherwise, for API's that you don't have backend access to (e.g., GitHub API) you should just generate a token for testing and manually delete it when you are done?

They mean to assign an expiration date to your tokens. Then when you're done testing, still revoke the token, even if you haven't reached the expiration date.

This is exactly what I meant, thank you.

this is pretty cool! I've needed a tool like this all week to mess with the GitHub API

Rested firefox extension is quite nice too.


This breaks the Show HN guidelines badly, and the site guidelines too. Would you please follow the rules when posting here? We're trying to avoid degraded discussion where possible.



Even by HN standards this seems like an excessive level of cynicism for a bog standard blog post format.

Well, it _is_ 5.4 MB of data for a short text-only blog post. Even by today's web standards this seems like an excessive amount of bloat.

I did not mean to come about as cynical, I simply do not understand this mindset. If you identified a problem, why not fix it? Why keep on making the same decision with the same deterministic outcome?

If you don't want to come across as cynical, you could probably have done without these superlatives:

> This is probably the worst website I have ever used.

> What is going on with these people.

Are you talking about the indiehackers website? That's not made by the author of the post

I'm aware, that was a different point of criticism. I apologize if that wasn't clear.

The author could have picked a more suitable place to make an announcement. This is so hypocritical it's actually pretty funny.

Here is the definition of trademark infringement directly from USPTO [1]: "Trademark infringement is the unauthorized use of a trademark or service mark on or in connection with goods and/or services in a manner that is likely to cause confusion, deception, or mistake about the source of the goods and/or services."

I'm not affiliated with Postman in any way. But if I was, I'd already have sent a note to my lawyers to collect evidence, issue a cease and desist letter, get your project kicked off of github, and prepare for the possibility of lawsuit.

Given the nature of your project and the extreme similarity to the name "Postman", I would strongly urge you to change your project's name before you expose yourself and your family to potential financial ruin.

[1] https://www.uspto.gov/page/about-trademark-infringement

First, doesn't even look like it's a commercial product.

Second, the creator says they don't have the money right now for a domain name. You can't squeeze blood from a turnip. And they may not even live in a country that respects US trademark law.

Seems like a polite request from postman would be a good place to start.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact