Hacker News new | past | comments | ask | show | jobs | submit login
Postman acquires Akita for automated API observability (postman.com)
86 points by captn3m0 on July 19, 2023 | hide | past | favorite | 121 comments



Try as they might, I don't think Postman will ever be able to justify that $5.6bn valuation...


Does postman do anything curl doesn’t? When I was on onboarding at a job my pair started teaching me postman, which ended with me teaching them curl and them dropping postman. If you need to share queries, put them in version control!


This is a very uninformed comment.

It’s like saying web browser doesn’t do anything that curl doesn’t. It’s technically true but not really.

But it’s also technically incorrect. Even on request level, not speaking about all the things on top that Postman does, Postman also does grpc and graphql (edit: and websocket), which curl doesn’t.

Once you start adding all the features, it’s very hard to replace Postman with anything.


I'm pretty sure curl does support GraphQL. It's a little weird with the formatting but it can be done.

Postman can even export a GraphQL request to a curl command.


ah you might be right.


postman was essentially built as a easy GUI version of curl. Once it went the VC route it kinda jumped the shark.


It also has useful automation for dealing with things like OAuth which would be annoying to handle manually (or to script) with curl.

In general I like Postman because of the ergonomics, not because it does something that more primordial tools can't. Makes debugging easier.


Agreed. Postman is a classic victim of "Enshittification" to try to recoup the VC money.

I prefer this VS Code plugin for the very simple stuff https://marketplace.visualstudio.com/items?itemName=humao.re...

I'm sure there's a gap for a "better postman" that's more complex that that, but a lot less encrusted than postman.

However IMHO, the more complex scripted testing is better done in your main dev language

Source: I have been working with Postman a lot this week. It's bad.


https://insomnia.rest/download

Like Postman, without all the bullshit. Which is to say, like a few-versions-ago Postman.


I'm now looking at this one: https://www.usebruno.com/

The advantage of Bruno (and the VS code plugin) that storing data in "just a file" is friendly to keeping a local copy, and also to sharing, reviewing and versioning with existing tools (git).

How does insomnia handle that?


I use this VS Code plugin https://www.thunderclient.com/


> X was essentially built as a easy GUI version of Y. Once it went the VC route it kinda jumped the shark.

Pretty much applies to a lot of startups. VC money does weird things.


Not "weird" -- that's literally the operational model of VC. It is all about increasing the valuation of the invested company, as quickly as possible, and then selling it while the evaluation is high. Once a company gets VC investment, this is the only route that matters (unless the board somehow resists the dominance of the VC shareholders, which is extremely difficult to achieve).


I have a few qualms with this app: 1. For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software.

2. It doesn't actually replace a USB drive. Most people I know e-mail files to themselves or host them somewhere online to be able to perform presentations, but they still carry a USB drive in case there are connectivity problems. This does not solve the connectivity issue.

3. It does not seem very "viral" or income-generating. I know this is premature at this point, but without charging users for the service, is it reasonable to expect to make money off of this?


Your first point is almost a meme at this point - so many products can be written off as pointless with the statement:

> As a [type of tech person], [product] is completely unnecessary as you can easily build a similar system yourself by simply combining [tool A] with [tool B] and [tool C]. It's so simple!

I'm not disagreeing with your point, but it misses the point that often the benefit of using a particular product is that you don't have to build it yourself, not to mention the other benefits you could get from using the exact same system as somebody else (e.g. sharing Postman collections).


My comment is actually from the dropbox announcement many years ago. It actually is a meme. lol


Has this sarcastic rejoinder actually held up, though?

"Dropbox’s stock falls as it struggles to squeeze more revenue from existing customers" - https://siliconangle.com/2023/02/16/dropboxs-stock-falls-str...


Given the comment was made 16 years ago, I think so.


16 years ago it was plausible to say Dropbox was going to be a massive success in the future. Now we're in the future we know it wasn't.


Classic HN response–"This is trivial to build"/"I could build this in a weekend".

Setting valuation aside, clearly there is some non-negative value prop for some set of users who don't want to build everything themselves (as evidenced by the fact that they have a non-trivial number of paying users).


This is a meme from the dropbox announcement.


lol. /r/woosh on me. In calling out the meme, I became another meme.

"I am become pedant, destroyer of discourse."


haha. All good.

Here's the comment if you're curious.

https://news.ycombinator.com/item?id=9224


> Does postman do anything curl doesn’t?

Yes! It's supports functional BDD-style tests, "mock servers" (really "fake" servers), a walled garden for saving and sharing data (to frustrate engineering managers and ops folks), perf tests (soon? now?), contract testing, and more. Did I mention that it's a GUI tool, so it must be "easier?"

They're trying to become a one-stop-shop for dumbing down web dev. Ideally, inside the walled garden. That has a certain appeal to management.


The contract testing is something I didn’t know about, I’ll have to look into it!

We have lots of unit, integration, and live canary testing, the postman usage was only during oncall/operations, so we weren’t using any of those neat features.


I like that they let me run same set of APIs against different environments.

Also I can stitch together different APIs by taking response from one API and pass it as request to other APIs. For instance I invoke login API, grab session ID from the response and pass it to other APIs which are behind login.

Of course one could do all of this in curl but it’ll be cumbersome. And yes, if all you want to do is invoke a single API then Postman is definitely an overkill.


> Does postman do anything curl doesn’t

Yes, a cursory examination of postman would tell you that.


Does curl support websockets?

It might, but I think the appeal of Postman is how straightforward it is to play with APIs across basically anything in the HTTP stack, with a nice GUI. Also, I thought Postman also had the ability to export your queries to curl if you want to need to use it outside Postman.


It does, but the support is not great. There’s active work to make it better. We don’t use WebSockets so that might be why my colleagues didn’t have too much attachment to postman. We have a list of bash functions we import into our zshrc/bashrc that just wrap around curl with some parts pre-filled and automatically grabbed creds from ENV as needed. It’s a better workflow since you don’t need to switch applications and you can chain calls together with some glue.


Queries might have secrets. Maybe neither tool is appropriate for that. Reminds me of the acorn about Dropbox is just an smb share.


Now they are forcing to register to their platform to continue using the collections for free. So most of the users will have to enter their data, or just leave the product (difficult, there's not that much alternative)


Really? I haven't used Postman since Insomnia came out. What's keeping you with Postman?


Isn't Insomnia the same? The parent company (KongHQ) is also backed by VCs @ 1.2B valuation. Whats the difference/better?


Insomnia isn't as far along the enshittification process yet (emphasis on yet)


KongHQ at least have Kong (the proxy), which I guess they can sell enterprisy support contracts etc for. Perhaps they won't need/want to make Insomnia a subscription nightmare?


But this isn't their main product. As it should be ideally.


I tried Insomnia but for me it felt incredibly janky and half-baked. I tried to like it but at the end Postman was just way smoother sailing for me.


I wish Insomnia had tabs the way Postman does. Also Insomnia doesn't really have a save function, so whereas in Postman you could take a request, modify it, then close the tab without changing the underlying saved request (because you didn't save/overwrite it), you can't do that in Insomnia.


I see Insomnia on the same path. Actually I am moving the Collections to JMeter.

For what I need, it's much better and finally I can use multiple certificates for the same https domain for mTLS, which was a huge limitation in Postman


Fwiw, I use VSCode with the ’REST Client’ extension and it’s pretty much all I need: https://marketplace.visualstudio.com/items?itemName=humao.re...


I much prefer the HTTP client that comes with IntelliJ, to be frank.


Same. I can version *.http files with the project so others can easily use them.

https://www.jetbrains.com/help/idea/http-client-in-product-c...


There's plenty of alternatives.



interesting. i'll have to check this one out.


It's an absolutely crazy valuation for the product / industry. Ultimately they're competing with free & good enough. What's their moat?


As long as they're approximately the only "enterprise" option, that's a moat all by itself. No comment on the valuation, but it makes for a very resilient business.


What makes them an enterprise option? Why does an enterprise need Postman at all?

The collaboration features aren't useful on any size team.


Well, they have the organizational maturity to accommodate enterprise customers, and in contrast to much of this subthread, they don't say things like "just use curl".


In what way do enterprise customers need accommodation? If they all used Insomnia or Firecamp, what would be different?


They're trying to get people to host/share their Postman data inside Postman's walled garden so that they're stickier.

And they're competing with free and good enough but they're making a suite out of the tools and slapping a GUI on it. They're owning making it all work similarly and owning the training for their tools and if you pick them for all they do, it will be consistent.

How many companies use Atlassian suite even though it really just bundles a bunch of functionality that was already free and good enough? (ROT13 spoiler: nyzbfg nyy bs gurz!)


> What's their moat?

I find this question really annoying. Almost all tech companies have no moat except for maybe brand and network moat which postman also kinda has. What's Apple's moat? Or Google's?


What is Apple’s moat? They have an integrated hardware and manufacturing supply chain with their own OS and a proprietary chip architecture that no other device manufacturer on earth competes with!


It's just because they have money. It will take billions of dollars and multiple years for other companies to reach that but I don't see any moat except if money is the moat.

Same with postman. Right now they are so much ahead in features that it would take multiple years for other company to match it.


Google has all the money and their phone and phoneOS are still second tier. It's not money. It's about picking a problem and focusing on it. Further, it's about picking the right problem.

Google picked "How do we save (an additional) 20B+ per year in cash payments to a competitor" and "how do we have a path to accessing the world's data ... that is on a phone." -- and then won at both.


I think its more than money and time. Getting supply chains right (both hardware and software) is really hard at scale. Additionally there’s network effects of their proprietary ecosystem that thousands of developers and millions of users have invested in. Thats very very sticky. Unless Apple fucks up majorly I don’t see that changing.


> Unless Apple fucks up majorly I don’t see that changing.

I agree 100%. I just said the same is true for postman that it is hard for some other company to replace it.


Google: chrome is free and makes up 62.85% of browsers and android makes up 70.89% of all mobile operating system. Both drive users to google. Google ads is still one of the easiest tools for monetizing websites and advertising with a large market. Even if Newcomers bridge the massive technical gap, they won't have the same size of market so they aren't going to be as attractive unless they niche down significantly.

Apple has a strong luxury brand, higher quality, a large valuable market with a strong app community. They have a similar insulation to external players. Macbooks also tend to be popular in development communities due to its unix based os and strong support, which can be a strong alternative to a linux os for companies, but has been watered down with Windows push to support WSL2.

Postman doesn't have a moat. They don't have a strong marketplace where they can profit of exchanges. They don't have a significantly more advanced tool. it can be easily replaced by any user with an equivalent product with no real loss.


Google has a search index. Apple has hardware & manufacturing IP.


How is search index a moat? It's hard to build, yes, but there is no moat here and anyone can build it as long as they have infra, talent and money.

Also for Apple while I am not sure, but looking at the Android phones there is hardly any feature of Apple which hasn't been covered by some Android phone, so I don't think IP is an issue. It's just that overall quality is much more consistent for Apple across generations that it has built a good brand.


I don’t think you understand how moat is used in this context. A moat isn’t impossible to cross, just harder to cross than a lawn. Also, I don’t think you can saw two features are the same unless the quality is the same. Two sms apps are not equal if one of them occasionally fails to send/receive messages.


If you include quality as moat, by that definition postman has the moat of better quality, higher brand reputation and having more money.


I agree that postman has a moat. I think it’s important to say that every company has a moat in that they’re organized, located somewhere, and have customers. The size of the moat varies. We can treat a moat as a scalar value of dollars to cross.

Every company also has a valuation, either through public markets, private markets, or discounted cash flows.

A house cleaning company has a moat of trained cleaners, existing client generation process, goodwill of existing clients, etc. If the value of their discounted cash flows exceed the cost of crossing their moat, they are vulnerable.

The argument is that crossing postman’s moat would cost much less than their private valuation, and their future roadmap is unlikely to build a moat that is significantly harder to cross.


> It's hard to build

The definition of a moat.


Apple probably has half a dozen layers of moats one of which is their M line of processors.


Maybe these companies having no moat is part of the problem, though I would argue "stickiness" or "inertia" props a lot of them up, Hotel California style.


FWIW I've seen Postman shares offered on the secondary market at FAR below that valuation.


> I don't think Postman will ever be able to justify that $5.6bn valuation...

Maybe when they actually deliver parcels like an actual postman? Fedex is worth more.


They don't have to. They just need enough time and believe for the investors to dump it on retail (IPO) or get bought-out by another company.


Postman is one of those services that should have been bootstrapped/angel-funded, or at max Series A.


Postman is one of those "so dumb why the hell didn't I think of it" ideas.


And Credit Suisse was sold for one billion :/


Congrats to the Akita team! Repository is 2 years old. That's a pretty quick exit.


jean yang is pretty much an industry legend at this point, and was hyperfocused on her specific kind of o11y (ebpf based drop-in traffic monitoring) which is an obviously important part of an overall o11y product suite that i think many players would either have to build or buy. i imagine she had her pick of acquirers.

edit: check out her interviews! crazy impressive https://www.listennotes.com/top-podcasts/jean-yang/


o18y = "observability" to save you a click.


Thanks, I had no idea that was even a supposed abbreviation.


Companies that pioneered the stateful reconstruction of APIs from raw network events -

- Netsil [0] (acquired by Nutanix) - Academic spin-out from UPenn

- Pixie Labs [1] (acquired by New Relic)

[0]: https://thenewstack.io/netsil-visualizes-performance-microse...

[1]: https://techcrunch.com/2020/12/10/new-relic-acquires-kuberne...


why do you think these companies, though successful in their own right, never became bigger standalone observability platforms?


While the tech these companies built (stateful reconstruction) is quite hard to engineer, large-scale observability platforms like Datadog were much more successful as they could cover a much larger surface area with minimal incremental effort. Even APM companies like New Relic and AppD struggled to justify the value they were delivering with their well-engineered code-level agents in the face of large-scale server/process metrics collection done by the Datadog agent.

In addition, these techniques have been prone to event misses (partial reconstruction) in case the ring buffer overflows and are ineffective in the face of SSL traffic.


concise summary. thank you! i guess simple is best.


hate to be a prick but is there a difference between o11y and observability? or is the word observability just too long to type out


Yup - same idea as a11y - just easier to type. :-)


and less accessible !


yea i feel justified typing o11y but the idea of accessibility advocates using a11y is very ironic haha


I've actually seen more of her name than Akita itself. In a way, that's great marketing.


Looks like a significant amount of work is being done in private since there is almost no activity for the public org repos, so it's hard to say how long they've been working at it.

https://devboard.gitsense.com/akitasoftware

The org has had 304 contributors over the course of the org's history though.

Full Disclosure: This is my tool


Thank you! I've been at it since 2018 and we've been working on the repo since 2020, after pivoting from API security. -Jean from Akita


Congrats, Jean! Hope it's a good integration. -- Dave


Akita has been around awhile. I remember talking to them around the time docker was still winning the container wars


That could be anytime between 2013 and now :)


https://hoppscotch.io/ is an alternative


I have never used Postman, but I am curious, how useful or good, if any, their product is? given the recent bashing it received for being over-valued and being just a wrapper around curl. If people like it and are willing to pay for it, isn't its valuation justified, which I think is true for any startup in general.


It's a good tool, and it's as much a wrapper around curl as intellij is a wrapper around notepad.

That said, it's not worth paying more for than GitHub per seat for my team, so we do without.


Postman was fantastic as a GUI for curl many years ago.

After raising money, they bloated the app with confusing, half-baked features, and whoever was in charge of their usability really botched it. It's unusable now and I used to dread opening it up.

I switched to Firecamp[1] and have been very happy with it.

1. https://firecamp.io/


It's useful, but it's very hard to justify the $19 per user per month to management unless you're using it constantly like an IDE instead of visiting once in a while to check the docs.


Insomnia has always served me much better than postman


Postman was the way to go when it first came out. But then they started throwing everything into it so it became the most convoluted and horrible ux I could imagine. I also switched to Insomnia, and it's like going back in time to the cleanliness of Postman way back when.


Give it another few years and people will be saying the exact same thing about Insomnia and some new product on the market. The company behind Insomnia is also VC-funded, so this is almost inevitable.


Insomnia feels like it's falling down the same rabbit hole as postman. It's used to be a more usable, less overbuilt, bloated, alternative to postman, but now... meh


I don't think I've seen any real material difference to Insomnia towards the negative after they were acquired. It still works just fine. It's far FAR less bloated than Postman and easier to use than alternatives like Paw (now RapidAPI)


I didn't even know they got aquired. It's been a long time since i used it.


Can somebody remind me of the name of the web based oss postman-like tool that was posted to HN recently? I've been looking for it but I can't find it


There's https://restfox.dev which I built.

To stay unbiased, here's a list of other web based postman alternatives:

- https://hoppscotch.io (this is the most popular one)

- https://httpie.io/app


Saw this in a comment below - https://firecamp.dev/


Hey @ramitsuri, thank you for the mention on behalf of Firecamp team.


What don't you like about Insomnia?


All the "project management" type stuff. It used to be just a request builder. Something easier to fiddle with than the command line for analysis. Now it's got a bunch of features and wants you to build projects? I stopped using it a long time ago.


I tried insomnia for the first time the other day. The big missing bit is that you can't inherit authentication from the collection container, so all you're requests use the same oauth2 method or whatever. You need to set it up for each request in the collection.


We are fixing this! We are introducing "Global Authentication" files that can be defined once and used in as many collections as you want.

In the next 1-2 months you will see the biggest amount of improvements the Insomnia application has ever seen, since here at Kong we are pouring tons of resources into it.


Wow, Akita looks awesome and super powerful/simple for o11y - IMO one of the most important things you can do for enterprises being coherent with their data. I look forward to trying it.

That said, powerful observability tools (Solarwinds anyone?) are really hard to make persistently secure, especially as they grow in their cumulative observations. I'm not really sure there exists a turn-key approach to secure these systems at scale without oppressive overhead or a near perfect team.

I wouldn't be surprised to hear about a mis-configured security group on an Akita instance caused a sev1 within 5 years.

Definitely not unique to either Akita or Postman but always worth discussing IMO

Congrats to Jean and the Akita team!


I only wish Postman didn't freeze when adding a big JSON to a request. If you add it through their interface it freezes for a while in the best case scenario or freezes until you kill it.

Postman on my Mac is now broken because a big JSON (almost 1mb) is stored on one of the opened tabs which makes it freezes on launch. I'll have to purge everything and install it again, thankfully that tab isn't saved in my profile so it won't be there...

I think fixing that is more important that acquiring new companies.


Kinda sad that it’s 2023, we have ray tracing and LLMs but we label 1mb of text as “big”


Big for Postman.

Maybe it's a Postman on Mac thing, I've never used it on any other platform.


How does this compare to solutions like ddosify? Their open source tools are quite useful


Congratulation to Jean and the Akita team!


I don’t get the appeal of Postman. Collections are great but I’ve always preferred plain old curl.


How do you refresh your bearer token when needed, and have it automatically apply to all 20 api's you are curling. Bash scripts or whatever don't count, because then you aren't using "plain old curl"


Define custom fish functions to generate bearer tokens.

Also... I think you're being a little pedantic here. Bash scripts are the automation already available to every terminal users. Their use is implied.


Can anyone recommend a non-electron alternative to Postman?


restclient for emacs is very nice.


With what cash???




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: