Using Postman: Difference between revisions

From Izara Wiki
Jump to navigation Jump to search
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Connecting Postman to API Gateway =
= Connecting Postman to API Gateway =
== Connect API to Post man.  ==
 
== Connect API to Postman ==
 
# AWS API Gateway: click name of service api
# AWS API Gateway: click name of service api
#: [[File:Screenshot from 2022-10-10 10-07-58.png]]
#: [[File:Screenshot from 2022-10-10 10-07-58.png]]
# Click stage /Test  
# Click stage /Test  
#: [[File:Screenshot from 2022-10-10 10-33-30.png]]
#: [[File:Screenshot from 2022-10-10 10-33-30.png]]
#* and click export choose ..”Export as Swagger+Postman Extensions” copy code JSON  
#* and click export choose ..”Export as Swagger+Postman Extensions” copy code JSON, if Postman does not work with JSON, try YAML
#: [[File:Screenshot from 2022-10-10 10-38-08.png]]
#: [[File:Screenshot from 2022-10-10 10-38-08.png]]
# Go to postman and paste in import/ Raw text/ continue.
# Go to postman and paste in import/ Raw text/ continue.
Line 13: Line 15:
#: [[File:Screenshot from 2022-10-10 10-46-07.png]]
#: [[File:Screenshot from 2022-10-10 10-46-07.png]]


== Manually get Access Token ==


== Access Token ==
=== Method 1: Use Izara frontend ===
web interface: https://d1gix48j5w3eur.cloudfront.net/buying
 
* Only works if frontend signin  currently functioning
 
web interface: https://d1ky427yqbqz8o.cloudfront.net/buying
# Navbar > Sign in using mock account (suggested), if you signup with new user will get default role in  basicUser, that mean you NOT allow to access all functions.
# Navbar > Sign in using mock account (suggested), if you signup with new user will get default role in  basicUser, that mean you NOT allow to access all functions.
#:[[File:Screenshot from 2022-10-10 10-55-56.png]]
#:[[File:Screenshot from 2022-10-10 10-55-56.png]]
Line 23: Line 29:
#* Session Storage > http... > access_token and copy these token to postman  
#* Session Storage > http... > access_token and copy these token to postman  
#:[[File:Screenshot from 2022-10-10 10-58-56.png]]
#:[[File:Screenshot from 2022-10-10 10-58-56.png]]
#  Go to postman and paste token to Authorization > TYPE: Bearer Token >> 
[Token] ...
#:[[File:Screenshot from 2022-10-10 11-00-12.png]]
# For auth: UserLevel, need to send '''“targerUserId”''' in Params>Path Variables> <p>KEY: targetUserId </p><p>VALUE: <targetUserId>
</p>


=== Email ===  
=== Method 2: Use AWS Interface and Postman ===
 
# go to AWS > Cognito > UserPool > App Client Settings
# click on Laung Hosted UI for correct client app
# sign in
# Cognito will try to redirect and may fail, but can copy code from url:
#: [[File:CognitoSignInUrlWithCode_2023-01-13_12-45-29.png]]
# Postman setup new request as follows:
#: [[File:PostmanConfigForRequestToken_2023-01-13_12-49-57.png]]
# invoke request and should get access token
# TTL of token will depend on setting in Cognito app, can increase so not need to do often
 
=== Add Access Token to Postman requests ===
 
# paste token to Authorization > TYPE: Bearer Token >>  [Token] ...
#: [[File:Screenshot from 2022-10-10 11-00-12.png]]
# For auth: UserLevel, need to send '''“targerUserId”''' in Params > Path Variables > KEY: targetUserId, VALUE: <targetUserId>
 
== Default Test Seed Data email accounts ==
Email use in web interface for get access token.
Email use in web interface for get access token.
# basicUserA
# '''basicUserA'''
#:Email: success+basicUserTest@simulator.amazonses.com
#:Email: success+basicUserTest@simulator.amazonses.com
#:Password: Abc123456!  
#:Password: Abc123456!  
# verifiedUserA
# '''verifiedUserA'''
#:Email: success+verifiedUserTestA@simulator.amazonses.com  
#:Email: success+verifiedUserTestA@simulator.amazonses.com  
#:Password: Abc123456!
#:Password: Abc123456!
# verifiedUserB
# '''verifiedUserB'''
#:Email: success+verifiedUserTestB@simulator.amazonses.com
#:Email: success+verifiedUserTestB@simulator.amazonses.com
#:Password: Abc123456!
#:Password: Abc123456!
#superUserA
#'''superUserA'''
#:Email: success+superUserTest@simulator.amazonses.com  
#:Email: success+superUserTest@simulator.amazonses.com  
#:Password: Abc123456!
#:Password: Abc123456!


= Test API in post man =
= Setup requests in Postman =
# Click on workspace and choose folder and file testing
#*Click Body choose rew> JSON and push your request in code block.
#*and send message. 
#:[[File:Screenshot from 2022-10-10 11-31-23.png]]
#Below block show return response.
#*If test api works . will show '''return response''' and status code: '''200 OK'''
#*You can see more response see in '''cloudwatch''' in function testing.
#:[[File:Screenshot from 2022-10-10 11-39-07.png]]
 
=Authorizer=
== AppLevel ==
There is no “owner” for this level, users with application level permissions to administer roles can do so
#Can change other user roles.
#Can create new roles
#Change site-wide settings
#SuperUser permissions for lower level RBAC (eg:  User level or Category level RBAC permissions)TODO: so, you all need to give the role permission to user)
 
=== allow the role permission to user appLevel ===
*'''SuperUser'''
:can do all actions:
:: CREATE | UPDATE | DELETE | GET | LIST
*'''VerifiedUser''' 
:can do some actions:
:: CREATE | GET | LIST
*'''BasicUser '''
:can do few actions:
:: GET 
 
==== example reloPermission ====
 
<syntaxhighlight lang="JavaScript">
{
  "roleIdKey":"AppLevel_this-is-uuid-role-superUserA",
  "service_resource_action":"VariantStandard_Product_AddProduct",
  "permission": "accept"
}
</syntaxhighlight>
 
==== setting for authorizer appLevel ====
*function.yml
:For LambdaFunctionHdrApi applevel
<syntaxhighlight lang="JavaScript">
LambdaFunctionHdrApi:
  events:
  - http:
      path: Lambda/LambdaAction
      method: post
      cors: true
      authorizer:
        arn: ${self:custom.iz_authorizerAppLevel}
        type request
        resultTtlInSeconds: 0
</syntaxhighlight>
 
 
 
== UserLevel ==
* All permissions are linked to one user id.
* Has an owner (the current user), that user always has full permissions for their user id.
* Available roles are shared by all users, any user can create new roles and add permissions, roles can then be used by any users.
* Only the creator of the role can make changes later (for the start - in future we can add RBAC management of user level roles).
 
=== example permissions:  ===
* Can administer users roles/permissions
* Can administer sell offers for this user
 
=== allow the role permission to user ===
:[[Allow the role permission to user appLevel]]
 
==== example rolePermission ====
* Create role permission, user can do action, can create in seed data or  run from https://us-east-2.console.aws.amazon.com/apigateway/home?region=us-east-2#/apis/rwnhg855jd/resources/y8erkk : '''RolePermissionCreateHdrApi'''
:<syntaxhighlight lang="JavaScript">
{
  "roleIdKey":"UserLevel_this-is-uuid-for-role-verifiedUserA_this-is-uuid-for-role-verifiedUserB",
  "service_resource_action":"VariantStandard_Product_AddProduct",
  "permission": "accept"
}
</syntaxhighlight>


* Create userRoles, user have role, can create from https://us-east-2.console.aws.amazon.com/apigateway/home?region=us-east-2#/apis/rwnhg855jd/resources/y8erkk : UserRolesCreateHdrApi
# click on workspace and choose folder and file testing
:<syntaxhighlight lang="JavaScript">
#* click Body choose raw > JSON and push your request in code block.
{
#* and send message.  
  "userId": "this-is-uuid-for-user-verifiedUserB",
#: [[File:Screenshot from 2022-10-10 11-31-23.png]]
  "roleIdKey": "UserLevel_this-is-uuid-for-user-verifiedUserA_this-is-uuid-for-user-verifiedUserB"
# below block show return response.
}
#* If test api works . will show '''return response''' and status code: '''200 OK'''
</syntaxhighlight>
#* You can see more response see in '''cloudwatch''' in function testing.
#: [[File:Screenshot from 2022-10-10 11-39-07.png]]


==== setting for authorizer userLevel ====
*function.yml
:For LambdaFunctionHdrApi userlevel, need to add adds targetid to api route/path


<syntaxhighlight lang="JavaScript">
= [[API Gateway Authorizers]] =
LambdaFunctionHdrApi:
  events:
  - http:
      path: Lambda/LambdaAction${self:custom.api_path_targetid_suffix} 
      method: post
      cors: true
      authorizer:
        arn: ${self:custom.iz_authorizerUserLevel}
        type request
        resultTtlInSeconds: 0
</syntaxhighlight>

Latest revision as of 06:55, 19 January 2023

Connecting Postman to API Gateway

Connect API to Postman

  1. AWS API Gateway: click name of service api
    Screenshot from 2022-10-10 10-07-58.png
  2. Click stage /Test
    Screenshot from 2022-10-10 10-33-30.png
    • and click export choose ..”Export as Swagger+Postman Extensions” copy code JSON, if Postman does not work with JSON, try YAML
    Screenshot from 2022-10-10 10-38-08.png
  3. Go to postman and paste in import/ Raw text/ continue.
    • a. Screenshot from 2022-10-10 10-41-59.png
    • b. Screenshot from 2022-10-10 10-43-05.png
  4. Now My Workspace connect to Api finished.
    Screenshot from 2022-10-10 10-46-07.png

Manually get Access Token

Method 1: Use Izara frontend

  • Only works if frontend signin currently functioning

web interface: https://d1ky427yqbqz8o.cloudfront.net/buying

  1. Navbar > Sign in using mock account (suggested), if you signup with new user will get default role in basicUser, that mean you NOT allow to access all functions.
    Screenshot from 2022-10-10 10-55-56.png
  2. F12 to see element
    • select tab >> Application
    Screenshot from 2022-10-10 10-56-31.png
    • Session Storage > http... > access_token and copy these token to postman
    Screenshot from 2022-10-10 10-58-56.png

Method 2: Use AWS Interface and Postman

  1. go to AWS > Cognito > UserPool > App Client Settings
  2. click on Laung Hosted UI for correct client app
  3. sign in
  4. Cognito will try to redirect and may fail, but can copy code from url:
    CognitoSignInUrlWithCode 2023-01-13 12-45-29.png
  5. Postman setup new request as follows:
    PostmanConfigForRequestToken 2023-01-13 12-49-57.png
  6. invoke request and should get access token
  7. TTL of token will depend on setting in Cognito app, can increase so not need to do often

Add Access Token to Postman requests

  1. paste token to Authorization > TYPE: Bearer Token >> [Token] ...
    Screenshot from 2022-10-10 11-00-12.png
  2. For auth: UserLevel, need to send “targerUserId” in Params > Path Variables > KEY: targetUserId, VALUE: <targetUserId>

Default Test Seed Data email accounts

Email use in web interface for get access token.

  1. basicUserA
    Email: success+basicUserTest@simulator.amazonses.com
    Password: Abc123456!
  2. verifiedUserA
    Email: success+verifiedUserTestA@simulator.amazonses.com
    Password: Abc123456!
  3. verifiedUserB
    Email: success+verifiedUserTestB@simulator.amazonses.com
    Password: Abc123456!
  4. superUserA
    Email: success+superUserTest@simulator.amazonses.com
    Password: Abc123456!

Setup requests in Postman

  1. click on workspace and choose folder and file testing
    • click Body choose raw > JSON and push your request in code block.
    • and send message.
    Screenshot from 2022-10-10 11-31-23.png
  2. below block show return response.
    • If test api works . will show return response and status code: 200 OK
    • You can see more response see in cloudwatch in function testing.
    Screenshot from 2022-10-10 11-39-07.png


API Gateway Authorizers

Retrieved from "https://izara.io/wiki/index.php?title=Using_Postman&oldid=2225"