Blog

Postman testing API

Using Postman to Test Akamai APIs

January 10, 2018 by Jeff Costa

Akamai uses a signature pattern called EdgeGrid in our OPEN APIs for additional authentication security. EdgeGrid ensures that a compromised API request (e.g., one that is altered and later replayed) cannot have a catastrophic impact on the platform. But it also adds complexity to making API requests that can seem rather intimidating to new users.

To overcome this problem, Akamai creates and maintains several EdgeGrid clients in many popular programming languages in our GitHub repo that may be downloaded and customized. These provide a jumpstart to using our APIs in applications written by our customers. But sometimes you just need to make a simple API request and get a response without writing code or using cURL at the command line. That's where Postman comes in.

Postman is the de-facto GUI tool API developers use today for viewing requests and responses, running mocks and automated tests, and saving API calls in collections for reuse and sharing. You can download a free version for Mac or Windows here. Do not download the Chrome plugin version, as it will shortly be reaching end-of-life. This tutorial will show you how to use Postman to access Akamai's APIs, and assumes you already installed Postman and have some working knowledge of how to use it.

Before beginning this process, you will need a set of credentials that are generated through the Akamai Luna Control Center. This is done by browsing to the Configure -> Manage APIs -> Identity Management section of the Luna portal. Luna will provide you with the four pieces of credential and authorization information that you need to copy down: Client Token, Client Secret, Base URL, and Access Token. Ensure that you save these values in a text file somewhere, as you will need to copy and paste them into Postman later.

(NOTE: When you register an API client via Luna, a customized Base URL similar to this will be automatically generated for you:

https://akab-hwf3jy2loh42cuew-u4av3vqrtuagzznk.luna.akamaiapis.net/api-definitions/v2/endpoints

The sample URL here is personalized to my API client credentials, and will not work with your credentials; it’s for reference only.)

Now launch Postman and open a new tab. In that tab, enter the Base URL value you copied from Luna, along with the endpoint you wish to access. For example, I want to make a request for the API-Endpoints API, which would look like this:

You will likely want to save the work you are doing in a Postman collection for later use. With the request URL entered, take a moment and click the "Save" button near the right side of the interface. In the screenshot below, I am naming my new request "Rapid API" and saving it to an existing collection I have called "Akamai OPEN."

You can name the request and the collection anything you like. If you do not have an existing collection, simply click the "+ Create Folder" link to create a new folder to house your collection of requests. Now that we have the request saved, let's continue to edit it. Click on the "Headers" tab and enter a new HTTP header in key-value pair format. The name of the header should be "Authorization" and the value should be this variable: {{authorizationHeader}}

If you typed it in correctly, it should look like this:

The variable is empty right now, but once we fill it, hovering over it will reveal a truncated popup showing the values that will be sent:

Now that we have the URL and the request headers steps done, we must set up two other Postman features to ensure our request goes through: 1) a "Pre-Request Script" and 2) an "Environment." Let's tackle the Environment first.

Environments is a Postman feature that lets you customize requests using name-value pair variables that are used when you switch between different development environments, negating the need to change your API request itself. This lets you more easily make requests to different API environments such as a local machine, a development server, and a production API, and pass in the correct information to those APIs. You can find a detailed walkthrough on setting this feature up in the Postman documentation if you want additional details.

For our purposes, a script we'll use will be extracting your OPEN credential information out of the Environment variables. To set this up, click on the cog icon in the upper-right corner of the Postman interface, and click on "Manage Environments".

A modal dialog box will pop up and overlay the Postman interface. Click the orange "Add" button to add a new environment. Give the environment a unique name (in my example below, I call it "Akamai OPEN APIs"), then start adding the key-value pairs that you copied from Luna, one at a time. Each one should be a separate name-value pair on a unique line, like this:

Be sure to use the exact names of the key values shown above. A script we will configure in a moment will be looking for these exact values, so be sure to duplicate the key value names correctly. Also, note that the baseURL entry DOES NOT have an http/https protocol prefix added to it—only the domain name. Save and close this window after you input each of the four name-value pairs.

Next, click on the drop-down window to the left of the cog icon and select the environment you just created. This ensures the environment is now active for the request (which it must be). If it is NOT active, Postman will show a "No Environment" message by default.

Finally, we need to configure what Postman calls a "Pre-Request Script," which is a powerful way of enhancing HTTP calls with custom Javascript that is executed before a request is sent. This will be used to craft the custom HTTP headers that the Akamai EdgeGrid system requires. To enable this functionality, click on the "Pre-request Script" section of the interface to the right of the Headers and Body entries. You will then copy and paste the Javascript code (downloadable here) into the text box that appears:

Now save the request to capture all of these changes. Once that's done, your configuration is complete and you can use the "Send" button to send or retrieve data from an Akamai API. In the example below, I am GET'ing data about an API Endpoint that I previously configured on Akamai. Credential names have been blurred to protect the innocent, but you can clearly see the response coming in from the edge server:

If you want to make a different request to the API, the fastest way is to use the "Duplicate" functionality of the saved request in your collection to make a copy. Right-click on the existing request and select "Duplicate".

This will pre-populate a new request with the same values as the old one. You may then customize it with any endpoints or other characteristics you wish for the new request. This is much faster than creating every request from scratch.

So that's all it takes! Have fun with our APIs!

 

(NOTE: This tutorial builds upon another one posted on Akamai Community earlier this year. I stood on the shoulders of giants.)

Jeff Costa is a senior product manager for web experience at Akamai Technologies.

Categories: