Postman today announced it is making its namesake platform for managing application programming interfaces (APIs) available via a browser to make it easier to share and inspect APIs. Previously, Postman required DevOps teams to download a desktop application to access the Postman platform.
Kin Lane, chief evangelist for Postman, said agent software developed by Postman makes it possible to create a proxy application to facilitate API request-sending at scale that overcomes the cross-origin resource sharing (CORS) limitations of browsers.
DevOps teams can now simply attach a URL to an API that is shared with any other member of the team. Clicking on that URL exposes the API in a way that makes it possible to not only visually inspect it but also employ the Postman platform to make sure rules and policies have been applied appropriately.
That capability also makes it possible to onboard new users to an API project in addition to eliminating the need to manage updates to the desktop application, added Lane.
Now that more organizations have adopted an API-first approach to building and deploying applications in the age of microservices, those APIs need to be managed as discrete projects. Postman provides a means of achieving that goal now through a browser interface that can be accessed more easily by members of DevOps teams working remotely.
Postman claims its platform has now enabled more than 1 billion API requests, with more than 48 million API collections now running on Postman. Overall, the company claims there are now more than 11 million users from roughly a half-million organizations on its platform. As the number of microservices-based applications being deployed increases, the number of internal-facing APIs that need to be managed increases exponentially. New functionality can be added to the application without changing the API. In fact, changes to the API are likely to be more disruptive than changes to the application.
At the same time, cybercriminals are now targeting APIs that are often misconfigured in a way that exposes potentially sensitive data via an open port. As such, security teams are starting to focus more on ensuring processes are in place that ensure APIs have been reviewed before being deployed in a production environment.
Fresh of raising another $150 million in funding to create a $2 billion valuation, Postman has emerged as a major API management platform in a crowded field that has experienced a wave of consolidation over the last few years involving acquisitions made by Red Hat, Oracle, Salesforce and Microsoft. Each of those acquisitions was made to enhance the API management capabilities of a specific platform. However, it would appear a large percentage of organizations prefer to manage APIs independently of any specific platform.
Clearly, APIs are core to the implementation of DevOps processes. If those APIs are flawed, the impact on DevOps process can be far-reaching. Continuously validating APIs as they are deployed and updated is not just a best practice, but it’s also a matter of survival at a time when complex distributed application environments have never been more loosely coupled.