Testing APIs with Insomnia

Insomnia is a REST client (like Postman). It's free, with a paid tier for sync. It's fast to launch, and extremely easy to use.

These tools are extremely useful for quickly testing API requests to a server. There are a few things I really value about these kinds of tools, that make my life a lot simpler.

There are a few best practices that I find make life a lot easier:

Group Endpoints into Folders

Folders allow you to group API calls by website, purpose, and authorization. This is immediately useful to just be able to hide APIs that are unrelated to your current task. But it's much more important when you use folders in combination with Environment Variables as described below.

Store Authentication Information on Folders

Lets say you have a folder with 20 endpoints related to the same API. They all use the same Bearer Token Authentication. In a naive approach, you might need to set the bearer token 20 times, setting the token for each API request. If the bearer token gets reset every 24 hours, you have to do this every day. That's too much overhead.

In InsomniaA similar functionality exists in Postman, which allows you to specifically defer authentication to the folder-level, which is a different but equivalent approach for the purposes of authentication. Authentication is the most obvious quick-win when it comes to Insomnia's Environemnt Variables, but they're equally useful for sending the same data to multiple endpoints., you can set a single ‘Environment Variable’ and use it across all the API calls. Environment variables can be set at the root level, or can be overridden at the folder level. So if you have a folder where all requests within the folder use the same bearer token, you can just set the BEARER_TOKEN environment variable to that token. With one change, all your endpoints will be updated to the new token.

You do this by clicking the down arrow to the right of the folder, clicking ‘Environment’ then adding some JSON to the Environment Overrides:

  "BEARER_TOKEN": "TheContentsOfYourBearerToken"

Then, when setting up your Bearer token authentication on the individual API call, you can just type BEARER_TOKEN and you should get the option to use your environment variable. If you do this for all your requests, you only ever need to change the bearer token in one place when the token expires.

You can also use a clever use of folders to have multiple versions of APIs with different Tokens with different permission levels, so that you can quickly test identical APIs against different Tokens by switching between a high-permission and limited-permission token.