Postman Curl
Introduction
- Postman Canary Be the first to experience new Postman features. If you want to be first in line to experience new features, download our latest Canary builds available for OSX (x64) / Windows (x86 or x64) / Linux (x86 or x64) for a sneak peek.
- The last time I used Postman I remember it showed the curl command for cli somewhere. Regardless, using phpcurl to post a json body is quite straightforward. The json string as the postfield and set the appropriate header – frz3993 Mar 22 '18 at 15:44.
Django has inbuilt CSRF protection mechanism for requests via unsafe methods to prevent Cross Site Request Forgeries. When CSRF protection is enabled on AJAX POST methods, X-CSRFToken header should be sent in the request.
Postman is one of the widely used tool for testing APIs. In this article, we will see how to set csrf token and update it automatically in Postman.
Postman Curl Export
CSRF Token In Postman
Django sets csrftoken cookie on login. After logging in, we can see the csrf token from cookies in the Postman.
Postman Vs Curl
We can grab this token and set it in headers manually.
Since you already have a valid curl request, you can actually import that and Postman will automatically convert it into a Postman call. From the main menu, click 'Import' Click 'Paste Raw Text' Paste your curl request and click 'Import'.
But this token has to be manually changed when it expires. This process becomes tedious to do it on an expiration basis.
Instead, we can use Postman scripting feature to extract token from cookie and set it to an environment variable. In Test section of postman, add these lines.
This extracts csrf token and sets it to an evironment variable called csrftoken in the current environment.
Now in our requests, we can use this variable to set the header.
When the token expires, we just need to login again and csrf token gets updated automatically.
Conclusion
In this article we have seen how to set and renew csrftoken automatically in Postman. We can follow similar techniques on other API clients like CURL or httpie to set csrf token.
NSX-T integrates with VMware Identity Manager (vIDM) to provide remote user authentication and role based access control (RBAC).
A customer recently required clarification on how to configure AD accounts in Postman or Curl that are provisioned with NSX-T role based access control through vIDM.
Steve Fanders provided excellent examples on how to deploy and configure vIDM and then how to add an AD directory to vIDM. Angel Villar Garea has provided excellent detail on using RBAC with NSX-T.
But once the NSX-T to vIDM and the vIDM to Windows AD integrations have been completed, how can you use AD accounts to administer NSX-T?
The key is understanding that authorization is type Basic for NSX-T local accounts, and authorization is type Remote for vIDM accounts synced with Windows AD. It is also important to note that the username:password credentials are passed in a Base64 encoded format.
In my NSX-T / vIDM integrated lab, NSX-T Manager is setup with the following two administrative accounts granted with NSX-T Enterprise Admin rights:
- NSX-T account admin, with password VMware1!VMware1!
- vIDM account administrator@core.hypervizor.com, with password VMware1!
The first step is encoding these into Base64 format.
This can be performed at https://www.base64encode.org/, but most users won’t be comfortable passing AD domain credentials to an Internet based web site. Notice here that “admin:VMware1!VMware1!” base64 encodes to “YWRtaW46Vk13YXJlMSFWTXdhcmUxIQ”
An alternate solution is to base64 encode username:password with Chrome’s JavaScript Console Developer’s tool.
Users will be more comfortable Base64 encoding with a local browser.
The solution for Curl:
The Solution for Postman:
When you specify Basic Authentication, Postman automatically creates the Base64 encoded Authorization key, where the Value starts with “Basic”:
In Postman, set Authorization Type to No Auth:
Then create an Authorization Key with a value of: Remote YWRtaW5pc3RyYXRvckBjb3JlLmh5cGVydml6b3IuY29tOlZNd2FyZTEh
That does it, this should help managing NSX-T with Curl and Postman with non-local accounts.