Enshittification of a Beloved Open Source Tool, Postman
Web devs, I’m sorry, but you’re going to have to a cURL hero
I’ll be first to admit I loved using Postman. I am a shitter when it comes to being a command-line junkie. Shit, I got made fun of opening up PyCharm to show code because I wasn’t a VIM hero.
You won’t see me anytime cURL commands to debug a request. That command scared me, and Postman was my hero.
However, Postman wanted that money because everything is about being richer than yesterday. As a result, I have some serious concerns about using Postman.
Security Concerns
This thread covers most of the concerns. The TLDR is Postman deprecated local storage for requests. This means all data in those requests, including passwords, API keys, etc., will be sent to Postman’s external storage system. A sane individual might think that’s not good, especially since not everyone is a friendly threat researcher.
Sneaky bastards are trying to pull one over. I can’t wait for the “pay to encrypt” credentials password DLC to come out.
This change is intentional, and I guess Postman will offer companies to spin up their instances of Postman, similar to JIRA, in the future.