Alternative to Postman: Insomnia
This year, I decided to ditch Postman. It had started pushing cloud integration up to an extent, where working without creating an account became nearly impossible. Many features were disabled in the "lightweight" mode.
From a privacy perspective, I could have created an email alias, but I wasn't happy with the overall direction of their development. Why invest time in a tool that is likely to become less customer-friendly and accessible in the future? Recent changes made it clear that the company behind Postman is fully focused on monetization. That's a worrying sign for end users. History has shown that such products tend to decline in quality.
While exploring alternatives, I was surprised by how few options there are. While in absolute numbers it may look fine, I can't say that they all offer a comparable set of features and user experience. One tool that caught my eye was Insomnia. It's similar to Postman and allows you to import existing collections, making the transition very easy.
In my subjective experience, only one important feature is missing: global headers. In Postman, you can set an API token in the collection or sub-directory settings to use it for all nested requests. Insomnia doesn't support that out of the box. However, there's a plugin named insomnia-plugin-global-headers that makes it possible.
After installing the plugin, you need to add a special object in the environment properties - GLOBAL_HEADERS. In this object you can list any headers, such as the authorization method.
Moreover, you don't need to do this for every environment. I specified global headers for the Base Environment, which is a top-level configuration. Then, I created a sub-environment for my local development environment, where I specified the exact token value. You can override this token for any environment. I think it's really cool.
Unfortunately, it soon became evident that Insomnia was following in Postman's footsteps. After the latest update a couple of days ago, the program suggested to create an account or use a local collection. I'd chosen the latter option, but all my previously existing requests were lost! Even though I didn't have much data on my local machine, I found that experience unpleasant and worrisome.
Fortunately, this didn't mean that I had to look for another API test tool. Insomnia is open-source and licensed under the MIT license - one of the most permissive licenses. Naturally, I wasn't the only person concerned about recent changes, so there's a fork available: Insomnium.
From their GitHub:
Insomnium is a 100% local and privacy-focused open-source API client for testing GraphQL, REST, WebSockets, Server-sent events and gRPC in development/production. <...> Works 100% offline. <...> No cloud services, no tracking/communication to external servers behind the scene. <...> Insomnium is a fork of Kong/insomnia at 2023.5.8, the last commit before compulsory account login was introduced. In a sense, Insomnium is a community response to the latest product update that forces account creation without warning.
It's not clear yet whether this fork will keep up with future Insomnia releases. Even if it doesn't, the current version already provides a fully functional product I can use at work every day. If you're also interested in your privacy and maintaining control of sensitive data, take a look at this fork or some other open-source solutions:
I'd consider them if it weren't for Insomnium. They are free and open-source. At the end of this article, you can find a comparison table that includes these and other API test tools.