How to Test Mobile App Security APIs with CI/CD using Postman

Learn how to test Appdome Mobile App Security APIs with a CI/CD system using Postman.

Prior to integrating the Appdome-DEV REST API to your CI/CD workflow, you may want to test and customize the different available requests. To make this easier, we have created Postman collections of the available requests. To use it, download the following json files:

• Appdome-DEV API for Postman Collection – includes the REST APIs of Appdome’s single tasks and the REST APIs to audit app secured teams.
• Appdome-Team Management API for Postman Collection – includes the REST APIs of Appdome’s management REST APIs for company secured teams.
• Appdome-User Management API for Postman Collection – includes the REST APIs of Appdome’s management REST APIs for company users.

What is Postman?

Postman is an API client tool that helps with testing. It lets you configure requests and send them with various controls and environment set-ups.

This knowledge base will introduce our collection and some basic functions of Postman. For more about using postman, see Postman Learning Center.

Before using the Appdome Postman collection, please read more about Appdome-DEV REST API and Appdome-Management REST API.

Appdome is a no-code mobile app security platform designed to add security features to Android and iOS apps without coding. Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

How to Test CI/CD with Postman API for App Security Projects

Prerequisites for Using Appdome-DEV™ Build-to-Publish API

1. Install Postman on your workstation.
2. Download one or all the postman collections above.
3. Gather Appdome user API token or app team API key
   1. Login to Appdome
   2. Click your name on the top right-hand corner –> My Profile
   3. Copy your API Token
      
4. Gather Fusion Set API Key
   
   

Importing the Collection to Postman

1. Launch Postman and click Import.
   
2. Choose the downloaded collection file/s.
   
3. Within your added collection, click the Manage Environments button.
   
4. First, Get your API Token, Team’s API Key (if needed) and Fusion Set API key.
   Enter Server Name, Authorization, and team_id.
   – To make testing easy, we recommend setting up environments to hold your Authorization token and if building on App Teams your Appdome account’s Team API Keys (if you have multiple Appdome accounts or teams, you can set up multiple environments.)
5. Select your environment from the drop-down.

Setting Up an Environment for Appdome’s REST API

Variables defined in the environment set up will replace parameters such as {{Authorization}} on run time:

The collection is added to your library:

• Expand the Appdome DEV API Collection to see all task requests.
• A folder with a series of Tasks for individual steps with your Appdome user account.
• A folder for Teams requests (logs and information) can be added and found here for app teams.

Configuring Requests

Before sending a request, you need to configure its parameters, body content, and variables.

First, select the request on the Library.

On the Params tab, you can add URL encoded parameters. Team_id is configured is this way.

1. If you want to send the request to a Team, check the team_id key (to send it in the request, and make sure team_id is configured in the environment or defined in the value column.)
2. Notice that ?team_id={{team_id}} is added to the request URL.

• If you want to send the request to the Appdome account API Token owner, uncheck the team_id key.

On the Body tab, you can configure the body of the request. Depending on the request, you can:

1. Enter required or optional form data values (such as app_id, provisioning profile)
2. Upload files (app, provisioning profile)
3. Edit the overrides JSON content

• Make sure to use the checkboxes to turn on/off the desired keys.
• Note the Description field for more information. Some fields may be mandatory for iOS but invalid for Android etc.

On the Pre-request Script Tab, you can configure variables that need to be inserted into the URL. This is currently only relevant for the GET requests: Task-Download and Task-Status.

These requests need to pass the task_id in the URL. In the Pre-request Script tab, insert the task is as the value: pm.environment.set("task_id", "<task_id>");

Sending Requests

Once the request is configured, click Send. The response will appear below.

For the Task-Download, click the arrow and select Send and Download.

How Do I Learn More

Check out Appdome Platform, Appdome-DEV, or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Avi Yehuda