Skip to Content
Author's profile photo Former Member

PostMan capabilities

Recently, a collegue of mine Ido Fishler shared a wonderful REST API tool to manage calls.

I would like to demonstrate some useful things you can do with it.

  • Manage Header Presets:

       You can store list of key-value strings to be added as headers.


     Then, you can decide which header preset to use next:


  • Saving calls to a collection

        You can store a collection of HTTP REST calls and edit their names


  • Manage environment

       Suppose you want to do the same call to different hosts.

       You can write the parameter in double braclet {{ param }} and then add a new key in the “manage environment” control.


     Add new enviornment and set his key-value parameters



     Here we can see all environments I set:


  • Consecutive calls:

     Suppose you have GET call to receive a key and then a POST call with the same key from previous call.


     you can do the following:


     in this example you can see a GET call with a parameter {{host}}

get csrf.png

     now, pay attention to the {{X-CSRF-Token}} parameter, it will contain the same value from the previous GET call.


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Supriya Sahu
      Supriya Sahu

      Hi Gilad,

      First all, Thanks a lot for such a wonderful explanation.

      I am stuck in a "post" cal for .xsodata service (to create a record).

      First I made a get call to xsodata to fetch x-csrr-token.(PFB image)

      To create a record I make a "POST" request, with the environment variable i.e fetched token enabled (in header section) . Body Containing data to be created. PFB screenshot

      But, when I send the request , I get an error - 405 Method not allowed.(PFB image)


      Please help me understand how to pass the fetched token to a "POST" request.

      Do i need to make any changes in the URL or add params? I have tried all my ways but still no luck.

      I have also attached my .xsaccess and .xsodata file below.


      Thanks in advance for the help.


      Supriya Sahu



      Author's profile photo Former Member
      Former Member
      Blog Post Author



      1. For security reasons please remove the screenshot where anyone can see your authorization string. anyone could decode it and see the user and password.
      2. 405 Method not allowed means your server is not supporting this signature (HTTP method, payload, request params). you can start by creating a simple POST without any parameters and test if you can call it from postman. than start by adding more params.