Closed r0b2g1t closed 1 year ago
biggianteye
commented
1 year ago I've discovered this recently. I used them extensively in my previous job. When I went to introduce them to my team at my new job I saw that they were not usable. I contacted my former colleague to confirm that collections hadn't globally gone away and they hadn't. They were still using them without being signed in. This is weird, inconsistent and confusing behaviour.
carlos-arrasco-o
commented
1 year ago Has anyone found a solution? Or maybe some way to download some previous version? Well, on the page I see that you can only download the latest one.
r0b2g1t
commented
1 year ago You can download older versions from the CDN:
https://dl.pstmn.io/download/version/<VERSION>/linux64
https://dl.pstmn.io/download/version/<VERSION>/osx64
https://dl.pstmn.io/download/version/<VERSION>/win64But that will not help, because the auto update will bring your postman to the latest version.
mmbarness
commented
1 year ago Bump. Really frustrating.
biggianteye
commented
1 year ago There's more detailed conversation in this issue: https://github.com/postmanlabs/postman-app-support/issues/12019 It's closed, but there is still recent activity.
giridharvc7
commented
1 year ago We are sunsetting Scratchpad - you can read more about it here in the blog.
Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
overflow0010
commented
1 year ago @giridharvc7 I think many people have two basic, important requirements:
That's not possible now. Too bad, really wanted to use Postman.
r0b2g1t
commented
1 year ago We are sunsetting Scratchpad - you can read more about it here in the blog.
Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
We wouldn't want to sign up by security and data privacy reason. And store my Collections locally and offline. The new force sign up approach has made it easier for us to use other tools (like Hoppscotch self-hosted) and move away from Postman. To full fill our requirements which I can definitely recommend to anyone.
jnagle-nf
commented
1 year ago We are sunsetting Scratchpad - you can read more about it here in the blog.
Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
I don't need an account to use cURL. Why should I need an account to use what is effectively a UI for cURL?
giridharvc7
commented
1 year ago Don't store internal company information on other people's computers (aka sync to cloud)
@overflow0010 @r0b2g1t thank you for the response, I just want to point out that we at Postman take data security very seriously. You can read more about how your data is saved and secured here. If there's something specific you are looking for, we are all ears.
giridharvc7
commented
1 year ago I don't need an account to use cURL. Why should I need an account to use what is effectively a UI for cURL?
@jnagle-nf you can still continue to send requests using the lightweight API Client. It also brings in the power of other protocol that Postman supports, like Websockets, gRPC and GraphQL.
mmbarness
commented
1 year ago Who cares about sending requests if it's impossible to organize them! Just don't require sign in to use the postman desktop app!
laszlo-t
commented
1 year ago You can download older versions from the CDN:
https://dl.pstmn.io/download/version/<VERSION>/linux64 https://dl.pstmn.io/download/version/<VERSION>/osx64 https://dl.pstmn.io/download/version/<VERSION>/win64But that will not help, because the auto update will bring your postman to the latest version.
you can disable the mayor updates in settings
the latest versions with offline support (scratch pad)
https://dl.pstmn.io/download/version/10.13.6/linux64 https://dl.pstmn.io/download/version/10.13.6/osx64 https://dl.pstmn.io/download/version/10.13.6/osx_arm64 https://dl.pstmn.io/download/version/10.13.6/win64
jnagle-nf
commented
1 year ago I don't need an account to use cURL. Why should I need an account to use what is effectively a UI for cURL?
@jnagle-nf you can still continue to send requests using the lightweight API Client. It also brings in the power of other protocol that Postman supports, like Websockets, gRPC and GraphQL.
This is an unacceptable compromise because, as stated in Postman's documentation for the Lightweight API Client, this does not offer compatibility for Collections or Variables.
Restrictions like that mean I cannot export Collections from my legacy Scratchpad to use in the Lightweight API Client. It also means I cannot store and reuse Variables across requests.
Why has it become impossible to effectively create nameable folders for requests without an account? Or to name and order the requests themselves? Have you ever seen an operating system prevent the use of mkdir and mv without an online account?
And why has it become impossible to use variables without an account? Do you see anyone anywhere asking you to make an online account to add variables to your shell or environment? 🤦
r0b2g1t
commented
1 year ago Don't store internal company information on other people's computers (aka sync to cloud)
@overflow0010 @r0b2g1t thank you for the response, I just want to point out that we at Postman take data security very seriously. You can read more about how your data is saved and secured here. If there's something specific you are looking for, we are all ears.
I have never denied that Postman takes data security very seriously. But corporate security requirements, such as the need to know principle, or data protection requirements prohibit storing information with third parties. Because it is not necessary to transfer data to Postman's servers when only collections are needed.
dragondive
commented
1 year ago Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
I just want to point out that we at Postman take data security very seriously.
I'm sure a reputed company like Postman takes data security very seriously, and nobody here believes for a moment that they would indulge in any foul play. However, data breaches have occurred and will continue to occur at reputed companies that did and do take data security very seriously.
It is a good security practice to reduce the surface area for a potential attack. The principle of least privilege also applies, and in this case, there's principle of least surprise involved as well.
In summary: "Your data cannot be attacked from the cloud." >>>> "Security of your data is taken very seriously."
edco
commented
1 year ago Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
In the modern security landscape, the default question with regard to handing data over to a third party isn't "Why wouldn't we?" it's "Why would we do this?" closely followed by "Is there an alternative product that won't force us to do this?"
Massive security breaches against companies holding onto data they have no justifiable need to retain, and/or which turns out not to have been as well secured as they had thought, have become commonplace. Every new company that wants us to send internal information to their servers is an added risk, so there needs to be a benefit that outweighs the risk, and I'm just not seeing it here.
FishermansEnemy
commented
1 year ago We are sunsetting Scratchpad - you can read more about it here in the blog.
Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
I do penetration testing of APIs and I cannot store customer data in the cloud. Make this a payable local option if you want cash that bad, but there are a lot of us who simply cannot store our customers data on systems not under our control.
tecfu
commented
1 year ago docker run -it hoppscotch/hoppscotchQuick fix is to drop Postman and go to Hoppscotch. Includes collections functionality, open source. Run it using docker.
mmbarness
commented
1 year ago Not really. Hoppscotch only works with oauth.
tecfu
commented
1 year ago @mmbarness Because you actually ran that docker command and tried to import/export collections without signing in on Hoppscotch, right?
You wouldn't just come on Github and start posting misinformation because you couldn't be troubled to actually go test if something works, right?
Why don't you post us a screencast of how you can't save collections without sign-on when running a docker instance of Hoppscotch.
docker run -it hoppscotch/hoppscotch
artsiom-tsaryonau
commented
1 year ago @tecfu Is there a standalone hoppscotch app that does not require docker?
But it is a bummer that Postman now requires accounts for collections. Who would want to expose corporate API to external service in the first place? Especially with environments and credentials. Bummer.
gbg-sany
commented
1 year ago You can download older versions from the CDN:
https://dl.pstmn.io/download/version/<VERSION>/linux64 https://dl.pstmn.io/download/version/<VERSION>/osx64 https://dl.pstmn.io/download/version/<VERSION>/win64But that will not help, because the auto update will bring your postman to the latest version.
you can disable the mayor updates in settings
the latest versions with offline support (scratch pad)
https://dl.pstmn.io/download/version/10.13.6/linux64 https://dl.pstmn.io/download/version/10.13.6/osx64 https://dl.pstmn.io/download/version/10.13.6/osx_arm64 https://dl.pstmn.io/download/version/10.13.6/win64
Thanks.
For those using MacOS and previously had already downloaded the corrupted newest version may face the issue Version mismatch (https://github.com/postmanlabs/postman-app-support/issues/7553). Then you can remove folders below before you install the older version that allow Collection:
~/Postman
~/Library/Application Support/Postman
FYI, create collection first and import your previous collection if has any before update to latest (10.16.0 at the moment) then your collection will not be blocked.
rnoack1
commented
1 year ago We also will not be able to continue using Postman due to corporate requirements not to create an account. Highly recommend to Postman devs to immediately reconsider this invasive anti-security feature that will cause them to lose users, and make everyone else's lives more difficult.
martin-vavrusak
commented
1 year ago +1 for bringing back offline local collections. Similar reasons as already mentioned. Obviously it is not technical decision as older installations can keep using offline collection made before, but product/sales decision.
kretschmannj
commented
1 year ago Ditto what everyone else said. I guess I'll try downgrading/installing an older version and disabling auto-update. Maybe I'll have a look at Hopscotch.
rnoack1
commented
1 year ago Since yesterday we have also found an alternative called Insomnia: https://github.com/Kong/insomnia , It has plugins to support AWS sig v4, etc. which did not seem to be possible with Hopscotch. At this point, we won't be looking back - Postman is in our past.
jcmunioz
commented
1 year ago Also, We'd love to know why you wouldn't want to sign up - this will help us understand your constraints better.
My employer doesn't allow signing in nor signing up. Actually, the login page is blocked.
rgrouchy
commented
1 year ago @giridharvc7 The straightforward assertion that "we at Postman take data security very seriously" appears to hint at a potential area where further comprehension and awareness regarding data security is needed in your company. I, for one, will need to find a new tool since storing our company's confidential REST APIs and other coveted Intellectual Property in your data network is not an option.
Postman, please reconsider.
Thanks, Rick
vladimirzind
commented
1 year ago Thank you for download links. However, update to any v10 version immediately includes this "feature" even if File/Settings/Update/Automatically download major updates is turned off. I have switched of my connection during installation and first start. On the second start, Postman downloaded v10.17. On the third start Sign in popup was there and Postman got updated to 10.17.
It looks like Postman considers that this feature falls under "Postman automatically downloads minor updates and bug fixes." It had download 10.17 right in front of me.
Solution for me was downloading last v9 version (by adapting your download links): https://dl.pstmn.io/download/version/9.31.28/win64
This now works as expected.
Best Regards,
Vladimir
giridharvc7
commented
1 year ago Our priority is to maintain Postman's commitment to delivering value to our customers. To understand why we have deprecated the Scratchpad feature, please refer to this blog.
In a nutshell, all fresh installs will not contain Scratchpad. Users updating the app will still continue to see scratchpad as long as they have collections in the scratchpad.
For all the questions on how we can serve you better whether it being your organization's constraints or any questions on security & compliance, do write to us at migrate@postman.com. This will help us answer your questions and concerns better.
Is there an existing issue for this?
Describe the Issue
After reinstalling Postman on my Mac and deleting the config-folder
~/Library/Application\ Support/Postman/, I can't create collection or import existing from folders. Postman collection are not longer usable without an account. That's really sad. It seems that the developers of Postman want to force users to have an account, although this is not necessary for the offline client.Steps To Reproduce
~/Library/Application\ Support/Postman/Screenshots or Videos
Operating System
macOS
Postman Version
10.15
Postman Platform
Postman App
User Account Type
Signed Out User
Additional Context?
No response