Insomnia

Introduction

Insomnia Core is a Desktop API client for Rest and GraphQL. Make requests, inspect responses. 

Note: Insomnia Designer and Insomnia Core have been merged. Following the Insomnia 2021.1 release there will no longer be an Insomnia Core or Insomnia Designer, only Insomnia.

Available at:

https://insomnia.rest/products/core/

Using Insomnia:

https://support.insomnia.rest/category/19-using-insomnia?sort=popularity

Importing and exporting data

Ref. > https://support.insomnia.rest/article/52-importing-and-exporting-data

Application > Preferences > Tab 'Data' > Export Data > All Workspaces

Environment

Ref. > https://support.insomnia.rest/article/18-environment-variables

Sample:

{

  "enpoint_prefix": "https://myapp-pre.cou.edu/myapp_back",

  "oautht": "yGBpaFAP3FJg90gFjn9Dt4sCPnzUH9aDVQhqAeJuG6A.J1-1EXIkPISE-vdKjCPaItqwF0GqT_IrquIx5iTEPci",

  "merida": {

     "academicRecordCode": 798353

  }

}

Referencing environment variables:

• Summon the autocomplete dropdown by pressing Control+Space 

• Allow the autocomplete to show automatically as you type 

Template Tags (Generator Tag)

Ref. > https://support.insomnia.rest/article/40-template-tags

Template tags are closely related to Environment Variables. They can be used in the same places and they behave in a similar way. The main difference is that template tags are more like operations, not variables. Tags can do things like transform strings, random numbers, UUIDs, timestamps, and so on.

Available as of 2020-02-02:

• Base64

• Hash

• File

• Timestamp

• UUID

• Prompt

• Request

• Response

• JSONPath

• Cookie

OAuth2 validate access token [/oauth2/introspect]

Reference:

• Invoke the OAuth Instrospection Endpoint [https://is.docs.wso2.com/en/latest/learn/invoke-the-oauth-introspection-endpoint/]

cURL to validate access tokens obtained with client credentials from the endpoint /oauth2/token:

curl --request POST \

  --url https://auth.cou.int/oauth2/introspect \

  --header 'Content-Type: application/x-www-form-urlencoded' \

  --header 'accept: application/json' \

  -H 'Authorization: Basic <REPLACE_BY_BASE64(hydra_clientid:hydra_secret)>' \

  --data 'scope=<REPLACE_BY_SCOPE>' \

  --data 'token=<REPLACE_BY_ACCESS_TOKEN_TO_BE_VALIDATED>'

Note: The 'grant_type' and 'scope' are optional

Sample failure response:

{"active":false} 

Sample success response:

{

  "active": true,

  "scope": "myapp.whatever",

  "client_id": "<the client id>",

  "sub": "<the client id>",

  "exp": 1660073569,

  "iat": 1660062769,

  "iss": "https://auth.cou.int"

}

The following image shows the configuration for validating obtaining the OAuth access token and sending in as 'Bearer' in the Authorization header:

11. OAuth2 get access token [/oauth2/token]

11.2. grant_type=authorization_code

After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.

Detailed example at:
https://fireflysemantics.medium.com/oauth-authorization-code-grant-flow-demonstrated-with-curl-71543ba6c3f7

11.2. grant_type=client_credentials 

Getting an access token using cURL providing client credentials, eg:

curl --request POST \

 --url https://auth.cou.int/oauth2/token \

 --header 'Content-Type: application/x-www-form-urlencoded' \

 --header 'accept: application/json' \

 --data grant_type=client_credentials \

 --data client_id=<<<the client id>>> \

 --data 'client_secret=<<<the client secret>>>' \

 --data scope=myapp.myscope

Sample response:

{

 "access_token": "sw-TW-kDTZg_jJ-7CjcvrCwBSipYNBZCgkRW6o.ExhtayRhyNV8T5fAm64P4fo3",

 "expires_in": 10799,

 "scope": "myapp.myscope",

 "token_type": "bearer"

}

The following images show the Insomnia configuration for validating an OAuth access token:

Chaining requests

Ref. > https://support.insomnia.rest/article/43-chaining-requests

Sample (reuse JWT token from the response of another operation):

Header value:

Bearer [Response => Body Attribute]

where 'Filder (JSONPath or XPath) extracts the value of the JSON 'jwt' key:

$.jwt

cURL

Import (cURL)

Paste the cURL at the address bar of the request, Insomnia will automatically build the request with their Query, Header, etc.

Export (cURL)

• Right click the button [Send] at the address bar of the request

• Click 'Generate Client Code'

• Choose 'Shell' and 'cURL'

• Cick button 'Copy to Clipboard'

GraphQL

When creating a request, choose POST > GraphQL Query

Sample endpoint: http://localhost:8080/graphql

Sample body:

query ListBooks {

  myBooks: getAllBooks {

    id

    author

    title

  }

}