We Build APIs Now. All of Us.
At some point in the last ten years, the web development world shifted from "some teams build APIs" to "every team builds APIs." Microservices, mobile backends, third-party integrations, webhooks, serverless functions -- all of it communicates through APIs. And if you are building or consuming APIs for any portion of your workday, you need a tool to test them. You could use cURL in the terminal. You could write scripts. Or you could use Postman, which roughly 30 million developers do.
I have been one of those 30 million for about five years. Postman started as a Chrome extension for sending HTTP requests, and I actually remember using it in that form. It was simple and it was fast. You typed a URL, picked a method, added some headers, hit Send, and looked at the response. That was the whole product.
Today? Postman is a platform. It has workspaces, mock servers, monitors, Flows (a visual programming thing), AI assistants, API governance tools, public API networks, and about fifteen other features I'm probably forgetting. And honestly, this growth is where the interesting tension lives. Postman got bigger because APIs got more complex. But did it get too big? There is an argument for both sides, and I want to work through it by describing how I actually use the tool, not just listing features.
A Day in My Actual API Workflow
Let me walk through a real scenario from last week. I was integrating a third-party payment API into a project. The API had about thirty endpoints covering customers, charges, subscriptions, and webhooks. Here is how Postman fit into the process.
First, I imported the API's OpenAPI specification into Postman. It automatically generated a collection of all thirty endpoints, organized into folders. Each request had the right URL structure, parameters, and example bodies pre-filled from the spec. This alone saved me maybe thirty minutes of manually setting up requests.
Then I created an environment with variables for the base URL, API key, and a test customer ID. I started hitting endpoints -- create a customer, retrieve the customer, create a charge, list charges. For each response, I could inspect the JSON body, check headers, see response timing. The response panel highlights JSON beautifully, and you can collapse and expand nested objects which is really helpful when responses are deep.
Here is where collections become powerful. I wrote test scripts for each request. For the "create customer" request, the test checked the status code (201), verified the response had the expected fields, and -- this is the key part -- saved the returned customer ID as a collection variable. The next request, "create charge," automatically used that variable. So I could run the whole collection in sequence and it would create a customer, then charge that customer, then retrieve the charge, testing the full flow.
Is this something I could do with cURL and a shell script? Yes. But it would take five times as long and I would not have the visual feedback, the response inspector, or the ability to share the collection with my team.
Environments and Variables: The Quiet Power Feature
One thing that does not get talked about enough is how environments change the way you work with APIs. I have three environments: Development, Staging, and Production. Each has a base URL, API key, and some seed data variables. When I switch environments, every request in my collection instantly points to the new server. No URL editing, no copy-pasting credentials. Just a dropdown switch.
Variables go deeper than environments, though. Collection variables persist for a collection. Global variables are available everywhere. Local variables exist only during a single run. And the way they chain together is genuinely clever -- a pre-request script can authenticate, store the token as a collection variable, and every subsequent request uses it automatically. I have collection runs that execute 50+ requests in sequence, each one depending on data extracted from the previous response. Setting this up takes time, but once it works, you have an automated regression test for an entire API surface.
The Bloat Question
I want to address this directly because it comes up in every Postman conversation. Postman is not the lightweight tool it used to be. The desktop app is an Electron app, and it consumes memory like Electron apps do -- 500MB to 1GB of RAM is not unusual. When you have a large workspace with many collections and environments, the app can feel sluggish. Switching between tabs is not always instantaneous. Search, while improved, can be slow in large workspaces.
There is also the forced cloud sync issue. Postman requires you to sign in and syncs your collections to their cloud by default. You can work offline temporarily, but the tool is designed around cloud-first collaboration. For developers who work with sensitive API keys and do not want their credentials sitting on Postman's servers -- and I understand that concern -- this is a real problem. You can use Postman's vault feature for secrets, which stores them locally. But the overall architecture assumes cloud sync.
And then there are the features that you might never need. Flows. Governance rules. API design mode. Public workspaces. For a solo developer who just wants to test endpoints, all of this is noise. The interface tries to surface relevant features, but the navigation can feel overwhelming when you are just trying to fire off a quick GET request. I sometimes open Postman for something simple and feel like I walked into an enterprise software suite when I just wanted a screwdriver.
Monitoring and CI/CD: Where Postman Earns Its Keep
For teams, though, the advanced features are where Postman transitions from "nice to have" to "hard to replace." Monitors run your collection tests on a schedule -- every five minutes, every hour, whatever you configure. They run from Postman's cloud infrastructure and alert you if tests fail. I have a monitor checking our production payment API every fifteen minutes. Last month, it caught a 502 error from our payment provider at 3 AM, thirty minutes before any user-facing impact. That alone justified the subscription cost.
Newman, the CLI companion, runs collections in CI/CD pipelines. We integrated it into our GitHub Actions workflow so that every PR triggers a full collection run against our staging environment. If any API test fails, the PR can not merge. Setting this up took about two hours, and it has caught real regressions. API endpoint returns a different field name? Newman catches it before it hits production.
Mock servers are another feature that earns its keep in team workflows. You define example responses for your API endpoints, and Postman generates a mock server URL that returns those responses. This lets frontend developers build against an API that does not exist yet. We used this during a project where the backend team was two sprints behind the frontend. Instead of blocking on the backend, the frontend team pointed their HTTP client at the Postman mock server and built the entire UI against the expected API contract. When the real backend was ready, switching the base URL was the only change needed. The total time saved was about three weeks of frontend developer time that would have otherwise been spent waiting or building temporary stubs.
Documentation generation is another area where Postman quietly excels. From any collection, you can publish interactive API documentation with a single click. The generated docs include endpoints, descriptions, example requests and responses, and a "Run in Postman" button that lets anyone import the collection directly. We used this to document an internal API for a partner integration. The partner's engineering team had questions answered by the documentation before they even contacted us. For teams that dread writing API docs manually, this feature alone might justify the adoption of Postman -- the documentation stays in sync with the collection because it is generated from it, so it never goes stale the way a separate Confluence page or Markdown file inevitably does.
Pros and Cons
Pros
- The request builder is still the best visual interface for crafting and inspecting API calls
- Collections with chained variables and scripted tests are genuinely powerful for automated testing
- Monitors catch production issues at 3 AM so you do not have to be awake for them
- Newman CLI integrates cleanly into CI/CD pipelines -- two-hour setup, ongoing value
- Workspaces make sharing API knowledge across a team feel natural
- OpenAPI import saves serious time when onboarding to new APIs
- The ecosystem is enormous -- public collections for most major APIs, extensive docs
Cons
- The Electron app is heavy -- 500MB+ RAM for what started as an HTTP client
- Forced cloud sync and mandatory account creation is a reasonable concern for security-sensitive work
- Feature overload makes the interface feel cluttered for developers who just need to send requests
- Free tier limits have tightened -- 25 collection runs per month is easy to hit
- The jump from free to paid ($14/user/month for Basic) is steep for small teams
- Postbot AI is useful but not yet reliable enough to fully trust without review
Pricing: The Honest Version
Postman's pricing page shows four tiers, but here is what matters in practice:
Free -- good enough for solo developers on small projects. The catch is 25 collection runs per month. If you are running automated test suites regularly, you will burn through those fast. Also limited to 3 collaborators.
Basic at $14 per user per month -- removes the collection run limit and bumps the collaborator cap to 50. This is the tier most small-to-medium teams land on. The price is fair, but it adds up: a team of 8 is paying $112/month for an API testing tool. Whether that is worth it depends on how central API testing is to your workflow.
Professional at $29 per user per month -- adds API governance rules, custom documentation domains, and advanced role management. This is for larger organizations that need compliance features.
Enterprise at $49 per user per month -- SSO, SCIM, advanced audit logs, secret scanning. The full enterprise package.
My honest take: the free tier is fine for trying things out and for personal projects. If you have a team of 3-15 developers who test APIs daily, the Basic plan is worth the money because the time saved by shared collections and automated testing easily exceeds the cost. Beyond that, it depends on whether your organization specifically needs the governance and security features.
The Alternatives: Genuine Deliberation
Postman vs. Bruno
Bruno is the one I keep thinking about. It stores collections as files on your filesystem using a simple markup language. Your API collections live in your git repo alongside your code. No cloud sync. No account required. The privacy story is bulletproof. The downside? Bruno is still maturing. No monitors, no mock servers, no team workspaces. For a solo developer who wants version-controlled API collections without vendor lock-in, Bruno is genuinely appealing. For a team that needs collaboration and automation, Postman is still ahead. I think Bruno is going to be a serious competitor in two years.
Postman vs. Insomnia
Insomnia is cleaner and lighter. It does not try to be a platform -- it is a tool. Git-based sync, no mandatory cloud. The interface is less cluttered. For someone who just needs a good request builder with environment support and does not care about monitors or workspaces, Insomnia is a strong alternative. But its scripting and testing capabilities are not as deep, and the community is smaller. If Postman feels like too much, Insomnia might be just enough.
Postman vs. Thunder Client
Thunder Client runs inside VS Code. You never leave your editor. For quick API checks during coding -- "does this endpoint return what I expect?" -- it is perfect. For anything beyond that -- shared collections, automated test suites, monitoring -- it falls short. I use Thunder Client for quick checks and Postman for serious testing work. They complement each other more than they compete.
Postman vs. Hoppscotch
Hoppscotch (formerly Postwoman) is the open-source, browser-based alternative that keeps gaining traction. It loads instantly because it is a web app, has no Electron overhead, and the interface is refreshingly minimal. For quick one-off requests, it is genuinely faster than Postman because there is no startup delay and no account requirement. The self-hosted option appeals to teams with strict data residency requirements. But Hoppscotch lacks the depth of Postman's testing scripts, its monitor system, and the ecosystem of public collections. Think of it as the lightweight counterpart -- excellent for developers who want speed and simplicity, insufficient for teams that need automated testing workflows and shared workspaces at scale.
What I Would Recommend
My Take: 4.5 / 5
If you are a solo developer who tests APIs occasionally and values simplicity, look at Bruno or Thunder Client first. They do the core job without the overhead. You might not need Postman.
If you are on a team of 3 to 15 people who build and consume APIs as a regular part of your work, Postman is hard to beat. The combination of shared collections, environment management, automated testing, and CI/CD integration through Newman creates a workflow that saves more time than it costs. The Basic plan at $14/user is a fair price for this.
If you are at an organization with 50+ developers and care about API governance, standardization across teams, and security compliance, Postman's Professional and Enterprise tiers offer features that alternatives simply do not have.
The 4.5 reflects a tool that is the best at what it does, with the caveat that what it does has grown broader than what many users actually need. Postman's challenge going forward is not adding more features -- it is making sure the core experience stays fast and focused even as the platform expands. Right now, it mostly succeeds at that. Mostly.
Comments (3)