James Espie, Test Specialist

Testing an endpoint protected by an anti-forgery token using Postman

30 days of Testability, day fifteen

Better late than never

So, I’m still working through the 30 days of Testability. It’s taking a lot longer than I thought, but, it’s OK - the goal is to do the exercise and learn, not to meet a deadline. Which is what I’ve been doing :)

We’re up to day 15. Which is:

Share a blog post that you found interesting related to testability. Don’t forget to use the hashtag #30DaysofTesting if you share on Twitter

So, here’s a blog post about a blog post!

Anti forgery tokens

I had the pleasure of working with Ankur Sheel recently. I found he’d made a blog post about a task we worked on together, and I think there’s an interesting conversation to be had around it.

Here’s the post: How do you use Postman to test Ajax endpoints that are protected with an anti-forgery token?

Well? How do you use Postman to do… that?

I chatted to Ankur about it - here’s our conversation:

Talk to developers

Ankur raises a really good point in this video. The short version is: there was a big gap between an item being ready to test, and me being able to test it. As we’ve discussed previously, this gap is a sign of poor testability!

But - once I talked to Ankur, he used his skills to find a way around it. Which increased testability, enabled me to get feedback to him faster, and overall increased our performance.

The moral of the story is, to talk to developers about problems like these!


I’ve worked with some amazing people over the years, and Ankur is one of my favourites - he’s a great person, and really smart too. Be sure to check out!

Thanks Ankur for your time, and as always, thanks for reading and viewing!