💥 $100 Community Challenge – Postman Mistakes That Taught Me Something | 24 Hours Only

The weekly community challenge is live!

Share one genuine mistake you have made while using Postman. It could be related to Collections, Environments, Variables, Scripts, Monitors, Mocking or Collaboration.

Explain:

• What you were trying to achieve
• What went wrong
• How you realised the mistake
• What you changed afterwards

Keep it under 200 words and include either:

• A small snippet of a test or script involved
• A screenshot of the relevant part of your setup

To qualify for the cash prize, you must also leave thoughtful feedback on at least one other submission. Your feedback should reference something specific in their story.

Prize: $100 Visa Gift Card

Timing: This challenge runs from 10am GMT on Wednesday to 10am GMT on Thursday

How to enter: Reply to this thread during the challenge window

The winner will be announced here on Friday. Go

This contest is open worldwide to participants 18+. By entering, you grant Postman the right to feature your submission on our website, blog, and social channels.

One genuine mistake: “Why Isn’t This Updating?”

While working in a shared Collection in Postman, I updated a request test to fix a failing assertion. I ran it again. It still failed. I tweaked it. Ran it again. Still failed.

When i was using postman for first time after 10 minutes of debugging, I realised something embarrassing: “I never clicked Save”.

The Collection Runner was executing the previously saved version of the request not the changes sitting in my tab. Even tho i know now it still happens lol.

What I was trying to achieve: Fix a failing test before pushing to the team workspace.

What went wrong: I assumed Postman auto-saved.

How I realised: I opened the request in a new tab and saw my “fix” wasn’t there.

What I changed: Now I hit Ctrl+S before every run.
And I double-check the “unsaved changes” dot before running collections.

Lesson: Sometimes the bug isn’t logic.
It’s muscle memory created using code editors or other tools.

If u ever see dots likes these on top of your requests please save before u proceed.

Screenshot 2026-02-18 1546071536×141 17.3 KB

I have 100% been caught by this over the years when using the Collection Runner - It happens to us all

Something that might help you out here is enabling the Autosave option from the General Settings.

image1152×508 37.8 KB

haha yup It happens all the time and now i have learned what to do.

I see u leaked the hack :(( …. JK

What I was trying to achieve:
I was testing a secured GET request using a Bearer token and expected a normal 200 response.

What went wrong:
The request kept failing with 401. I tried changing the token directly in the Headers tab, but nothing updated. I later realised the Authorization tab was already set to Bearer Token, so Postman kept generating its own Authorization header and overriding the one I edited manually.

How I realised the mistake:
The warning message in the Headers section and the cURL preview showed that my manual header wasn’t actually being used.

What I changed afterwards:
Now I manage authentication from the Authorization tab instead of manually editing headers. It keeps things consistent and avoids silent overrides. If I ever use Headers for auth, I make sure the Authorization tab is disabled.

Small detail, but it taught me to check how Postman builds the final request — not just what I type into the header field.

image1417×779 56.9 KB

A reminder for all entries to be eligible for the prize

Mistake: Monitors using collection variables instead of environments.

Goal: Set up daily monitors for my DJ API v2 collection to catch regressions. Used collection variables for {{baseUrl}} and {{expecteddailycalls}} in cost tests.

What went wrong: Monitors ignored collection vars, using empty/null values. Tests failed silently (0 calls detected), no alerts for $12/mo DJ API overspend.

How I realised: The cost dashboard showed $0 everywhere despite 80 calls/day. Checked monitor logs, vars blank. Docs confirm: Monitors only read environment vars.

Monitor Log (actual output):
“expecteddailycalls_getbooks: undefined”
“Daily cost: NaN > 0.10? FAIL (silent)”
“baseUrl: undefined → 0 calls detected”

Collection Runner (working):
“expecteddailycalls_getbooks: 10000”
“Daily cost: 0.05 OK ”

Fixed:
Moved all to the environment:

pm.environment.set("expecteddailycalls_getbooks", 10000);

pm.test("Daily cost OK", () => {
    let calls = pm.environment.get("expecteddailycalls_getbooks") || 0;
    let cost = calls \* 0.005;
    pm.expect(cost).lte(0.10);
});

Now monitors fire correctly, Slack alerts on budget overruns.
Learned: Always use environment vars for Monitors.

Excellent insight on the Authorization tab overriding manual headers. The cURL preview check is a practical tip I will adopt to avoid similar 401 pitfalls in future tests.

What I was trying to achieve: Signing API requests from Postman to my C++ payment gateway using HMAC-SHA256. Simple enough — store the client_secret in an environment variable, sign the payload, done.

What went wrong: Every request came back 401 Invalid Signature. I was convinced something was off in my OpenSSL code on the C++ side. Spent like 3-4 hours there. Recompiled probably 6 times.

How I realised: Eventually gave up on C++ and just started logging everything in Postman out of desperation:

javascript

const rawKey = pm.environment.get("client_secret");
console.log(JSON.stringify(rawKey)); // "my_secret_key\n"

There it was. A \n I’d accidentally copied when pasting the key. Postman was hashing that invisible newline the whole time. My C++ was fine.

What I changed:

javascript

const cleanKey = pm.environment.get("client_secret").trim();
const signature = CryptoJS.HmacSHA256(payload, cleanKey).toString();
pm.request.headers.add({ key: "X-Signature", value: signature });

That silent failure with NaN is actually terrifying for a billing monitor . I honestly didn’t know monitors completely ignored collection vars like that.

I just posted about my own struggle with Environment variables (hidden newlines breaking my hashes), so I totally feel your pain on how tricky variable scope can get. Great catch!!

I once spent an hour debugging why my “staging” tests were behaving strangely. Everything looked correct the staging environment was selected, the requests were clean and my Postman CLI runs were part of CI.

Then a test updated production data.

That’s when the panic set in.

I double-checked the environment dropdown. Still staging. So I used Ctrl+Alt+C (Copy as cURL) one of the best features in Postman and pasted the request into my terminal. The generated command clearly showed the production URL.

The issue wasn’t the environment.

It was variable scope.

I had defined baseUrl as a Global variable, not an Environment variable. Postman was resolving the global value first everywhere, including CLI runs.

The Console confirmed it:

console.log("Resolved URL:", pm.variables.get("baseUrl"));

Seeing production there made it obvious.

I deleted the global variable immediately and now scope critical URLs strictly to environments. Before any run, I log the active environment and base URL.

That mistake taught me something simple: in Postman, scope is safety.

I really liked how you showed the actual monitor logs seeing “undefined” there made the issue instantly clear.
Maybe you could add one quick line on why monitors don’t read collection variables ?

As a QA engineer, The common mistake I did in my earlier days was I often use same variable name in both “Collection variable” and “Environment variable” (or I use the same name which was already used by my team mate in another test in different scope). I spent lot of time in debugging during the dry run (of course things were even working fine on the actual app).Now I started using prefix to differentiate this (i.e, cv_id, ev_id)

For some reason I always use Environment variables for my monitors. Good to know “monitors” does not use collection variables.

Mistake: Async Pre-request Scripts Racing Request Execution in Collection Runner

What I was trying to achieve: Refresh OAuth tokens before each request in a payment API collection using pm.sendRequest() in pre-request scripts.

What went wrong: Tests passed locally but failed 40% of the time in our CI/CD pipeline with “401 Unauthorized” despite logs showing fresh tokens.

How I realised: The cURL preview showed STALE tokens. I traced it: my pre-request script was async, but request headers were built synchronously before the script finished.

The bug:

pm.sendRequest({url: auth_url, method: "POST"}, (err, res) => {
  pm.environment.set("token", res.json().access_token);
});
// Request sent BEFORE callback executes!

The fix:

await new Promise(resolve => {
  pm.sendRequest({...}, (err, res) => {
    pm.environment.set("token", res.json().access_token);
    resolve();
  });
});

Lesson: Collection Runner executes scripts differently than the GUI. Timing + async operations matter. I now verify token freshness in Tests, not pre-request handlers.

Great insights from @dhanvantari on monitors and @suraif16 on auth headers execution context gotchas run deep!

Brilliant catch on the monitor variable scope issue! Your approach of showing both the monitor logs (showing “undefined”) AND the Collection Runner output (showing “10000”) is exactly what makes this so practical it helps others instantly see the difference instead of just guessing.

The $12/day cost impact really highlights why this matters in production monitoring. I was building something similar last month with async token refreshes in pre-request scripts, and I noticed Collection Runner has these subtle execution context differences that don’t show up locally.

Your lesson “Always use environment vars for Monitors” deserves a callout in the Postman docs because it’s clearly a gotcha. The monitor logs clearly showing empty/undefined is the key debugging signal people should watch for.

Great documentation of the problem and the evidence!

I believe that there is some misunderstanding or misinformation happening here around using Collection Variables with Monitors.

These do work with Monitors, using either a static value in the Variable table or using a script inside a request.

I can see a potential for this not working as expected if you had a Collection Variable and the value was only set in the Value column and not the Shared Value column.

10000269741075×442 54 KB

10000269731075×1776 183 KB

As it’s a cloud based Monitor, it would need access to the synced/shared value as it wouldn’t know what the local or session value is and would return empty.

10000269751075×367 44.8 KB

10000269761075×1790 210 KB

If that’s not the case and you’re seeing something different or you’re running a different flow, I’d love to explore that more.

This is a common issue when you have different variables with the same name, in different scopes.

Understanding how the different scopes work and the ordering is a great way of know what will work in a given scenario.

There are various places in the UI where this is highlighted so you have more visibility over which value is going to be used or overridden.

The awesome @gbadebo-bello recently created a video all about variables in Postman, it’s worth checking out:

One of the best ways to know what is being used in a request, is opening the All Variables feature to see exactly what is being used.

This lists all variables, at all scopes but also which ones are being used in the open request:

10000269771075×723 71.3 KB

What you were trying to achieve

I often use curl to request from CLIs and postman. It’s a convenient method to understand API str.

What went wrong

I always used to manually paste all the headers, url, payload body. That was seriously a lot of work.

How you realised the mistake

I still remember, I was watching a full-stack tutorial by 100xdevs, then host just opened postman and added curl in request and the whole block disappears. Felt like magic at first. Then did a rewind and noticed he copied and just pasted that curl.

What you changed afterwards

This was like a gem to me and it’s super efficient. That was the time api testing and backend dev become faster.