Using Postman in production

New to Postman and APIs in general.

I’m using the Knack API (API docs).

The docs say to make my API calls from “server-side code, not client-side code, to keep API keys secret.”

However Knack doesn’t provide a way to add “server-side code”. It has an admin panel + API, but lacks ability to run your server code. That part is our responsibility.

So as a client-side JavaScript person, knowing nothing about the server-side, I thought I could use a third-party tool such as Postman to make API calls safely.

Is this an acceptable use of Postman? Are people using Postman in production or testing only?

You can provide your API key in your Postman request header to test the Knack APIs. But (if I understand your larger question) it’s not a general purpose API library for use in your production client-side applications. As one approach, your client side app could authenticate to your custom back-end service (via user/password, e.g.) which could then safely make authenticated requests to Knack.

Hope this helps.