Managing digital membership passes efficiently is crucial, especially when users uninstall their passes. This guide walks you through setting up Postman Collections to automate bulk deletion of uninstalled members in PassKit. You'll learn how to configure a workspace, environment, and API requests to streamline the process, ensuring a smooth and efficient cleanup.
Terminology
API (Application Programming Interface)
A set of rules that allows different software systems to communicate. PassKit provides APIs for integrating digital passes into applications.
API Key
A unique code used to authenticate API requests. PassKit provides API keys to developers for secure integration with the platform.
Authentication Token
A secure token used to authenticate API requests or user access to digital passes. Examples include JSON Web Tokens (JWT) and OAuth tokens.
Collection
A Collection in Postman is a set of grouped API requests that can be executed together. This guide uses a collection to fetch and delete members in bulk.
Environment
A Postman Environment stores key-value pairs (variables) that can be reused across requests. This allows you to store credentials, API keys, and dynamic variables.
HTTP/HTTPS
Protocols used for transmitting data over the internet. PassKit uses HTTPS to ensure secure communication.
JWT (JSON Web Token)
A secure token used for authentication in API calls. It contains encoded information that verifies identity and permissions.
Membership Program
A program that allows users to manage and distribute digital membership passes, which can be tracked via API calls.
Pass Status
The status of a digital pass, which determines whether it is active, expired, uninstalled, or invalidated. This guide focuses on pass_uninstalled members.
REST (Representational State Transfer)
An architectural style for designing networked applications. It relies on a stateless client-server communication model and uses standard HTTP methods to interact with resources.
Workspace
A Postman Workspace is a collaborative environment where you can organize API requests, collections, and variables. You need to create a workspace to manage your API calls effectively.
Create a workspace
If you do not already have a workspace in Postman, follow these steps:
Log in to your Postman account.
Click on Workspaces in the top-left menu.
Click Create Workspace.
Select Blank Workspace, then click Next.
Choose a name for your workspace and click Next.
Your workspace is now ready.
Create your environment
To automate API requests, you need to set up an environment with required variables.
How to Create an Environment in Postman
Click on Environments in Postman.
Click on the plus button to create a new Environment
Create 4 variables:
PK_API_KEYPK_API_SECRETmemberIdsjwt
Set variable types:
Select "secret" as the variable type for
PK_API_KEYandPK_API_SECRET,jwt
Copy your API Key and Secret from the PassKit Developer Tools section and paste them into the Initial Value and Current Value fields.
Select this environment from the top-right dropdown menu in Postman.
Create a new Collection
Now, create a Postman Collection to organise and run API calls efficiently.
Click on Collections.
Click the + (plus) button to create a new collection.
Click on Scripts > Pre-request Script.
Paste the following script to generate a JWT before each request
var apiKey = postman.getEnvironmentVariable("PK_API_KEY"),
apiSecret = postman.getEnvironmentVariable("PK_API_SECRET");
var jwtBody = { "uid": apiKey, "exp": Math.floor(new Date().getTime() / 1000) + 600, "iat": Math.floor(new Date().getTime() / 1000)};if (request.hasOwnProperty("data") && request.data !== undefined && request.data.hasOwnProperty("length") && request.data.length > 0) { jwtBody.signature = CryptoJS.SHA256(request.data).toString(CryptoJS.enc.Hex);}postman.setEnvironmentVariable('jwt', generateJWT(jwtBody, apiSecret));function generateJWT(body, secret) { header = { "alg": "HS256", "typ": "JWT" }; var token = []; token[0] = base64url(JSON.stringify(header)); token[1] = base64url(JSON.stringify(body)); token[2] = genTokenSign(token, secret); return token.join(".");}function genTokenSign(token, secret) { if (token.length != 2) { return; } var hash = CryptoJS.HmacSHA256(token.join("."), secret); var base64Hash = CryptoJS.enc.Base64.stringify(hash); return urlConvertBase64(base64Hash);}function base64url(input) { var base64String = btoa(input); return urlConvertBase64(base64String);}function urlConvertBase64(input) { var output = input.replace(/=+$/, ''); output = output.replace(/\+/g, '-'); output = output.replace(/\//g, '_'); return output;}Now, each API request will be authenticated using JWT.
Set up your API calls
Next we will be setting up two api calls
The first pulls a list of all the members that have uninstalled the pass
The second call will delete each member in the list
List Members API Call
Click Add Request.
Select POST for the call type
Use the endpoint:
https://api.pub1.passkit.io/members/member/list/:programId
Path Parameter: Enter your
programIdin the value box under path parametersClick on Auth > No Auth.
Click on Headers and add the header
Authorizationwith the value{{jwt}}
Please check your API prefix in the developer tools section as you may need to adjust it based which server you are on. See SDK and API Configuration Settings for more details.
Click on Body > Raw and paste the payload
{ "filters": {"limit": -1,"filterGroups": [{"fieldFilters": [{"filterField": "passStatus","filterValue": "pass_issued","filterOperator": "eq"}]}]}}
You can also use the List Members Call to list members who have yet to install the pass or passes that have been deleted or expired using the filter value "pass_issued" or "pass_invalidated" instead of "pass_uninstalled". For more filter fields and values, see Membership Protocol: Filtering, Listing and Counting by API
Post-response Script (Store Member IDs)
Click on Scripts > Post-response and paste the code shown below
pm.test("Store all member IDs from response", function () {
var rawResponse = pm.response.text(); // Get raw response text
var memberIds = pm.environment.get("memberIds") ? JSON.parse(pm.environment.get("memberIds")) : [];
try { // Split response into separate JSON objects (new line is used as a delimiter) var jsonObjects = rawResponse.split("\n").filter(line => line.trim() !== ""); jsonObjects.forEach(obj => { try { var json = JSON.parse(obj); // Parse each individual JSON object if (json.result && json.result.id) { memberIds.push(json.result.id); } } catch (e) { console.error("Error parsing JSON object:", e); } }); // Store the updated list in the environment pm.environment.set("memberIds", JSON.stringify(memberIds)); } catch (e) { console.error("Error processing response:", e); }});Run the request to verify it correctly retrieves member IDs. You should see an array of member Ids in the memberIds variable in the Environments section.
Delete Member API Call
Click Add Request.
Select DELETE for the call type
Use the endpoint:
https://api.pub1.passkit.io/members/member
Click on Auth > No Auth.
Click on Headers and add the header
Authorizationwith the value{{jwt}}
Please check your API prefix in the developer tools section as you may need to adjust it based which server you are on.
Click on Body > Raw and paste the payload
{"id": "{{memberIdToDelete}}"}
Pre-request Script (Retrieve the Next Member to Delete)
Click on Scripts > Pre-request and paste the code shown below
// Retrieve the stored list of member IDs
var memberIds = pm.environment.get("memberIds") ? JSON.parse(pm.environment.get("memberIds")) : [];
// Check if there are any member IDs availableif (memberIds.length > 0) { var firstMemberId = memberIds.shift(); // Get the first member ID and remove it from the list // Store the updated list back in the environment pm.environment.set("memberIds", JSON.stringify(memberIds)); // Set the first member ID as an environment variable for use in the request body pm.environment.set("memberIdToDelete", firstMemberId);} else { console.warn("No member IDs available to delete.");}
Post-response Script (Loop Until All Members Are Deleted)
Click on Scripts > Post-response and paste the code shown below
var memberIds = pm.environment.get("memberIds") ? JSON.parse(pm.environment.get("memberIds")) : [];
if (memberIds.length > 0) { postman.setNextRequest("Delete Member"); // Loop back until all members are deleted} else { postman.setNextRequest(null); // Stop execution when all deletions are done}
Run the request to verify member deletion.
Run the collection
Click on the three dots next to your collection.
Select Run Collection.
Ensure Run Manually is selected.
Click Run Collection.
The List Members request runs once, and Delete Member runs multiple times until all are deleted.
(Optional) Schedule the collection to run
Instead of running it manually, you can schedule it:
Click Run Collection.
Select Schedule Runs.
Set the frequency and environment.
Click Schedule Run.
Now you can bulk delete members efficiently using Postman!
FAQS
"There was an error in evaluating the Pre-request Script:TypeError: Cannot read properties of undefined (reading 'sigBytes')" Error
If you encounter this error, ensure that:
You have selected the correct environment in Postman.
The environment variables match the ones used in the pre-request script to generate the JWT.
Both
PK_API_KEYandPK_API_SECRETare correctly set in the environment.
This should resolve the issue and allow the script to generate the JWT successfully.
How do I check which API region Iโm using?
Go to Developer Tools in your PassKit account.
Locate your API prefix, which should be either
https://api.pub1.passkit.iofor Europe orhttps://api.pub2.passkit.iofor US.
If you have any further questions or queries feel free to reach out at support@passkit.com or use the chat support online.