API Testing (Postman)

1. What is API Testing?

  • API (Application Programming Interface):
    A set of rules that allows different software applications to communicate with each other.
  • API Testing:
    Checking if APIs work as expected. Unlike UI testing, API testing focuses on the logic, functionality, reliability, and performance of the API endpoints.

Key points:

  • No GUI needed.
  • Faster and more stable than UI testing.
  • Validates responses, status codes, headers, and data integrity.

2. Why Use Postman for API Testing?

Postman is a popular tool for testing APIs because it allows you to:

  • Send HTTP requests (GET, POST, PUT, DELETE, PATCH).
  • Receive and validate responses.
  • Automate tests with scripting.
  • Organize tests into collections and environments.
  • Generate documentation automatically.

3. Types of API Tests in Postman

  1. Functional Testing – Verify API performs its function correctly.
    • Example: Check if /login returns a valid token.
  2. Integration Testing – Test interaction between multiple APIs or services.
    • Example: /create-user and /get-user endpoints working together.
  3. Regression Testing – Ensure API changes do not break existing functionality.
  4. Load/Performance Testing – Check API performance under high traffic (Postman uses Runner + Newman for this).
  5. Security Testing – Verify authentication, authorization, and data encryption.

4. HTTP Methods Commonly Tested

MethodPurpose
GETRetrieve data from server
POSTSend data to create a new resource
PUTUpdate an existing resource
PATCHPartially update a resource
DELETERemove a resource

5. Postman Interface Basics

  1. Request Tab: Send requests and see responses.
  2. Collections: Group related API requests.
  3. Environments: Set variables for different environments (dev, staging, production).
  4. Tests Tab: Write scripts to validate API responses.
  5. Pre-request Scripts: Run code before sending request (e.g., generate tokens).

6. Steps to Test an API in Postman

Step 1: Create a Request

  • Choose HTTP method (GET/POST/PUT/DELETE).
  • Enter API endpoint URL.
  • Add headers (e.g., Content-Type: application/json).
  • Add body data (for POST/PUT/PATCH requests).

Step 2: Send Request

  • Click Send.
  • View the response: status code, headers, body, and response time.

Step 3: Validate Response

  • Check HTTP status codes:
    • 200 OK – Success
    • 201 Created – Resource created
    • 400 Bad Request – Client error
    • 401 Unauthorized – Invalid authentication
    • 404 Not Found – Resource missing
    • 500 Internal Server Error – Server error
  • Validate response body (JSON/XML).

Step 4: Write Tests in Postman

Postman allows JavaScript-based tests. Example:

// Status code check
pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

// Response time check
pm.test("Response time is less than 500ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

// Response body check
pm.test("Response has userId", function () {
    var jsonData = pm.response.json();
    pm.expect(jsonData.userId).to.eql(1);
});

Step 5: Use Variables & Environments

  • Store base URL, tokens, or dynamic values as variables.
  • Use {{variableName}} in requests for easier maintenance.

Step 6: Organize Requests in Collections

  • Group similar requests.
  • Run multiple tests using Collection Runner.
  • Automate with Newman CLI to run collections from terminal or CI/CD.

7. Postman Automation Features

  1. Collection Runner – Run multiple requests sequentially.
  2. Tests & Scripts – Write assertions for responses.
  3. Pre-request Scripts – Generate dynamic values like timestamps, tokens.
  4. Monitors – Schedule API tests to run periodically.
  5. Newman – CLI tool for running Postman collections in pipelines (CI/CD).

8. Best Practices for API Testing in Postman

  1. Validate status codes, headers, and response body.
  2. Test with valid and invalid inputs.
  3. Use environments and variables to avoid hardcoding.
  4. Organize requests in collections.
  5. Include pre-request scripts for dynamic data like tokens.
  6. Automate tests with Collection Runner/Newman.
  7. Test for performance and security where possible.

9. Summary

  • API testing ensures endpoints work correctly without relying on UI.
  • Postman is a widely used tool for sending requests, validating responses, and automating tests.
  • Key steps: Create request → Send → Validate → Automate → Organize.
  • Postman supports functional, integration, regression, and performance testing.

Ready to Transform Your Career with ByteOnSkill?

Partner with ByteOnSkill and unlock new opportunities in your IT career.