2024

API Testing with Postman

SOUIHI Islem
30/09/2024
Table of Contents
Introduction to API Testing .......................................................................................................... 3
1. Definition of APIs ................................................................................................................. 3
2. Why API Testing is Important .............................................................................................. 3
3. Types of API Testing ............................................................................................................ 3
Getting Started with Postman ....................................................................................................... 3
1. What is Postman .................................................................................................................. 3
2. Installing and Setting Up Postman......................................................................................... 3
3. Overview of Postman Interface ............................................................................................. 3
Understanding API Requests ........................................................................................................ 4
1. HTTP Methods (GET, POST, PUT, DELETE) ...................................................................... 4
2. URL Structure and Endpoints............................................................................................... 4
3. Query Parameters and Headers ............................................................................................ 4
4. Request Body (JSON, XML, Form Data) ............................................................................... 4
Creating Requests in Postman ....................................................................................................... 4
1. Defining the Request URL .................................................................................................... 4
2. Selecting HTTP Methods ...................................................................................................... 4
3. Adding Headers and Authorization ....................................................................................... 4
4. Sending the Request and Viewing the Response ..................................................................... 4
Testing API Responses .................................................................................................................. 5
1. Understanding HTTP Status Codes ....................................................................................... 5
2. Verifying the Response Body: ............................................................................................... 5
3. Response Headers and Content-Type .................................................................................... 5
Writing Assertions in Postman ...................................................................................................... 5
1. Introduction to Assertions..................................................................................................... 5
2. Common Test Scripts (JavaScript) ........................................................................................ 5
3. Validating Status Codes ........................................................................................................ 5
4. Verifying JSON Response Fields ........................................................................................... 5
Environment Variables and Postman Collections ....................................................................... 6
1. Using Variables for API Requests.......................................................................................... 6
2. Creating and Managing Collections ....................................................................................... 6
3. Organizing Requests and Test Cases ..................................................................................... 6
Advanced Testing Features ......................................................................................................... 6
1. Postman Pre-Request Scripts ................................................................................................ 6
2. Chaining API Requests ......................................................................................................... 6

1
SOUIHI Islem
3. Testing SOAP Web Services with Postman ............................................................................ 6
Running Automated Tests ........................................................................................................... 6
1. Introduction to Newman ....................................................................................................... 6
2. How to Execute Postman Tests via Command Line ................................................................ 6
3. Integrating Postman with Jenkins for CI/CD Pipelines ........................................................... 7
Authentication Mechanisms ....................................................................................................... 7
1. Basic Authentication ............................................................................................................. 7
2. Bearer Tokens and OAuth .................................................................................................... 7
3. API Key Authentication ........................................................................................................ 7
Error Handling and Edge Case Testing ......................................................................................... 7
1. Handling Error Responses (400, 404, 500 Status Codes) ......................................................... 7
2. Testing Edge Cases and Limit ............................................................................................... 7
3. Exception Handling Best Practices ........................................................................................ 7
Best Practices in API Testing ........................................................................................................ 7
1. Structuring Test Cases .......................................................................................................... 7
2. Ensuring Scalability and Performance ................................................................................... 8
3. API Security Testing............................................................................................................. 8
4. Load Testing APIs ................................................................................................................ 8
Conclusion.................................................................................................................................. 8

2
SOUIHI Islem
Introduction to API Testing
1. Definition of APIs
APIs (Application Programming Interfaces) allow applications to communicate with each
other, facilitating data exchange and operations between systems.

2. Why API Testing is Important

API testing ensures that APIs function as expected, returning correct data, handling errors,
and integrating smoothly into the overall system. It is vital for ensuring that applications are
reliable, scalable, and secure.

3. Types of API Testing

There are various types of API testing, such as:

• Functional Testing: Verifies the functionality of the API and ensures it behaves as
expected.
• Performance Testing: Measures how fast and scalable the API is under different loads.
• Security Testing: Identifies vulnerabilities in the API, ensuring it is protected against
threats.
• Load Testing: Tests the API under a high volume of requests to assess how well it
scales.
• Penetration Testing: Tests for potential security risks and vulnerabilities.

Getting Started with Postman

1. What is Postman
Postman is a popular tool used for API development and testing. It allows developers to make
HTTP requests, view responses, and validate APIs.

2. Installing and Setting Up Postman

Postman can be installed as a standalone application or as a Chrome extension. Once
installed, users can start creating API requests and testing endpoints.

3. Overview of Postman Interface

The interface includes key components like the request builder, response viewer, and tools for
managing collections and variables.

3
SOUIHI Islem
Understanding API Requests
1. HTTP Methods (GET, POST, PUT, DELETE)
• GET: Retrieves data from a specified resource.
• POST: Submits data to be processed to a specified resource.
• PUT: Updates an existing resource or creates a new one if it does not exist.
• DELETE: Deletes a specified resource.

2. URL Structure and Endpoints

An API endpoint is the URL at which the API is available. It is the resource through which
requests are made.

3. Query Parameters and Headers

Parameters and headers help to refine requests, passing extra data to the server like
authorization tokens or content types.

4. Request Body (JSON, XML, Form Data)

Request bodies contain data sent to the server, typically formatted as JSON or XML for
structured communication.

Creating Requests in Postman

1. Defining the Request URL
In Postman, the user defines the endpoint by providing the URL in the request builder.

2. Selecting HTTP Methods

Select from available HTTP methods based on the type of request (GET, POST, etc.).

3. Adding Headers and Authorization

Headers provide metadata like content types, while authorization headers allow access to
protected resources.

4. Sending the Request and Viewing the Response

Once the request is set, Postman allows users to view the response returned by the server,
including the status code, headers, and body.

4
SOUIHI Islem
Testing API Responses
1. Understanding HTTP Status Codes
• 200 OK: The request was successful.
• 400 Bad Request: The request could not be understood or was missing required
parameters.
• 404 Not Found: The requested resource could not be found.
• 500 Internal Server Error: The server encountered an error.

2. Verifying the Response Body:

Postman allows users to inspect the returned data in the response body and verify its
correctness.

3. Response Headers and Content-Type

Headers give important information about the response, such as content type, cache control,

Writing Assertions in Postman

1. Introduction to Assertions
Assertions are used to validate parts of a response, such as checking if the status code is
correct or if the body contains expected data.

2. Common Test Scripts (JavaScript)

Status Code Check:

3. Validating Status Codes

Assertions help confirm that the API returns the correct status code based on the request.

4. Verifying JSON Response Fields

Use scripts to validate specific fields in the response body to ensure the API returns the
expected data.

5
SOUIHI Islem
Environment Variables and Postman Collections

1. Using Variables for API Requests

Variables allow for easy parameterization of requests, which can be reused in different
environments (e.g., dev, prod)

2. Creating and Managing Collections

Collections group API requests, making it easier to organize tests and execute them in
batches.

3. Organizing Requests and Test Cases

Grouping related tests into collections helps maintain a well-structured API test suite.

Advanced Testing Features

1. Postman Pre-Request Scripts
Pre-request scripts allow you to execute JavaScript before the request is sent. This is useful
for setting up dynamic data.

2. Chaining API Requests

One request’s response can be used in the subsequent request, allowing you to chain API calls
together.

3. Testing SOAP Web Services with Postman

Postman also supports testing SOAP APIs by importing the WSDL file and sending SOAP
requests.

Running Automated Tests

1. Introduction to Newman
Newman is Postman’s CLI tool used to run Postman collections from the command line,
useful for integrating with CI/CD pipelines.

2. How to Execute Postman Tests via Command Line

Use Newman to execute test collections and generate reports.

6
SOUIHI Islem
 3. Integrating Postman with Jenkins for CI/CD Pipelines

Automate API tests by integrating Newman with Jenkins, allowing tests to run in the CI/CD
process.

Authentication Mechanisms
1. Basic Authentication

Basic authentication sends credentials encoded in base64 in the request headers.

2. Bearer Tokens and OAuth

Bearer tokens are used to secure API requests. OAuth provides a more secure, token-based
authentication mechanism.

3. API Key Authentication

API keys are used for authenticating API requests. These are passed as headers or query
parameters.

Error Handling and Edge Case Testing

1. Handling Error Responses (400, 404, 500 Status Codes)

Handle common API errors by validating the proper error codes are returned.

2. Testing Edge Cases and Limit

Test the API's behavior with extreme inputs, such as large datasets or unexpected parameters.

3. Exception Handling Best Practices

Ensure the API properly handles exceptions and returns meaningful error messages.

Best Practices in API Testing

1. Structuring Test Cases
Ensure that test cases are well-organized, comprehensive, and reusable.

7
SOUIHI Islem
 2. Ensuring Scalability and Performance

Test the API's ability to handle large-scale data and traffic loads.

3. API Security Testing

Check for vulnerabilities in the API, ensuring that endpoints are secured.

4. Load Testing APIs

Test how the API performs under heavy load conditions to assess its scalability and reliability.

Conclusion
API testing plays a crucial role in ensuring that web services function as intended, remain
secure, and perform efficiently under different conditions. It helps to identify issues early in
the development cycle, improving the overall quality of the product.

Key Takeaways:

• Effective use of Postman for sending requests, validating responses, and exploring
various API features.
• Writing scripts in Postman to automate the validation of API responses and ensure
they meet expected criteria.
• Automating API tests with Newman to integrate them into CI/CD pipelines and
continuously monitor API performance.

These practices are essential for delivering high-quality, reliable, and secure APIs.

8
SOUIHI Islem