Isaac.

API Testing with Postman

Build and automate API tests with Postman collections.

By EMEPublished: February 20, 2025
postmanapi testingautomationcollections

A Simple Analogy

Postman is like a testing cockpit for APIs. You can send requests, verify responses, and automate tests all in one place.

Why Postman?

  • Workflow: Easy request building
  • Automation: Collection runners
  • Documentation: Auto-generated docs
  • Collaboration: Share collections
  • CI/CD: Newman integration

Creating Collections

{
  "info": {
    "name": "Order API",
    "description": "Tests for Order Management API",
    "version": "1.0.0"
  },
  "item": [
    {
      "name": "Get Orders",
      "request": {
        "method": "GET",
        "header": [
          {
            "key": "Authorization",
            "value": "Bearer {{token}}"
          }
        ],
        "url": {
          "raw": "{{base_url}}/api/orders",
          "host": ["{{base_url}}"],
          "path": ["api", "orders"]
        }
      }
    }
  ]
}

Variables and Environments

// Set variable
pm.environment.set("token", pm.response.json().token);

// Use variable
const orderId = pm.variables.get("order_id");
const baseUrl = pm.environment.get("base_url");

// Global variable
pm.globals.set("timestamp", new Date().toISOString());

Pre-request Scripts

// Pre-request Script tab
const timestamp = new Date().toISOString();
pm.environment.set("timestamp", timestamp);

// Generate auth header
const crypto = require('crypto-js');
const message = pm.environment.get("customerId") + timestamp;
const signature = crypto.HmacSHA256(message, pm.environment.get("apiSecret"));
pm.environment.set("signature", signature);

Tests and Assertions

// Tests tab
pm.test("Status is 200", function () {
  pm.response.to.have.status(200);
});

pm.test("Response has required fields", function () {
  var response = pm.response.json();
  pm.expect(response).to.have.property("id");
  pm.expect(response).to.have.property("customerId");
  pm.expect(response.total).to.be.greaterThan(0);
});

pm.test("Headers are correct", function () {
  pm.response.to.have.header("Content-Type");
  pm.expect(pm.response.headers.get("Content-Type")).to.include("application/json");
});

pm.test("Response time is less than 500ms", function () {
  pm.expect(pm.response.responseTime).to.be.below(500);
});

Data-Driven Testing

// data.csv
orderId,expectedStatus,expectedTotal
1,200,99.99
2,200,149.99
3,404,

Run collection with data file via Collection Runner for parameterized tests.

Workflows

// Workflow in pre-request script
// 1. Login to get token
// 2. Create order
// 3. Verify order created

const loginRequest = {
  url: pm.environment.get("base_url") + "/api/auth/login",
  method: "POST",
  header: { "Content-Type": "application/json" },
  body: {
    mode: "raw",
    raw: JSON.stringify({
      email: "user@example.com",
      password: "password"
    })
  }
};

pm.sendRequest(loginRequest, function (err, response) {
  if (!err) {
    pm.environment.set("token", response.json().token);
  }
});

Newman CLI

# Install Newman
npm install -g newman

# Run collection
newman run "Order API.postman_collection.json" \
  -e "environment.postman_environment.json" \
  --reporters cli,json \
  --reporter-json-export "results.json"

# With data file
newman run collection.json \
  -d data.csv \
  -e environment.json

Best Practices

  1. Organize folders: Group related requests
  2. Use variables: Make collections reusable
  3. Add documentation: Describe each request
  4. Test assertions: Validate responses
  5. Monitor performance: Track response times

Related Concepts

  • Contract testing
  • Load testing
  • API mocking
  • API security testing

Summary

Postman collections enable efficient API testing with variables, pre-request scripts, and assertions. Automate with Newman for CI/CD integration.