Postman API Testing Guide: Tools, Techniques, and Best Practices

“If debugging is the process of removing software bugs, then programming must be the process of putting them in.”

‍

― Edsger W. Dijkstra, a Dutch computer scientist

As you could probably guess, I am going to talk about the testing process.

According to ISTQB:

“Testing is a process that contains all life cycle activities, both dynamic and static, related to planning, preparation and evaluation of a software product and related work results in order to determine that they meet the described requirements, to show that they are suitable for stated objectives and definitions of defects.”

‍

There are different types of testing management systems and testing tools. My attention was taken by one of the testing tools — Postman and API testing itself.

Postman started as a Chrome plugin but as it grew more and more popular, an application was released. Today there are over 4 million Postman users. 

What is an API?

An Application Programming Interface, or API, is an interface that allows one program to interact with another. It allows programs to send requests to the server side without using a front end and to get an answer as an HTTP response.

What is Postman?

Postman is a tool that helps make API requests from the client side to the server. Testers can customize the call by entering keys in the request’s headers. Postman is a desktop application that is used as a set of tools for API testing. Which helps testers to perform API calls and check the response without using code. 

Postman is useful in positive, negative testing, smoke, regression testing, unit testing (which is usually performed by the dev team). The main advantage of Postman is a convenient interface. 
‍

Positive case of testing (200 OK):

Postman (Client): “Give me the balance information of this user”.

Backend: “Yes, of course, here is the balance information of this user”.
‍

Negative case of testing (500 Internal Server Error):

Postman (Client): “Show me the weather in Rome”

Backend: “Who am I?”

‍

Let’s continue to see how to prevent seeing the last one.

Why use Postman for testing?

Postman can be used to test functionality before the front end is built so that some minor bugs can be found before the GUI Testing. Those bugs can grow bigger during the GUI Testing. Eliminating those bugs in the early stage will be cost-effective to the company.

API testing is time effective compared to GUI testing. API test automation requires less code so it can provide faster and better test coverage.

It is important that testers perform API testing. Why? Developers know their code and it would be challenging for them to break it. There is a higher possibility that the tester discovers some new bugs since he has his own way of approaching code and his thinking is less locked in. 

API testing also helps us to reduce the risks connected with functionality.

What are the preconditions of making API calls?

In order to test API requests, the tester needs to have the API calls themselves and documentation (protocols). They also need to have the data for the header and the format for sending requests.

‍

What are the most popular requests?

POST — adds data to an existing file or resource in a server.

GET — retrieves data from a server.

PUT —replaces an existing file or resource in a server.

DELETE — deletes data from a server.

What is the testing process in Postman?

First of all, a tester should get familiar with the API documentation. The next step is creating a checklist for various scenarios and cases to test. When the plan is developed, tests can be executed in the correct environments. API calls can be saved in a Postman collection so that they can be used later. 

What are the main testing points?

Testers should select proper parameters and their combinations.

API testers should find a way to break the functionality that is being tested by entering invalid amounts, more parameters, and sending forbidden types of calls.

Testers should also keep in mind time frames while testing, priorities, and proper call sequencing since this may lead to inadequate coverage in testing.

Testers should validate and verify the output.

What features could be verified?

1. HTTP status codes.
2. Data precision.
3. Response time (testers can emulate requests with slow response time).
4. Error codes (if there are any).
5. Non-functional testing (performance testing, security).
6. Authorization checks.

The main advantages of Postman

To sum up, here’s why Postman is useful:

1. Postman has an easy and simple interface.
2. Testers are able to share Postman Collections with colleagues so that it is possible to discuss, analyze, and resolve issues.
3. Testers don’t need to learn a programming language since there is a bare minimum of code knowledge.
4. Some bugs can be prevented by testers since developers and testers have different ways of thinking.
5. API testing is a great way of testing when the GUI cannot be tested.

Thank you and happy Postman testing!