Postman: Beginner's Cheat Sheet for API Testing

TABLE OF CONTENTS: 

Intro
Useful Links
Importing a Collection or Individual Request
Sharing a Request
Running a Request
Interpreting the Response
Forking or Duplicating a Collection
Variables
Test Code Snippets
Online Courses

Intro

I had just become the first API-centric QA at a startup, and I found the opportunity of establishing standard operating procedures both rewarding and thrilling. Not having rigid documentation to dictate the right or wrong way to do things became one of the most rewarding experiences I've had working in tech. I started to use Postman at that company, and I immediately fell in love with it. Postman was much easier to use and more versatile than the internally developed tools I had used in the past.

When I started to instruct my coworkers on the nuances of Postman, I realized there had to be others new to API testing or even new to software testing who would also benefit from these lessons. It became a sort of thought experiment to figure out the cheat sheet that I would have liked to inherit on my first day of the job.

I never found a single source of truth that I exclusively relied on. I have provided several links to the sites that I found to be the most informational for my purposes as well as some Postman basics to get started with.

Useful Links

This is probably the best, most comprehensive, Postman reference guide I have found. For some, it might be the only resource they need. This is a definite must-read.

Chai.js is an assertion library that comes baked into Postman. Learning the syntax to this assertion library has vastly improved the complexity of my tests. This guide demonstrates how user-friendly Chai.js can be.

These are some additional Chai.js examples. There are many snippets here that I have incorporated into my own tests.

This extensive list of publically available APIs is for those of you who don't have an API to call their own. I've personally used Game of Thrones API and Cat Facts for my own API education.

Newman allows you to run your Postman collections directly through the command line. This link has been useful in my efforts to integrate and automate my tests through Jenkins CI pipelines. Postman is not only a manual API testing tool. With the integration of Newman, you will be able to have your Postman collections kicked off automatically through backend automation.

Are you using a RESTful API? These HTTP methods are useful to know for any dev or software QA role. For example, know when to GET, POST, PATCH, or DELETE.

Knowing HTTP status response codes is incredibly useful. Know which errors you would expect if you're logged out, if data was created, deleted, etc. If you get a 500, there's a chance you just found a bug.

Importing a Collection or Individual Request

1. Open Postman and click on the gray "Import" button in the top left corner.
2. There are multiple ways in which Postman collections are shared. Select the desired option and complete the import.

• Import File: A JSON file that can be selected from your computer’s file path.
• Import Folder: Import multiple JSON files saved in the same directory.
• Import From Link: Import a single request or Collection using a Postman-URL.
• Paste Raw Text: This is how individual requests are usually imported. You'll generally use a cURL in this case.

Postman URLS will look like this:

https://www.getpostman.com/collections/8fcd3d34a7b126d712e3

cURLs will look like this:

curl -X GET \
  https://postman-echo.com/headers \
  -H 'my-sample-header: Lorem ipsum dolor sit amet'

Sharing a Request

1. In Postman, select the individual request you would like to share from the Collection tab on the far left.
2. Click on the “Code” button from within the request. Shown below. 

3. Choose the code option from the dropdown and then click “Copy to Clipboard”. I usually use cURL. You can now share this individual request. If you're a QA or dev needing to share an endpoint for whatever reason, this is the way to do it. You can even just run it in the terminal if you wanted.

Note: You can share entire Collections by clicking on the Collection, itself. Then click the three-dots and "Share Collection" will be an available option.

Running a Request

1. There are many tabs in the request window that you may need to utilize when testing endpoints. I'll go over them very briefly as each organization will have APIs that utilize these differently.

• Params: You may need to use these parameters to filter the results you desire.
• Authorization: Self-explanatory. Authorization/login related.
• Headers: Headers are the value pairs that you'll need to make the request functional.
• Body: Certain methods will require you to enter parameters, most likely written in Javascript. Make sure the body is written using proper syntax. Otherwise, an error may occur and the collection will not compile properly.
• Pre-request Script: These are the scripts you want to happen before you send the request. A couple of examples are clearing the environment or perhaps you want to set a response as a variable to be used for other requests.
• Tests: Tests are where you can write your own Javascript tests using standard Javascript or utilizing the Chai assertion library which is baked into Postman by default.

2. With all necessary params, authorizations and headers specified, click the large blue “Send” button. This will execute the request.

3. The response will then appear in the panel below. This shows whether or not the request executed properly. A status code will be displayed along with the JSON/XML response.

Interpreting the Response

1. Select the individual API request you want to run, from the Collections tab on the far left.
2. Click the large blue “Send” button, which will then execute the request.

• The response will then appear in the panel below. This shows you whether or not the request executed properly. A status code will be displayed along with the JSON/XML response.
• Response cookies show any cookies returned by the request.
• Response headers will display response headers including versioning if your API has that incorporated. You might see dates character counts, etc.
• Passed tests will show any Javascript/ Chai Assertion tests that were written in “Tests” portion of the request.
• The response body portion of the lower window will display the JSON/XML response of the submitted request.

Forking or Duplicating a Collection

1. There will be times when you do not necessarily want to work off a shared collection. You may be worried about someone else saving over your work, or you may not want to save over theirs. Click on the collection you want to branch off and click on the 3-dot icon to open up the popup menu.
2. Click on the “Create a Fork” option.
3. Add a label for the fork.
4. Now you can use this forked version of the API Collection instead of working off the original. This will ensure that everyone adding to this collection won’t override each other’s changes. Use this option for version control.

Test Code Snippets

So you want to write some Chai tests but don't know where to start? Some of the links I posted earlier have some examples, but here are a few more. Postman also has an intuitive snippets functionality.

Status Code Checks

pm.test("Status code is 200 OK", function () {     
    pm.response.to.have.status(200);  
    pm.response.to.be.success;
    pm.response.to.be.ok;     
});


pm.test("Status code is 302 Moved Temporarily", function () {     
    pm.response.to.have.status(302);
    pm.response.to.be.redirection
});

pm.test("Status code is 400 Bad Request", function () {     
    pm.response.to.have.status(400);     
    pm.response.to.be.clientError;
    pm.response.to.be.badRequest;     
});

pm.test("Status code is 401 Unauthorized", function () {     
    pm.response.to.have.status(401); 
    pm.response.to.be.clientError;    
    pm.response.to.be.unauthorized;
     
});

pm.test("Status code is 404 Not Found", function () {     
    pm.response.to.have.status(404);     
    pm.response.to.be.clientError;
    pm.response.to.be.notFound;     
});

pm.test("Status code is 500 Internal Server Error", function () {
    pm.response.to.have.status(500);
    pm.response.to.be.serverError;
    pm.response.to.have.status("Internal Server Error");
});

Timer Checks

pm.test("Response time is less than 2000ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(2000);
});

Response Header Checks

pm.test("Correct Headers Found", function () {
    pm.expect(pm.response.headers.get('Content-Type')).to.eql('application/json')
    pm.response.to.have.header("Date")===(new Date().toISOString());
    pm.response.to.have.header("Content-Length");
  
});

Response Text Check

pm.test("Expected Response Text Found", function () {
    pm.expect(pm.response.text()).to.include("Example Text");
});

JSON Check

pm.test("Body Returned", function () {
    pm.expect(pm.response.text()).to.not.be.empty;
    pm.response.to.not.have.jsonBody("error");
    pm.response.to.be.withBody;
    pm.response.to.be.json;
});  

Clear Environment Data

pm.environment.clear();
pm.globals.clear();

Online Courses

And finally, I leave you with two useful online courses I have utilized. There may be no shortage of them out there, but these are the ones that helped me. They may help you too.

Thanks

Thank you for making it to the end. Feel free to like and share. Constructive feedback is appreciated.

#postman #apitesting #api #chai