Web API Connection with Postman using Dynamics 365 Online as an Example

As part of entire Automation First approach and industry shift to SDET, we are exploring different tools which can help us in expanding the Automated Testing suite and coverage with less maintance and little development effort.

API testing plays a vital role in accomplishing that task.

Problem Statement: How to connect and test Web API requests using Postman tool

In this post I am sharing the detailed step by step instructions for those of us who haven't used Postman before. I am using Dynamics 365 as an example which is cloud based application and required OAuth2 authentication. I have also added troubleshooting for some of the common error(s). I hope this will help you get started in case you haven't explored API Testing in the past.

Those who are not familiar with Postman tool, it is a request composer tool, which allows you to authenticate to your application(Dynamics 365 in this instance), compose Web API requests, send them, and view response. Link to download

1.  Prerequisites:

·       Download and Install Postman tool 

·       Dynamics 365 online instance. (Subscribe to 30 days trial, if you don't have one)

·       Azure Active Directory Portal(You need to login with your Office 365 Credentials)

2.  Register App in Azure Active Directory:

Now you need to register an App in Azure Active Directory (i.e., oAuth2) by following below steps. In our example this is already done.

·       Connect to the Azure Active Directory (AD) Portal with your Office 365 credentials.

·       Register a new Dynamics 365 App

·       Once you are done with App registration, copy ‘Application ID’ and ‘Home page’ values, which you need to use next steps.

3.  Setup your Postman tool:

·       Create a new Postman ‘Environment’ with below variables. This is one time activity for a single D365 instance.

·       url: Your Dynamics 365 URL

·       clientid: ‘Application ID’ from Azure AD, generated in above section.

·       version: Dynamics version

·       webapiurl: Set this to {{url}}/api/data/v{{version}}/

·       callback: ‘Home page’ value from Azure AD, generated in above section.

·       authurl: Set this to https://login.microsoftonline.com/common/oauth2/authorize?resource={{url}}

·       I created a new ‘Environment’ with name ‘DynamicsCRM’ and it looks as mentioned in the document.

4.  Generate oAuth2 Access Token:

Post ‘Environment’ creation, we need to generate oAuth2 Access Token since CRM uses enhanced authentication/security protocols. This is one time activity for a single D365 instance.

·       Make sure you select ‘Environment’ created in previous section. In my case its ‘DynamicsCRM’.

·       Under ‘Authorization’ tab, set ‘Type’ to ‘oAuth 2.0’ and click on ‘Get New Access Token’.

·       In the ‘GET NEW ACCESS TOKEN SCREEN’ make sure you set values as below.

·       Click ‘Request Token’ and system will prompt you for credentials, pass your O365 credentials.

·       When you click ‘Next’, you may encounter “response_type ‘token’ is not enabled for the application” exception.

To fix this, make sure in your Azure AD Application’s manifest “oauth2AllowImplicitFlow” property is set to ‘true’

·       You may also encounter “The reply url specified in the request does not match the reply urls configured for the application“.

To fix this, make sure you set the Postman’s ‘Environment’ -> ‘callback’ variable set correctly.

·       Click ‘Continue’ to complete the ‘Access Token’ generation process.

·       On successful ‘Access Token’ generation, you would get the screen as mentioned in the document.

·       Click ‘Use Token’.

That’s it! You have successfully completed the Setup and now you are ready to test Dynamics API’s with Postman!!

Note: Each Token is valid for only 1 hr.

5.  Now you are ready to perform First Test by executing a GET ‘WhoAmI’ request:

·       Make sure you select the right ‘Environment’ and generated your ‘Access Token’.

·       Select ‘GET’ operation and set the URL as {{webapiurl}}WhoAmI

·       Click ‘Send’

·       You should get “200 OK” response up on success.

·       In the Body section you will be able to see the details like BusinessUnitID, UserId, and Organization etc.

6.  Creating Enhanced End-Points to test response at Attribute & Field level:

You can build end-point queries using standard Postman Query Building mechanish which can be used to retrieve the response at a record level. This can be done using Fiddler as well.

For eg: {{webapiurl}}contacts?$filter=contains(fullname,'<Test Contact>') will return all the data associated with Contact: 'Test Contact'. See below screenshot with list of attributes returned when we hit this end point.

Once we have these attributes, we can use it to validate the data returned by the API call.

There are multiple operations available to the user for eg: PUT, POST, PATCH, DELETE, COPY and each of these can be used to test different scenarios with the help of Postman.

We can also use Newman which is a powerful command-line collection runner for Postman. I will share the details about Newman in the next article.

Keep Learning, Keep Testing!!

Sourabh Goel

Automated Testing Lead

TECH-Sales-Marketing & Strategic Projects

P I M C O | Newport Beach |

Please consider the environment before printing this article