Software Testing - API Testing with Postman

 1. What is API Testing?

API Testing checks whether an API:

  • Works correctly

  • Returns correct responses

  • Handles errors properly

  • Performs well

  • Is secure

APIs are tested without a UI, so testers validate the backend directly by sending requests and checking responses.

2. Why Use Postman for API Testing?

Postman is one of the most popular tools because it is:

  • Easy to use

  • Supports manual & automated testing

  • Has built-in scripting

  • Helps create collections, environments, and test suites

  • Good for both beginners and advanced testers

3. Basic Components in Postman

Request

You send a request (GET, POST, PUT, DELETE, etc.).

Headers

Contain metadata like Content-Type, Authorization, etc.

Body

Data sent with requests (JSON, form-data, raw text).

Response

Server’s output (status code, body, headers, time).

4. Types of API Testing You Can Do in Postman

1. Functional Testing

Check correct response for valid inputs.

2. Negative Testing

Test invalid inputs to check validation.

3. Authentication Testing

API keys, JWT, OAuth, Bearer tokens.

4. Performance Testing (Basic)

Check response time for single requests.

5. Regression Testing

Use collections and automation.

6. Security Testing (Basic Level)

Unauthorized access attempts.

5. How to Perform API Testing in Postman (Step-by-Step)

Step 1 — Create a Request

  • Click New → HTTP Request

  • Choose method: GET, POST, PUT, DELETE

  • Enter the API URL

Step 2 — Add Headers

Common header:

Content-Type: application/json

If authentication is needed:

Authorization: Bearer <token>

Step 3 — Add Request Body (For POST/PUT)

Choose Body → Raw → JSON
Example JSON:

{
    "name": "John",
    "email": "[email protected]"
}

Step 4 — Send the Request

Click Send and observe:

  • Status Code (200, 201, 400, 401, 500…)

  • Response Time

  • Response Body

  • Headers

Step 5 — Add Tests in Postman

Postman allows JavaScript-based assertions under the Tests tab.

Example:

pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

pm.test("Response contains name field", function () {
    var jsonData = pm.response.json();
    pm.expect(jsonData).to.have.property("name");
});

When running the request, these tests will show Pass/Fail.

Step 6 — Create a Collection

A Collection = group of API requests (like a test suite).

Step 7 — Use Collection Runner

  • Run multiple API requests automatically

  • Useful for regression testing

Step 8 — Use Environments & Variables

Set up variables for:

  • Base URLs

  • Tokens

  • User IDs

Example variable usage:

{{base_url}}/login

6. Common API Testing Assertions in Postman

✔ Status Code Validation

pm.response.to.have.status(200);

✔ Response Time Check

pm.expect(pm.response.responseTime).to.be.below(500);

✔ Validate JSON Fields

pm.expect(pm.response.json()).to.have.property("id");

✔ Check Data Types

pm.expect(typeof pm.response.json().email).to.equal("string");

✔ Validate Error Message

pm.expect(pm.response.json().message).to.include("Invalid");

7. API Testing Example Using Postman

Scenario: Testing a login API

URL:

POST https://example.com/api/login

Request Body:

{
  "email": "[email protected]",
  "password": "123456"
}

Expected Response:

  • Status 200

  • Token in response

  • User details

Tests:

pm.test("Login successful", function () {
    pm.response.to.have.status(200);
});

pm.test("Token received", function () {
    var jsonData = pm.response.json();
    pm.expect(jsonData.token).to.exist;
});

8. Best Practices for API Testing with Postman

  • Always validate status codes

  • Check response time

  • Validate full JSON structure

  • Test error responses (400, 401, 404, 500)

  • Automate using Collection Runner

  • Use environment variables for dynamic values

  • Write pre-scripts for generating tokens

  • Use Mock Servers if backend is not ready

  • Maintain clean, organized Collections