Postman API

A basic guide
What is Postman?
• Postman is a popular API client tool that is commonly
used for testing and working with RESTful APIs

• An API client helps users interact with APIs on a server

by sending requests and receiving responses on their
behalf

• Postman provides a user-friendly interface for sending

HTTP requests to APIs, inspecting responses, and
organizing API requests into collections
What are RESTful APIs?
• Representational State Transfer APIs

• A type of API architecture that follows the principles of

REST

• REST is a set of guidelines for building scalable and

efficient web services

• RESTful APIs use standard HTTP methods to perform

CRUD (Create, Read, Update, Delete) operations on
resources
Key Characteristics of REST APIs
(1/3)
1. Statelessness – Server has no “memory” of client’s
state between requests; requests from client MUST
contain all information necessary to understand and
process request

2. Resource-based - REST APIs are based on resources,

which are identified by unique URIs; Resources can
represent objects, data, or entities in the system, and
they are manipulated using standard HTTP methods
Key Characteristics of REST APIs
(2/3)
3. Uniform interface – REST APIs have a uniform
interface, meaning that they use standard HTTP
methods (GET, POST, PUT, DELETE) for CRUD
operations, and they follow standard conventions for
representing resources and handling errors.

4. Client-Server Architecture – REST APIs follow a

client-server architecture, where clients (such as web
browsers or mobile apps) interact with servers to
access resources. This separation of concerns allows
for scalability and flexibility in the system design.
Key Characteristics of REST APIs
(3/3)
5. Layered System – REST APIs can be layered,
meaning that intermediaries (such as proxies or
gateways) can be used to improve scalability, security,
and performance without affecting the overall
architecture.
What is HTTP?
• Stands for Hypertext Transfer Protocol, the
foundation of data communication on the World Wide
Web

• A protocol that defines how messages are formatted

and transmitted between web servers and web clients,
such as web browsers or API clients

• Types of data that can be exchanged using HTTP include

text, images, videos, and more
Key Characteristics of HTTP (1/2)
1. Client-Server Model: HTTP operates on a client-server model,
where clients (such as web browsers or API clients) send
requests to servers, and servers respond to those requests.

2. Stateless Protocol: HTTP is stateless, meaning that each

request from a client to a server is independent and does not
rely on any previous requests.

3. HTTP Methods: HTTP defines various methods (also known as

verbs) that specify the action to be performed on a resource.
The most common HTTP methods include GET (retrieve data),
POST (submit data), PUT (update data), and DELETE (remove
data).
Key Characteristics of HTTP (2/2)
4. Request-Response Cycle: Communication in HTTP
follows a request-response cycle. A client sends an
HTTP request to a server, specifying the desired action
(e.g., retrieve a webpage or access an API endpoint),
and the server responds with an HTTP response
containing the requested data or indicating an error.

5. Headers: HTTP headers are additional pieces of

information included in both requests and responses to
provide metadata about the message, such as content
type, content length, caching directives, and more.
Postman User Interface

Request

Collections

Respons
e
Console
Postman Requests – Creation (1/3)
1. Identify the API endpoint: Locate the correct URL for
the specific action you want to perform (GET a list of
users, POST a new record).

2. Choose the request type: (GET, POST, PUT, PATCH,

DELETE, etc.)

3. Construct the URL:

a) Pro tip: Copy and paste the base URL from the API
documentation into the Address bar of Postman
b) Pro tip: Use Postman's built-in variable functionality to store
and manage reusable base URLs and path variables
Postman Requests – Creation (2/3)
4. Add Query Parameters:
a) Some API endpoints require additional information in the form of query parameters
appended to the URL after a question mark (?).
b) Pro-tip: Add these parameters as key-value pairs in the "Params" section of your
Postman request.

5. Set Headers (if required):

a) Certain APIs might require specific headers to be included in the request (e.g.,
authorization tokens, content type)
b) Consult the API documentation for any necessary headers and their values
c) Add these headers as key-value pairs in the "Headers" section of your Postman request

6. Prepare Request Body (if applicable):

a) Methods like POST and PUT often involve sending data to the API
b) The format of the body depends on API documentation (JSON / XML)
c) Use the ‘Body’ tab in Postman to compose the request body
Postman Requests – Creation (3/3)
7. Review and Send:
a) Double-check the request construction – URL, method,
parameters, headers, body
b) Hit the “Send” button to execute the request

8. Analyze the response:

a) Check the response status code (200 for success, 404 for not
found)
b) The response body will contain data returned by the API based
on your request.
Response Codes (1/3)
• Successful
• 200 OK: Request was processed successfully
• 201 Created: Request resulted in the creation of new
resource on the server (typical of POST request)
• 204 No Content: Request was successful, but the server has
no data to return in the response body
Response Codes (2/3)
• Unsuccessful – Client Errors
• 400 Bad Request: The request itself is malformed or invalid,
due to typos in URL, missing parameters, or data formatting
errors
• 401 Unauthorized: The client lacks proper authorization to
access the requested resource, due to missing or invalid
authentication credentials
• 403 Forbidden: The client is authorized but doesn’t have the
necessary permissions to perform the requested action
• 404 Not Found: The requested resource could not be found
on the server. This might happen if you're using an incorrect
URL or referencing a non-existent resource.
Response Codes (3/3)
• Unsuccessful – Server Errors
• 500 Internal Server Error: The server encountered an
unexpected error while processing the request. This could be
due to server-side issues beyond your control.
• 502 Bad Gateway: The server received an invalid response
from an upstream server it was relying on to fulfill the request.
• 503 Service Unavailable: The server is currently
unavailable due to maintenance or overload.
Variables (1/2)
1.Base URL: Store the base URL of the API you are
interacting with – this eliminates the need to type
repeatedly for every request in the collection
2.API Key: If the API uses an API key for authentication,
save it as a variable to avoid manually entering it in
each request
3.Access Token: For APIs that use OAuth or Bearer
Token authentication, save the access token as a
variable. This token might expire periodically, so you'll
need to update the variable accordingly.
Variables (2/2)
4. Test Data: You might use sample data for testing
purposes. Save frequently used test data (e.g., email
addresses, product IDs) as variables to avoid repetitive
typing and ensure consistency across tests.
5. Path Parameters: For URLs with path variables that
change depending on the request (e.g., /users/{id}),
store them as variables.
Business Processes and API Testing
(1/2)
1. Effective API Testing
a) Before testing an API, it's crucial to understand the
underlying business processes and rules.
b) This helps in creating relevant test cases that simulate real-
world scenarios.
2. Identifying test cases
a) By understanding the business logic, you can identify
different scenarios and edge cases to test for, ensuring the
API behaves as expected in diverse situations.
Business Processes and API Testing
(2/2)
• Example – Grocery Store API
• A cart is required before placing an order.
• The cart cannot be empty.
• Products must exist in the inventory and have sufficient stock.
• Ordering more items than available is not allowed.
• The cart is deleted after a successful order placement to
prevent duplicate orders.
• Creating a cart doesn't require authentication.
• Placing an order requires authentication to identify the specific
client.
JSON in APIs
• Why is JSON used for sending and retrieving data via
APIs?

1. JSON is a lightweight and humanly readable data

format
2. JSON is natively supported by most programming
languages
3. JSON allows for incompatible IT systems to exchange
data
JSON format (1/3)
Basic structure of JSON:

• Key-value pairs: Keys (names) separated by colons (:) from

values (data). Both keys and values are enclosed in quotes ("").
• Objects: Collections of key-value pairs enclosed in curly braces
({ }).
• Arrays: Ordered lists of values enclosed in square brackets ([]).
Values can be of any type (strings, numbers, Booleans, objects,
or other arrays).
JSON format (2/3)
JSON Formatting Rules:

• Commas: Separate key-value pairs within an object and

elements within an array. Avoid trailing commas after the last
element.
• Double-Quotes: Required for strings (text) but not for numbers
or Boolean values (true/false).
JSON format (3/3)
JSON examples:

• Simple object: { "firstName": "John", "age": 22, "isMarried":

false }

• Array of strings: ["Netflix", "Mountain biking"]

• Array of objects: [{ "name": "Apple", "price": 1.29 }, { "name":

"Banana", "price": 0.49 }]
Authentication
• Refer to API documentation on the type of
authentication to use

a) Access Token  Choose Bearer Token in Postman

b) API Key  Choose API Key in Postman
FAQs
1. What is a web API?
• It is an API that uses the internet for communication.
• Web APIs are typically accessed over HTTP or HTTPS.
• They are often used by developers to build applications that
interact with a web-based service or platform

2. What does the word “interface” mean in API?

• “Interface” here can be thought of as a set of rules that must
be followed for two entities to communicate with each other
FAQs
3. What happens if I encounter an error when sending a
request?
• Check the following:
• Status code
• Request method (you may have selected GET when it should be POST)
• Request body format (you may have selected Text instead of JSON)
• Invalid JSON in request body

a) 400 Bad request

• Did you forget to provide a value for your path variable?
b) 404 Not found
• Did you accidentally add a space at the end of the address?
FAQs
4. What is the purpose of the API documentation?
• To understand how to use the API
• To troubleshoot issues with the API
• To learn about the capabilities and features of the API

5. What is the safest way to ensure you don’t have typos

in your addresses when sending API request
• Copy and paste the API endpoint and parameters from the API
documentation – don’t try to manually type out
FAQs
6. What is the purpose of the API documentation?
• To understand how to use the API
• To troubleshoot issues with the API
• To learn about the capabilities and features of the API

7. What is the safest way to ensure you don’t have typos

in your addresses when sending API request
• Copy and paste the API endpoint and parameters from the API
documentation – don’t try to manually type out
 Variables Query parameter
Can be saved API_Endpoint?
inside {{syntax}} QueryParam1=value
Good practices for variables:
1. Base URL of addresses
2. Secret info like API keys and Access • Filter API responses based on
Tokens specific criteria
3. Frequently used data like product ID

Collections Path variable

1. Group related API requests together API_Endpoint/:PathVar

in
Can be used
2. Save frequently used API requests for quick access

responses
Filters API
and reuse • Used to identify specific
resources within a collection,
Postma (API Client like individual products by ID

inside
saved
Can be
Tool)
n

Identify specific
Request

resource
Response 1. Identify API endpoint
2. Choose request type
1. Analyze the response
(GET/POST..)
(check response code)
3. Construct the URL
List of response Server 4. Add Query Parameters
codes 5. Set Headers (if required)
Client Errors –
Successful – 2XX 4XX REST APIs 6. Prepare request body (if
• 200 OK • 400 Bad
1. Statelessness applicable)
•7.GET:
Review
Usedand Send data without modifying anything on
• 201 Created Request
• 2. Resource-based to retrieve
• 204 No Content 401
Server Errors – 5XX Unauthorized 3. HTTP methods for CRUD the server.
• POST: Typically used to create new data on the server. Typically
• 403 Forbidden
• 500 Internal Server operations
requires
Error • 404 Not Found 4. Client-server architecture • PUT: Used to completely replace an existing resource on
request body
• 502 Bad Gateway the server.
• 503 Service Unavailable • PATCH: Used to update a specific portion of an existing