API testing using Postman
API, which stands for Application Programming Interface, is a computing interface that allows communication between two applications. While there are many aspects of API testing, it generally consists of making requests to the API endpoints and validating the response.
While UI testing may focus on validating the look and feel of a web interface, API testing puts much more emphasis on the testing of business logic, data responses and security and performance bottlenecks.
In order to test APIs, we need a tool that is simple and intuitive in order to make this process easy. Postman is a great example of such application, which is also the reason why it is one of the most popular of that kind.
Defining key concepts
In order to start with the examples, we must learn more about API and Postman, and explain some concepts related to them.
An API is a set of defined rules that explain how computers or applications communicate with one another. APIs is located between an application and the web server, acting as an intermediary layer that processes data transfer between systems.
This is how an API works:
- • A client application initiates an API call to retrieve information - also known as a request.
- • After receiving a valid request, the API makes a call to the external program or web server.
- • The server sends a response to the API with the requested information.
- • The API transfers the data to the initial requesting application.
Postman is a platform for building and using APIs. It allows you to make API requests and examine the responses without using a terminal or writing any code. It is used for backend testing where we enter the end-point URL, it sends the request to the server and receives the response back from the server.
When it comes to the request and response, it is necessary to explain an important concept required to test API - HTTP. Hypertext Transfer Protocol is the foundation of data communication for the World Wide Web, and therefore the most popular application protocol used in the Internet. The HTTP client submits an HTTP request message to the server while the server returns a response message to the client.
Of course, there is much more to HTTP, but we'll focus on the most relevant part of the HTTP request and that is HTTP method. Some common HTTP methods are:
- • GET - retrieves data from the server
- • POST - submits data to the server
- • PUT - updates data already on the server
- • DELETE - deletes data from the server
On the other hand, when it comes to HTTP response, it indicates whether the request was successful by using HTTP status code. HTTP response status codes are separated into five categories, where the first digit of the status code defines the class of the response:
- • 1xx: Informational
- • 2xx: Successful (e.g. 200 OK)
- • 3xx: Redirection (e.g. 301 Moved Permanently)
- • 4xx: Client error (e.g. 404 Not Found)
- • 5xx: Server error (e.g. 500 Internal Server Error)
We will start with an example of a simple GET request. There are a couple of things you need to set to make a valid request:
- Choose a method - in this case it's GET.
- Enter the full URL of the resource you want to request into the field labeled as “Enter request URL”. In this case, we will use https://jsonplaceholder.typicode.com/posts/1. This URL represents a fake API. On https://jsonplaceholder.typicode.com/ website you can find a lot of URLs that you can use for learning and testing purposes.
- After you click on the Send button, you can observe the response section where you will see the response body and a status code. As mentioned earlier, if it starts with the number 2, that means that the request was successful.
Now we will create a POST request. Since POST method submits data to the server, the main difference is that now you need to provide some parameters.
- Choose the POST method.
- Enter the URL - https://jsonplaceholder.typicode.com/posts.
- POST method expects some parameters that you will send, for example id, title, body etc. Click on the Body tab and enter the parameters. You can choose different formats to provide the data, but in this case, we used raw - JSON format.
Writing test scripts
Postman offers another great functionality - automating response validation with assertions. That makes Postman a great utility tool to create integration tests for API endpoints. Depending on the output of these assertions, we can see if a test either passed or failed.
Tests verify that your API is working as expected, that integrations between services are functioning reliably, and that new developments haven't broken any existing functionality.
You can define tests using the pm.test function, providing a name and function that returns a boolean (true or false) value indicating if the test passed or failed. To validate the data returned by a request, you can use the pm.response object in a test.
Tests execute after the response is received. When you click Send, Postman runs your test script after the response data returns from the API and then you can check the Test Results tab in the response section. The tab header displays how many tests passed and how many ran in total. You can also toggle between passed, skipped, and failed test results.
You can see in the photo below an example of two simple test scripts and the test results for the POST method example we used earlier.
Obviously, this blog covers only a few of many Postman possibilities. If you wish to expand your knowledge and learn more about Postman, you can always check out Postman official documentation on https://learning.postman.com/docs/getting-started/introduction/.
In case you need even more information or perhaps you prefer a video tutorial, you can refer to https://www.softwaretestinghelp.com/api-testing-using-postman/ where you will find a bunch of useful material.