Postman: A hands-on tutorial: Day 3— A Deep Dive into a Postman Request: Part I

Welcome back to Day 3 of our hands-on Postman tutorial series! Now that you’ve created your first API request, it’s time to take a deeper dive into the features and options available within a Postman request. Understanding these intricacies will empower you to fine-tune your API interactions and handle various scenarios efficiently.

Recap: Launch Postman and Open a Request

1. Launch Postman: Open Postman on your machine. If you closed it after the last session, find and click on the Postman icon in your desktop or start menu.
2. Open a Request: Navigate to the collection where you saved your first request, or create a new one. Open the request you created in the previous tutorial.

Anatomy of a Postman Request

Before we explore advanced features, let’s quickly review the components of a Postman request:

1. HTTP Method: Specifies the type of request (GET, POST, PUT, DELETE, etc.)
2. Request URL: The endpoint or URL where the request is sent.
3. Params: Additional parameters sent with the request, commonly used in GET requests.
4. Headers: Additional information about the request, such as content type or authorization.
5. Authorization: Credentials or tokens required to access the API.
6. Body: Data sent with the request, commonly used in POST and PUT requests.

Features of a Postman Request

Now, let’s take a deep dive into some advanced features.

Dynamic Variables

Postman allows you to use dynamic variables in your requests, making them more versatile and reusable.

In the URL or headers, use {{variable_name}} to represent a dynamic variable. You can set and manage these variables in the "Variables" section of Postman.

For example, the following url guesses the gender of a person using the person’s name as input — https://api.genderize.io

You need to pass the name as a query parameter as follows: https://api.genderize.io?name=<>

As you can see, the Params section shows the Query parameter name and its value (Dipan). Now, you can use a variable to set the value of this Query parameter like below:

1. Create an environment (In our case:Local)

2. Define a variable (in our case: name) and set its value

3. Change the environment for the request to Local

4. Update the request and replace the value of the query parameter with this name variable.

4. Send the request.

Similarly, you can parameterize the name of the base url using a variable too.

If you want to set a variable at the collection level (which, can then be referred by all of the requests belonging to that connection), define the variable at the collection level instead.

Authentication

Let’s explore various authentication methods available in Postman, including Basic Auth, API Key, OAuth, and more.

Photo by Greg Bulla on Unsplash

In the “Authorization” tab of your request, choose the appropriate type and provide the necessary credentials.

Below are some common ones —

• No Authentication: At its simplest form, you might encounter APIs that do not require any authentication. This is common for public APIs providing information that doesn’t need user-specific access. Implementation: Select “No Auth” in the Authorization tab of your request.
• Basic Authentication: Basic Auth is a straightforward method where the username and password are encoded and sent as part of the request header. However, note that it’s not the most secure method, especially when dealing with sensitive information. Implementation: Choose “Basic Auth” in the Authorization tab and provide the username and password.
• API Key Authentication: Many APIs require an API key for authentication. This key is often provided by the service provider and acts as a token to validate your access. Implementation: In the Authorization tab, choose “API Key” and enter the key along with the key parameter.
• OAuth 1.0 and OAuth 2.0: OAuth (Open Authorization) is a widely adopted protocol for secure API authentication. OAuth 1.0 and OAuth 2.0 differ in their workflows, but both involve obtaining a token to access protected resources. Implementation: Choose “OAuth 1.0” or “OAuth 2.0” in the Authorization tab and provide the necessary details, including client ID, client secret, token URL, etc.
• Bearer Token Authentication: Bearer token authentication is prevalent in OAuth 2.0 scenarios. The client receives a token, and this token is sent in the Authorization header of subsequent requests. Implementation: Choose “Bearer Token” in the Authorization tab and enter the token.
• Digest Authentication: Digest Authentication enhances the security of Basic Authentication by using a challenge-response mechanism. It includes hashing and nonce values to protect against certain attacks. Implementation: Choose “Digest Auth” in the Authorization tab and provide the username and password.
• AWS Signature: For APIs hosted on AWS (Amazon Web Services), AWS Signature is a common authentication method. It involves signing the request with AWS credentials. Implementation: Choose “AWS Signature” in the Authorization tab and enter the necessary AWS credentials.
• Custom Authentication: Postman’s flexibility allows you to implement custom authentication methods using scripts. This is useful for scenarios where none of the built-in methods fit your needs. Implementation: In the Authorization tab, choose “Custom” and write scripts to handle authentication.

Environments

You can use environments to manage variables and configurations for different scenarios/stages (e.g., development, testing, production).

At its core, a Postman Environment is a set of key-value pairs that represent variables. These variables can be used in requests, scripts, and tests throughout your Postman workspace. Environments are particularly useful when you’re working with APIs that have different configurations for development, testing, and production.

Common Use Cases for Postman Environments:

• Use environments to manage different API endpoints for development, testing, and production.
• Store authentication credentials as variables in environments, ensuring that you’re using the correct credentials for each environment.
• Leverage environments for dynamic data generation. For instance, you might have an environment variable for a timestamp that gets updated with each request.
• Use environment variables as configuration flags to enable or disable certain features during development or testing.
• Create environments for specific testing scenarios, allowing you to seamlessly switch between different setups.

Best Practices for Working with Postman Environments

• Adopt a consistent naming convention for your environment variables to enhance clarity and maintainability.
• If you’re working in a team, consider version-controlling your environment configurations to ensure consistency across team members.
• Be cautious with storing sensitive information in environments. Avoid sharing environments with sensitive data and consider using Postman’s built-in variable types like passwords.
• Document your environments, specifying the purpose and usage of each variable. This helps both current and future team members understand the configurations.

Collection Runner

The Postman Collection Runner is a tool within the Postman application that allows you to execute a collection of API requests in a specific order. Collections serve as containers for requests, enabling you to organize and run multiple requests as part of a test suite. The Collection Runner takes this a step further, allowing you to automate the execution of these collections with ease.

Click on “Runner” in the top left corner, select a collection, and run it to see the requests executed in order.

Common Use Cases for the Collection Runner:

• Test Suites: Execute a suite of API requests as part of a comprehensive testing scenario.
• Data-Driven Testing: Run the same set of requests with different data inputs, leveraging variables or data files.
• Load Testing: Simulate multiple users making concurrent API requests to assess the performance and scalability of your API.
• Regression Testing: Automate the execution of a suite of API tests to catch regressions after code changes.
• Monitoring: Set up regular runs of your API tests to monitor the health and functionality of your APIs over time.

Conclusion

Congratulations! You’ve now learnt about some of the most important features of a Postman Request. Stay tuned for Day 4, where we shall cover the remaining features of a Postman Request.

Happy coding!