Stop manual API testing, automate with Postman!
Developing and testing APIs is often slow, error-prone and annoying.
How to automate API testing in a simple, yet effective way?
I want to answer this question and share my personal learnings with Postman by providing practical examples highlighting the pros and cons.
Starting with the basics while finishing with the fancy stuff. 😉
What is Postman?
Postman is a software API development tool used for:
- API development
- API testing
- API documentation
Postman is not used to create the API itself, it is a companion tool to develop, document and test against an API.
Why to use Postman?
Here are the main reasons for using Postman:
- Fast & accurate API testing
- Fast & stable API integration
- Documentation & collaboration
The following examples illustrate Postman’s main benefits while focusing on API integration and testing.
Practical Examples
This section illustrates my personal learnings with Postman highlighting the benefits and drawbacks of each solution.
Challenge — Login & Get User
All of the practical examples are solving the same challenge, starting with the basics, followed by more advanced solutions.
The overall challenge is to log in and get a user from an imaginary API.
Although this seems easy, you might be surprised about the final results. 😉
Learning #0 — Without Postman…
My first approach was to use no API development tool while integrating the API calls directly in the software’s code.
Solution
POST /loginAPI call in software codeGET /userAPI call in software code- Log in manually via software
- Get user with session cookie
This solution works quite well for such a simple task, but there are still some obvious drawbacks leading to very time-consuming and error-prone API integrations in more realistic/complex software projects.
Cons 👎
- No API isolation: Integrating APIs directly in the software is error-prone and hard to debug. It is preferred to test APIs in isolation avoiding errors due to unrelated API integration issues.
- Manual session handling: This solution requires logging in via the software or hard-coding the login credentials in the software code.
- Static values: The API configuration is hard-coded in the software code making it difficult to adjust parameters dynamically.
- No automated API tests: Testing APIs using this solution requires manually going through the
POST /loginandGET /userAPI flows.
As I was never sure if an issue was due to my software’s implementation or due to the API itself, I wanted to find a better way to test APIs independently.
Learning #1 — Manual Session
The next big step forward was to start using Postman as an API development companion tool.
Solution
POST /loginAPI call in software code- Log in manually in software
GET /userAPI call in Postman- Copy & paste cookie into
GET /userheader
The GET /user API call is a GET REST API request pointing to http://parkside.at/user/1234 where “1234” represents a user ID.
A “Cookie” HTTP header authenticates the user with the copy-pasted information from the current user session.
Which changes are required to log in and get another user?
- Change user ID in
GET /userURL - Log in manually via software
- Copy & paste cookie into
GET /userheader
Although this use of Postman isolates the API testing from the software code, it is obviously not efficient and flexible and can be further improved.
Pros 👍
- API isolation: Preferably APIs should be tested in isolation to avoid errors due to unrelated software API integration issues.
Cons 👎
My goal was to set up a more flexible and mostly automated API testing environment that would not require all this manual configurations.
Learning #2 — Automatic Session
After finding out about Postman’s cookie manager I finally managed to set up a fully automatic user session handling.
Solution
POST /loginAPI call in PostmanGET /userAPI call in Postman
The POST /login API call is a POST REST API request pointing to http://parkside.at/login adding the user’s login credentials as a JSON body.
After sending a POST /login API call Postman’s cookie manager automatically stores the session cookies received with a “Set-Cookie” HTTP header like a web browser would do.
Which changes are required to log in and get another user?
- Change user ID in
GET /userURL - Change login credentials in
POST /loginbody
There is no more need to manually log in and paste the cookie, but the hard-coded values are still hindering a smoother user switch experience.
Pros 👍
- API isolation ⬆
- Automatic session handling: No need to manually log in before sending the
GET /usercall via Postman.
Cons 👎
I love clean & maintainable code, which is why I was still not fully satisfied with this static implementation. I wanted to have a central place to dynamically change values like URLs and session information.
Learning #3 — Environments & Variables
API environments and variables significantly simplified my way of managing hard-coded values via Postman.
Solution
- Environment in Postman
POST /loginAPI call using environmentGET /userAPI call using environment
Postman allows to create environments and variables that can be used within API requests.
Environments represent sets of variables that can be easily replaced leading to more clarity and flexibility. This example environment includes variables representing the URL, user ID and login credentials.
While both API requests make use of the “url” variable, POST /login uses the login credential variables in the request body while GET /user gets the user ID from the “userID” variable in the URL.
Which changes are required to log in and get another user?
- Change user ID & login credentials in API environment
Thanks to Postman’s environments there is now a central place to manage dynamic values by using variables. However, the current solution still relies on manual interactions with no automated API tests.
Pros 👍
- API isolation ⬆
- Automatic session handling ⬆
- Dynamic values: API environments managed with Postman allow for easy switching between different sets of variables.
Cons 👎
- No automated API tests ⬆
Although, this solution was yet another great improvement, I was still looking for a way to test against an API while being able to dynamically adjust my pre-configured Postman environments and variables.
Learning #4 — Pre & Test Scripts
Finally, I started leveraging Postman’s core functionality by using JavaScript for automated API testing and dynamic updates.
Solution
- Environment in Postman
- Script before
POST /login POST /loginAPI call using environment in Postman- Script after
POST /login GET /userAPI call using environment inPostman
The POST /login pre-request script checks if login credential variables are set and logs errors to the console before executing the API request.
On the other hand, test scripts run after executing an API request allowing to access variables and test API responses.
The POST /login test script parses the API response, verifies its status and validates the email by comparing it with the “email” environment variable.
Finally, I managed to solve the challenge while turning all initial drawbacks into benefits by using Postman.
Pros 👍
- API isolation ⬆
- Automatic session handling ⬆
- Dynamic values ⬆
- Automated API tests: Automatically test API requests with scripts executed before and after each API request.
Of course, there are even more advanced solutions to share, but they are exceeding the scope of this article.
Takeaway: Be curious & continuously improve! 😉
Nobody was born an API testing guru, it needs time and effort!
Postman is a great companion tool for API development providing highly useful features like environments, variables, scripts and more.
Please note that Parkside is no referral partner of Postman, we just love to talk about the great products enhancing our everyday life.
This article is about Postman’s free version not explaining any pro features.
I would be happy to describe more advanced solutions in a follow-up post! Share your thoughts and claps if you like to learn more about Postman. 😍
