Daniel Fritzsch
Feb 19, 2018 · 7 min read

Developing and testing APIs is often slow, error-prone and annoying.

How to automate API testing in a simple, yet effective way?

I want to answer this question and share my personal learnings with Postman by providing practical examples highlighting the pros and cons.

Starting with the basics while finishing with the fancy stuff. 😉

What is Postman?

Postman is a software API development tool used for:

  • API development
  • API testing
  • API documentation

Postman is not used to create the API itself, it is a companion tool to develop, document and test against an API.

Why to use Postman?

Here are the main reasons for using Postman:

  • Fast & accurate API testing
  • Fast & stable API integration
  • Documentation & collaboration

The following examples illustrate Postman’s main benefits while focusing on API integration and testing.

Practical Examples

This section illustrates my personal learnings with Postman highlighting the benefits and drawbacks of each solution.

Challenge — Login & Get User

All of the practical examples are solving the same challenge, starting with the basics, followed by more advanced solutions.

Challenge #1: Login & Get User from the API

The overall challenge is to log in and get a user from an imaginary API.

Although this seems easy, you might be surprised about the final results. 😉


Learning #0 — Without Postman…

My first approach was to use no API development tool while integrating the API calls directly in the software’s code.

Solution

  1. POST /login API call in software code
  2. GET /user API call in software code
  3. Log in manually via software
  4. Get user with session cookie

This solution works quite well for such a simple task, but there are still some obvious drawbacks leading to very time-consuming and error-prone API integrations in more realistic/complex software projects.

Cons 👎

  • No API isolation: Integrating APIs directly in the software is error-prone and hard to debug. It is preferred to test APIs in isolation avoiding errors due to unrelated API integration issues.
  • Manual session handling: This solution requires logging in via the software or hard-coding the login credentials in the software code.
  • Static values: The API configuration is hard-coded in the software code making it difficult to adjust parameters dynamically.
  • No automated API tests: Testing APIs using this solution requires manually going through the POST /login and GET /user API flows.

As I was never sure if an issue was due to my software’s implementation or due to the API itself, I wanted to find a better way to test APIs independently.


Learning #1 — Manual Session

The next big step forward was to start using Postman as an API development companion tool.

Solution

  1. POST /login API call in software code
  2. Log in manually in software
  3. GET /user API call in Postman
  4. Copy & paste cookie into GET /user header
API Request: Get User with Session Cookie

The GET /user API call is a GET REST API request pointing to http://parkside.at/user/1234 where “1234” represents a user ID.

A “Cookie” HTTP header authenticates the user with the copy-pasted information from the current user session.

Which changes are required to log in and get another user?

  1. Change user ID in GET /user URL
  2. Log in manually via software
  3. Copy & paste cookie into GET /user header

Although this use of Postman isolates the API testing from the software code, it is obviously not efficient and flexible and can be further improved.

Pros 👍

  • API isolation: Preferably APIs should be tested in isolation to avoid errors due to unrelated software API integration issues.

Cons 👎

  • Manual session handling
  • Static values
  • No automated API tests

My goal was to set up a more flexible and mostly automated API testing environment that would not require all this manual configurations.


Learning #2 — Automatic Session

After finding out about Postman’s cookie manager I finally managed to set up a fully automatic user session handling.

Solution

  1. POST /login API call in Postman
  2. GET /user API call in Postman
API Request: Login with Credentials

The POST /login API call is a POST REST API request pointing to http://parkside.at/login adding the user’s login credentials as a JSON body.

Environment: Cookie Manager

After sending a POST /login API call Postman’s cookie manager automatically stores the session cookies received with a “Set-Cookie” HTTP header like a web browser would do.

Which changes are required to log in and get another user?

  1. Change user ID in GET /user URL
  2. Change login credentials in POST /login body

There is no more need to manually log in and paste the cookie, but the hard-coded values are still hindering a smoother user switch experience.

Pros 👍

  1. API isolation
  2. Automatic session handling: No need to manually log in before sending the GET /user call via Postman.

Cons 👎

  1. Static values
  2. No automated API tests

I love clean & maintainable code, which is why I was still not fully satisfied with this static implementation. I wanted to have a central place to dynamically change values like URLs and session information.


Learning #3 — Environments & Variables

API environments and variables significantly simplified my way of managing hard-coded values via Postman.

Solution

  1. Environment in Postman
  2. POST /login API call using environment
  3. GET /user API call using environment
Environment: Variable Setup

Postman allows to create environments and variables that can be used within API requests.

Environments represent sets of variables that can be easily replaced leading to more clarity and flexibility. This example environment includes variables representing the URL, user ID and login credentials.

Environment: Variable Usage

While both API requests make use of the “url” variable, POST /login uses the login credential variables in the request body while GET /user gets the user ID from the “userID” variable in the URL.

Which changes are required to log in and get another user?

  1. Change user ID & login credentials in API environment

Thanks to Postman’s environments there is now a central place to manage dynamic values by using variables. However, the current solution still relies on manual interactions with no automated API tests.

Pros 👍

  1. API isolation
  2. Automatic session handling
  3. Dynamic values: API environments managed with Postman allow for easy switching between different sets of variables.

Cons 👎

  1. No automated API tests

Although, this solution was yet another great improvement, I was still looking for a way to test against an API while being able to dynamically adjust my pre-configured Postman environments and variables.


Learning #4 — Pre & Test Scripts

Finally, I started leveraging Postman’s core functionality by using JavaScript for automated API testing and dynamic updates.

Solution

  1. Environment in Postman
  2. Script before POST /login
  3. POST /login API call using environment in Postman
  4. Script afterPOST /login
  5. GET /user API call using environment inPostman
Script: Login Pre-Script executed before Login request

The POST /login pre-request script checks if login credential variables are set and logs errors to the console before executing the API request.

Script: Login Test script executed after Login request

On the other hand, test scripts run after executing an API request allowing to access variables and test API responses.

The POST /login test script parses the API response, verifies its status and validates the email by comparing it with the “email” environment variable.

Finally, I managed to solve the challenge while turning all initial drawbacks into benefits by using Postman.

Pros 👍

  1. API isolation
  2. Automatic session handling
  3. Dynamic values
  4. Automated API tests: Automatically test API requests with scripts executed before and after each API request.

Of course, there are even more advanced solutions to share, but they are exceeding the scope of this article.


Takeaway: Be curious & continuously improve! 😉

Nobody was born an API testing guru, it needs time and effort!

Postman is a great companion tool for API development providing highly useful features like environments, variables, scripts and more.


Please note that Parkside is no referral partner of Postman, we just love to talk about the great products enhancing our everyday life.

This article is about Postman’s free version not explaining any pro features.


I would be happy to describe more advanced solutions in a follow-up post! Share your thoughts and claps if you like to learn more about Postman. 😍

Parkside

Parkside is a digital design & software engineering company. Routinely entrusted by market leaders of the future.

Daniel Fritzsch

Written by

Parkside

Parkside

Parkside is a digital design & software engineering company. Routinely entrusted by market leaders of the future.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade