Automate API tests the effortless way

Hello readers!

We’ve gone through some of the basics of API testing and how to go about automating it a while back. Let us revisit this topic and look at how we can utilise some existing tools, Postman and Newman, to automate API tests quickly and effortlessly.

Photo credit: Spider-Man No Way Home

Postman is one of the most popular tools for API testing and most software engineers use it to do a quick test after implementing the APIs. Its core functionality is to allow testers to make specific API requests to verify the responses. Beyond that, its whole suite of features include API design, documentation, detection, mock servers, monitors and test automation, which we will explore in this article.

In a typical API testing scenario, a client initiates a request with a HTTP method like GET/POST to the server endpoint or URL, which will then be processed and return a relevant response. If you wish to avoid hardcoding data, you can even make use of the faker library to generate test data.

Once an API call has been made, you can add assertions or verify specific conditions automatically by adding some test codes (in ChaiJS BDD syntax) under the “Tests” tab. Here’s an example that checks the response status code, time, and the JSON value.

Adding assertions for post-request processing
Assertions’ statuses in the “Test Results” tab after sending the request

Note that besides assertions, any script can be added in the “Tests” tab for post-request processing. An example is to extract a value from the response to be used in subsequent requests. Similarly, “Pre-request Script” tab allows codes to be run before the request is sent.

Besides the request level, pre- and post-request codes can also be added at folder and collection levels to reuse common scripts for multiple requests. There are also various default code snippets in template form to easily add commonly used functions. We cannot cover everything here, so do refer to the Postman Learning Center if you want to find out more.

All these tests and/or assertions can be saved as Postman collection and it can easily be exported to a JSON file or users can make use of the Postman cloud team feature to sync the latest collection version across to all the team members. One thing to note is that the free version only supports up to 3 team members while paid plans can support larger teams with more advanced features unlocked.

Integrating Postman test suite to your project

Now that we have gone through the basics of creating a test suite in the form of Postman collection, let’s see how we can automate them easily with Newman, an open source command-line Postman collection runner using Node.js. This is useful to trigger the test in CI/CD for fast, automated feedback periodically or when codes are updated.

To begin, run the following commands in your project folder to install Newman and reporter:

Next, export and commit your Postman collection JSON into the project repository, preferably in a test folder, so that team members can access and update it whenever they make changes to the API. The tests in the collection can easily be triggered via the following command line with command line logging, as well as html and junit reports:

To integrate into the CI/CD pipeline, simply add steps to check out the source codes, install the npm packages, and run the tests. The test artefacts are saved in the Newman folder by default for retrieval. Remember to configure the junit parser for the test result to be recognised by the CI/CD tool to indicate pass or fail.

Ta-daaaaaaaaa! Isn’t that simple? This is an especially convenient way of automating the API tests when:

  • the team is already utilising Postman for their API development and testing, with intention of capitalising on existing resources, and/or
  • the project is small-scale, straightforward, and doesn’t require much customisation in the test scripts.

On the other hand, when compared to the traditional method of writing API tests, there are some limitations in using Postman — lesser flexibility in structuring the codes and unable to import external JavaScript libraries outside of those included. Thus, depending on your needs, this may or may not be a deal breaker, for a slight sacrifice in functionalities could result in gain in speed and reusability in implementing the API test automation.

We hope this information is useful in your testing journey and adds an option to your arsenal of testing tools. If you have questions or more tips to share with us, do make use of the comments section below. See you again soon!

🧙🏼‍♀ Team Merlin 💛
Application security is not any individual’s problem but a shared responsibility.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Team Merlin

Team Merlin


Software | Security | Quality enthusiasts doing the right things