- Postman is a tool that allows us to easily work with APIs
- Postman is used to build HTTP requests that we sent to the server running the API
- there are two ways to run Postman: 1. as a standalone app or 2. directly in the browser
- the standalone app is available for Windows, macOS and Linux
- Postman on the web works from any browser but you may need to download the Postman Desktop Agent if your requests fail
- DO NOT use the Google Chrome extension as this is deprecated and no longer updated
- to use an API you need to read the API documentation
- work is Postman is organized in Workspaces
- a status code 200 (or any status like 2XX) indicates that the request was successful
- the API we are using use the HTTPS protocol
- HTTPS stands for Secure Hypertext Transfer Protocol
- HTTPS ensures that the connection is encrypted
- all APIs should use HTTPS
- from our point of view HTTP and HTTPS are the same
- the HTTP request message will contain:
- URL (address)
- Request method (GET, POST, PUT, ...)
- Headers (User-Agent: Postman)
- Body
- the HTTP response message will contain:
- Status code (200, 404, 500, ...)
- Headers
- Body
- you can save requests so that you can re-use them later on
- all requests need to be added to a Postman collection
- typically you will have a Postman collection for each API
- we are storing the base address of the API in a collection variable called
baseUrl
- variables allow us to avoid repeating the same information
- variables allow us to easily make changes
- a Postman variable has two states
- INITIAL VALUE - this will be available to others if you share the collection
- CURRENT VALUE - this is private to you and this is the value that Postman uses
- JSON is the most popular format that APIs use to send data
- query parameters start after the
?
in the URL - the format is
key=value
- muliple query parameters are delimited in the URL with an
&
. Example:foo=1&bar=2
- depending on the API, some query paramters can be optional or mandatory
- a response status 400 indicates an issue with the request data
- you can enable and disable parameters by clicking the checkbox associated with each key-value pair
- study the API documentation and use the
limit
query parameter in the/books
endpoint - try out different values
- can you make the API return a status code 400?
:bookId
is a path variable in the URL- this endpoint allows us to specify a value that changes all the time, depending on the book
:bookId
is just a placeholder and does not get sent- you can use path variables in combination with query parameters (if the API accepts this)
- a
POST
request allows you to send data in the request body - the endpoint for submitting orders requires authentication
- some APIs/endpoints are public and require no authentication
- other APIs/endpoints are private are require authentication
- an access token is temporary password generated by the API
- to send JSON, select the POST request method and from the Body select
Raw
and from the listJSON
- you need to specify valid JSON, otherwise the server won't understand your request
- use double-quotes for strings, separate key-value pairs with a comma sign
,
- numbers, booleans don't need to be between quotes
- Postman will indicate when your JSON is invalid
- create the POST request to order a book
- try ordering a book that is not in stock
- you can use a special type of Postman variables to generate random data
- example:
{{$randomFullName}}
- to inspect the request body you can use the Postman console
- Postman is tool for dealing with APIs
- Postman cannot work with User Interfaces, click buttons and fill out forms
- Postman is not a performance testing tool
- Postman can be used for security testing but has not been designed for this purpose
- using the GET request methid on the
orders
endpoint will give us a list of orders - using the POST request method on the same endpoint will let us create a new order
- look at the API documentation and indentify the endpoint that would allow you to see a single order
- a
PATCH
request is typically used for updating existing data - a
PATCH
usually does a paritial update, by changing only some of the properties
- a
DELETE
request is typically used for updating deleting data - if you try to get the same data with a
GET
request, you will get a404 Not Found
status code
- in this second part of the course, our goal is to automate the testing of the API
- so far we have done manual testing but we want to write API tests that allow us to avoid having to manually restest the API
- we are looking at the response to understand if the API is working properly
- with API tests we want to avoid a manual re-test the API
- tests in Postman are written in JavaScript
- tests are executed ONLY after the response has arrived from the API
- Postman uses an assertion library called Chai.js
- testing the response status code is one of the most easiest tests you can write
- when writing tests, we want to make sure the tests will fail
- to make the assertions on a JSON response, you first need to parse it
- to see the contents of a JavaScript variable you can use
console.log
- to get a property of an object, you can use this syntax:
someobject.someproperty
- alternative syntax:
someobject["someproperty"]
- add tests for all the requests in the collection that verify the status code
- Postman variables are a fundamental to automating testing of the API
- Postman environments (environment variables) are good if you have multiple testing environments (localhost, testing, production)
- Postman collection variables are saved in the collection
- Postman global variables are available to all collection in a workspace
- we use Postman global variables as the data we save if not that important after the execution has stoped
- Demystifying Postman Variables: HOW and WHEN to use Different Variable Scopes
- How to set up different URLs in Postman using environment variables
- having hardcoded values in requests can make the API tests fail if the data changes
- use are using the filter function available on all arrays to remove the books that are not available
- always use
console.log
to view the data you are trying to set as a variable
- test that the book extracted from the response is of type
non-fiction
- ensure that the test fails
- use the Postman global variable
bookId
in the requests "Get single book" and "Order book". - write a test that verifies the stock is >0
- use this assertion as a starting point:
pm.expect(1).to.be.above(2)
- the Collection runner is a built-in functionality of Postman
- the Collection runner allows you to execute the entire collection with just one click
- make sure to check the "Save respose" box as this will allow you to inspect the response body
- If you run a Postman collection, the default order is as you have it in the collection
- you can change that order if you use
postman.setNextRequest
and specify the name of the next request - if you wish to stop the execution prematurely, you can so so by running
postman.setNextRequest(null)
- creating a Postman monitor ensure that you can run a Postman collection according to a predefined schedule
- running the collection will be handled by Postman on their infrastructure, you don't need to keep Postman open
- if you are not faimilar with continous integration servers like Jenkins, GitLab CI or TeamCity, this is a quick and easy way to access a Postman collection
- the API needs to be accessible from any network
- Newman is a CLI tool that can take a Postman collection, run all the tests and generate a report at the end
- Newman does not have an interface, you need to work with it from the terminal
- often Newman is installed on an integration server like Jenkins, GitLab CI or TeamCity
- to run Newman on your computer, you need to have Node.js installed.
- you can download Node.js from https://nodejs.org/ (download the LTS version)
- to install newman, run the command:
npm install -g newman
- check if newman is install with:
newman --version
- there are three ways to access a collection from Newman:
- export the collection as a JSON file
- share with a public link
- use the Postman API to get the collection
- htmlextra is the most popular reporter in the Postman community
- Newman is particulary useful when you integrate it with a CI server