Step-by-Step Guide to API Testing Using Postman

API Testing Using Postman- Implemented CRUD Operations with Express.js, MongoDB, and Node.js provides a detailed guide on how to use Postman for API testing.

API testing Using postman

API: An API, or Application Programming Interface, is a set of rules and protocols for building and interacting with software applications. It allows different software systems to communicate with each other by defining the methods and data structures they can use to request and exchange information.

API Testing is a software testing type that validates Application Programming Interfaces (APIs). The purpose of API Testing is to check the functionality, reliability, performance, and security of the programming interfaces. In API Testing, instead of using standard user inputs(keyboard) and outputs, you use software to send calls to the API, get output, and note down the system’s response. API tests are very different from GUI Tests and won’t concentrate on the look and feel of an application. It mainly concentrates on the business logic layer of the software architecture.

What are the Types of API Protocols and Standards?

Web APIs Web APIs are the most common type, enabling communication between servers and clients over the internet using HTTP/HTTPS protocols.

• REST (Representational State Transfer): Uses standard HTTP methods (GET, POST, PUT, DELETE). Stateless communication. Commonly used with JSON, but can use other formats like XML. Designed for scalable and straightforward web services.
• SOAP (Simple Object Access Protocol): Uses XML for message format. More rigid and protocol-heavy than REST. Provides built-in error handling and security features.

Postman is a scalable API testing tool that quickly integrates into CI/CD pipeline. It started in 2012 as a side project by Abhinav Asthana to simplify API workflow in testing and development. API stands for Application Programming Interface which allows software applications to communicate with each other via API calls.

Install Postman To get started with API testing using Postman, you first need to install it on your local machine. Postman is available for Windows, macOS, and Linux operating systems. You can download Postman from the official website (https://www.postman.com/) and follow the installation instructions for your specific operating system.

Postman GUI

HTTP status codes:

HTTP Status Code

Types of HTTP:

Types of HTTP:

GET- Purpose: Retrieve information from the server.

Characteristics:

• Requests data from a specified resource.
• Should not change the state of the resource (idempotent).
• Can be cached.
• Can be bookmarked.
• Should not contain a request body.

POST- Purpose: Submit data to be processed to a specified resource.

Characteristics:

• Often used to submit form data or upload a file.
• Can create a new resource or update an existing resource.
• The request body contains the data to be sent to the server.
• Not idempotent (multiple requests may have different effects).
• Cannot be cached.

PUT- Purpose: Update a resource or create a new resource if it does not exist.

Characteristics:

• Replaces the current representation of the resource with the request payload.
• Idempotent (multiple requests with the same data should produce the same effect).
• The request body contains the new version of the resource.

DELETE- Purpose: Remove a specified resource.

Characteristics:

• Deletes the resource identified by the URL.
• Idempotent (multiple requests should have the same effect as a single request).

PATCH- Purpose: Apply partial modifications to a resource.

Characteristics:

• Unlike PUT, which replaces the entire resource, PATCH applies changes to a part of the resource.
• Not necessarily idempotent, depending on how the server handles the partial update.

HEAD- Purpose: Retrieve the headers of a resource without the body.

Characteristics:

• Similar to GET but only transfers the status line and header section.
• Used to check what a GET request will return before making a GET request (e.g., for checking last-modified date or checking if the resource exists).

OPTIONS- Purpose: Describe the communication options for the target resource.

Characteristics:

• Used to determine the capabilities of a server or to test server functionality.
• Can be used to check the allowed HTTP methods for a resource.
• Does not change the resource state (safe and idempotent).

Implemented CRUD operations with Express.js, MongoDB, and Node.js. Now, I’m going to test my own developed API with Postman. Git Repository

Working with GET Requests:

Here are five examples of user data that I have previously created in my Mongo database. The following screenshot:

Mongo database

GET requests are to retrieve data from the API server. The below screenshot will depict the process of creating a GET request.

Get Request

In the workspace

1. Set your HTTP request to GET.
2. In the request URL field, input link
3. Click Send

In this example, we want to retrieve information about 5 user results from my local server.

Request URL: localhost:3000/api/user/getAllUsers

Request Method: GET

Headers (optional, for additional information or authorization):

Visualization of GET Request Flow

Client (Browser or Application): Initiates a GET request to the server.

Server: Processes the GET request and retrieves the requested information.

Response: The server sends back the requested data.

Visualization of GET Request Flow

Working with POST Requests:

Here are five examples of user data that I have previously created in my Mongo database. The following screenshot:

Mongo Database

I can now add user data to my MongoDB using Postman’s POST requests. Post requests are different from Get requests as there is data manipulation with the user adding data to the endpoint. The below screenshot will depict the process of creating a POST request.

creating a POST request.

In the new tab

1. Set your HTTP request to POST.
2. Input the same link in request URL: http://localhost:3000/api/user/create
3. switch to the Body tab
4. Click raw
5. Select JSON
6. Copy and paste just one user result from the previous get request, like below. Ensure that the code has been copied correctly with paired curly braces and brackets.

{

“name”:”Test User “,

“email”:”test@gmail.com”,

“address”:”BD”,

“userid”:”TEST10"

}

7. Click Send.

8. Status: 201 Created should be displayed

9. The posted data is showing up in the body.

Create a new user on the server. We can see response status code 201 which means created. Before sending a POST request, my Mongo database displays five users. Add a new user to my database after sending a POST request. The following screenshot:

Visualization of POST Request Flow

Client (Browser or Application): Initiates a POST request to the server with the new user’s data.

Server: Processes the POST request and creates a new user.

Response: The server sends back a confirmation with the details of the newly created user.

Request URL: localhost:3000/api/user/create

Request Method: POST

Headers (optional, for additional information or authorization):

Test Result:

Working with PUT Requests:

Now let’s update data from the database using the PUT method. Now I update

“id”: “668104b9072f49febb92e7ea”

First, Create a New PUT Request

● Then put URL : http://localhost:3000/api/user/update/id

● Then choose Body -> raw ->json

● And Write the json of name, email ,address and user id.

{

“name”:”Hello Update”,

“email”:”Hllo@gmail.com”,

“address”:”Dinajpur”,

“userid”:”Update01"

}

● Now just press on Send and see the Body there is same json

Now, I checked whether my MongoDB PUT request worked or not. To check “id”: “668104b9072f49febb92e7ea”

I will see that “id”: “668104b9072f49febb92e7ea” is updated successfully. The following screenshot:

Working with DELETE Requests:

Now, for deleting data from data, you can just add the new DELETE request and API endpoint : http://localhost:3000/api/user/delete/id

Now let’s delete data from the database using the DELETE method. Now I delete

“id”: “668104b9072f49febb92e7ea”

First, Create a New DELETE Request

Then put URL : http://localhost:3000/api/user/delete/668104b9072f49febb92e7ea

Now just press on Send and see the response

If data is deleted successfully. It will show the message {“message “: “User deleted successfully”}

API Response Validations:

API response validations are crucial for ensuring the data received from an API is accurate, complete, and safe to use. Here are some common strategies and methods to validate API responses:

1. Schema Validation

• JSON Schema: Define a JSON schema that describes the expected structure of the response. Use libraries like ajv (JavaScript), jsonschema (Python), or json-schema-validator (Java) to validate the response against the schema.
• XML Schema: Use XSD (XML Schema Definition) for validating XML responses.

2. Data Type Validation

• Ensure that the data types of the response fields match the expected types (e.g., strings, integers, arrays).

3. Field Presence and Constraints

• Required Fields: Check that all required fields are present.
• Optional Fields: Validate optional fields if they are present.
• Field Constraints: Validate constraints like string lengths, number ranges, and regex patterns.

4. Value Validation

• Enums: Ensure fields that have a limited set of valid values (enums) contain only those values.
• Business Rules: Check that the values make sense according to business rules (e.g., a start date should be before an end date).

5. Status Code Validation

• Ensure the API returns the correct HTTP status code for different types of responses (e.g., 200 for success, 404 for not found, 500 for server errors).

6. Response Time

• Measure and validate the response time to ensure it meets performance requirements.

7. Security Validation

• Authentication and Authorization: Verify that the API enforces authentication and that the user has the correct permissions for the request.
• Sensitive Data Exposure: Check that sensitive data (e.g., passwords, personal information) is not exposed in the response.

8. Error Handling

• Ensure the API provides meaningful error messages and codes.
• Validate the structure of error responses to ensure consistency.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

If you enjoyed it please do clap & let’s collaborate.

Twitter: https://x.com/xamiron

Linkedin: https://bd.linkedin.com/in/sabuj-modak

Email: xamiron.modak@gmail.com