Unit V

Introduction to POSTMAN for

API testing
Rohan Joshua 22011102079
Sidheshwar 22011102102
Vidharshana S 22011102120
Yogasri S 22011102125
➢ API (Application Programming Interface) allows different software systems to communicate with each
other. When we build web applications or mobile apps, they often use APIs to fetch or send data to other
systems.

API Security involves protecting the data and services exchanged through these APIs. Since APIs can
expose sensitive data and functionality, ensuring that they are secure is critical.
• Authentication: Ensures the system knows who is making the API request (e.g., using OAuth or API keys).
• Authorization: Determines whether the authenticated user has permission to perform certain actions.
• Encryption: Encrypts data sent through APIs to ensure it’s not readable if intercepted.
• Rate Limiting: Limits how many requests an API can receive from a user in a given time to prevent abuse.

➢ Creating RESTful APIs:

RESTful APIs are a type of API based on REST (Representational State Transfer) architecture which
typically uses HTTP methods like GET (to retrieve data), POST (to send data), PUT (to update data), and
DELETE (to remove data) and data is often exchanged in a format like JSON (JavaScript Object Notation)
or XML
Testing and Validating RESTful APIs:

Testing tools like Postman are used to make API

requests and ensure that they return the correct
responses.
Validation ensures that the API returns the right
data types, handles errors properly, and meets
performance standards.

•Postman is a popular tool for testing APIs. It provides a

user-friendly interface to send requests to APIs, receive
responses, and debug errors.With Postman, you can:
• Create collections of API requests.
• Send requests with different HTTP methods (e.g.,
GET, POST).
• Add headers, parameters, and bodies to your
requests.
• Automate tests to ensure your API behaves as
expected.
•Example: If you are testing a weather API, you can send a
GET request with parameters like city name, and Postman
will show you the API response, which might include the
temperature, humidity, etc.

3
 Basic Components of
Postman

Environment
Variables: These Workspaces:
allow you to Postman
Requests: create variables provides
Collections: A
Postman allows that can be used collaborative
collection is a
you to make in multiple spaces where
group of API
different kinds of requests. teams can work
requests saved
HTTP requests multiple API on API testing
together. You
like GET, POST, environments and
can group
PUT, DELETE, (like development
similar requests
etc. You can development, together.
(e.g., all requests
specify the URL staging, and
related to user
of the API production), you
management,
endpoint, the can define the
like creating,
HTTP method, API URL as a
updating, and
and additional variable and
deleting users) in
parameters. switch between
one collection. 4
environments
easily.
•Postman Monitors: Automated tools that run collections of
API requests at scheduled intervals to ensure they are
functioning correctly and to monitor performance over time.
• Disadvantage:
• They only work if the Postman server is on the
same network, making it hard to test
performance across different networks without
purchasing the Pro version, which provides an
external IP for monitoring.Monitors
• do not support Global variables, requiring
manual copying of Global variables into a new
environment as local variables.

•Mock Servers: Simulated APIs that mimic the behavior of

real API endpoints, allowing developers to test and develop
applications without relying on the actual API during its
development.
It is available in the sidebar.
Script:
•In Postman, scripts are pieces of JavaScript code that can be added to
collections, folders, or requests.
•They are used to automate tasks, such as setting environment variables,
validating responses, and running conditional workflows.
•Two types of scripts: Pre-request Scripts (run before an API call) and
Test Scripts (run after an API call to validate the response).

•Snippets:
•Snippets are pre-built blocks of code available in Postman’s scripting
section, designed to simplify common tasks.
•Users can quickly add these to their pre-request or test scripts by selecting
from a list of snippets, such as checking status codes or extracting values
from JSON responses.
•They save time and reduce the need to write repetitive code from scratch.
 Sessions:
• Sessions contain variable values used to
access and work with an API that a user
may not want to share.
• Some examples of these values are login
names, access tokens, passwords, and
other private credentials.

How do I create sessions?

1. Click on the Quick look icon (the eye) in the upper
right corner of the Postman app

2. Select either “Add” to add a new environment or

“Edit” to add a global variable

3. Set the variable name under the VARIABLE field

4. Set the variable’s initial value under INITIAL VALUE

(this value will sync across your team workspace.

5. Set the session value under CURRENT VALUE (this How do I reset my local changes back to their initial values?
value will remain local to your instance of Postman While adding or editing a variable, if you select “Reset all”, this will replace all CURRENT
unless you take an additional step to persist your VALUES with INITIAL VALUES in your instance of Postman.
changes — more on this below) How do I persist session variables across my workspace?
While adding or editing a variable, if you select “Persist all”, this will replace all INITIAL
VALUES with CURRENT VALUES across the entire workspace for that environment.
7
 Newman:
•Newman is a command-line tool for running Postman
collections.
•It allows automation of API testing and collection execution in
CI/CD pipelines or local environments.
•Newman provides detailed reports and logs, making it suitable
for continuous integration setups without needing the Postman
GUI.
To customize a collection run:
1)Using Newman with CI/CD 2)Using Newman as a Node.js library
By default, Newman exits with a status code of 0 if everything You can use Newman within your JavaScript projects as a
runs as expected without any exceptions. You can configure Node.js module. The entire set of Newman CLI functionality is
your continuous integration (CI) tool to pass or fail a build available to use programmatically. The following example runs a
based on Newman's exit codes. collection by reading a JSON collection stored in your file
system
Use the --bail option to make Newman stop a run if it
encounters a test case error with a status code of 1. This status
code can then be used by your CI tool or build system.
How Postman Works: Making Requests
Step 1: Creating a Request
•Select HTTP Method: Choose the appropriate HTTP method (GET, POST, PUT, DELETE, PATCH, etc.) depending on the API action you want to perform.
•Enter the URL: Type the endpoint URL where the API is hosted. For example, for a location API, you might use something like
https://maps.googleapis.com/maps/api/geocode/json?address=Shiv+Nadar+University,+Chennai&key=AIzaSyDSm5P7yS_UWBIBFKYKG7h-_soAWlQydZQ

How to get API Key?

Steps to Test Google Maps API using Postman:
1) Set Up Your Google Cloud Project. Go to the Google Cloud Console: Google Cloud Console.Create a new project..
2) Enable the API:Go to the API & Services section.Find the API you want to use (e.g., Google Maps API or Geocoding API) and enable it if it's not already
enabled. Copy API key
Step 2: Adding Headers
•Some APIs require specific headers, such as:
•Content-Type: This tells the API the format of the data you're sending (e.g., application/json).
Step 3: Adding Body Data (for POST, PUT Requests)
•For methods like POST and PUT, which send data to the server, you'll need to define a request body.
•Postman allows you to send data in different formats:
•Raw: Send data as plain text, JSON, or XML.
•Form-data: Used for sending HTML forms (e.g., file uploads).
•x-www-form-urlencoded: For sending form data, but in URL-encoded format.

Step 4: Sending the Request

•Once the request is prepared, click on the Send button. Display the response in the response section.
Step 5: Viewing the Response
•Postman displays the response in a structured format:
•Status Code: Shows whether the request was successful (e.g., 200 OK) or failed (e.g., 404 Not Found, 500 Server Error).
•Response Body: The actual data returned by the API, usually in JSON, XML, or HTML format.
Output: GET method

11
THANK YOU