Select Page

Category Selected: API Testing

9 results Found

People also read

Mobile App Testing

Appium 2.0: New Features & Migration Process

Automation Testing

A Conclusive Allure Report Tutorial with Sample Report

Talk to our Experts

Amazing clients who
trust us

How to Perform API Test Automation using Rest Assured?

How to Perform API Test Automation using Rest Assured?

To be a complete tester, it is very important for you to know how to perform Automated API testing. It enables you to test the business logic of an application early on even before the UI is ready. There are many aspects to API testing, but it generally involves making requests to one or more API endpoints and validating the response for various reasons. And Rest Assured is a great option for API Test Automation as it offers a lot of methods that can be used to fetch data from almost every part of the request or response for our testing. So in this Rest Assured Tutorial, we will be focusing on how to easily achieve API Test Automation using Rest Assured. We have also included a sample program to make it easier for you to understand the core concepts.

What is Rest Assured?

Rest-Assured is a Java-based library for testing RESTful Web Services. Accessing REST web services can be made easier by using this library, which behaves like a headless client.

As stated earlier, it is possible to create highly customizable HTTP requests to send to a Restful server. So you can use Rest Assured to send a wide range of request combinations to test the different combinations of the core business logic.

You can also use Rest Assured to validate HTTP responses received from the server. For example, we can verify the Status code, Status message, Headers, and Body of the response.

How to Perform API Test Automation using Rest Assured?

Create a Maven Project

The first of the two prerequisite steps to start API Test automation with Rest assured would be to create a Maven project by following the specified steps

File->New-> Project -> Maven Archetype -> Project_Name -> Create

Creating Maven Report on API Test Automation using Rest Assured

Add the Rest Assured dependency to your POM file

Now that you have created your Maven project, you must add the below-specified dependency to your POM.xml file.


Make a detailed HTTP request

The next step in performing API test automation using Rest Assured is to create a detailed HTTP request URI that contains the unique address of the request.

Components of an HTTP Request


The URI is composed of the Base, Resource, Query, and Path.

Uri Components Of Http Request


An HTTP header is a meta-data attached to a request or response. So it is additional information sent with a request or response between a client and a server to serve a particular purpose such as authentication, caching, or sending messages.


Users send information to the server via the body which can be in the Payload, String, or File format.


With the REST interface, the four basic operations are crucial to achieve API Test Automation using Rest Assured. The 4 basic operations Create, Read, Update, and Delete (CRUD) are performed via the POST, GET, and PUT methods.

GET: To retrieve or read the server’s data.

POST: It is used to add a resource to the server.

PUT: To update an existing record completely.

PATCH: If only a partial update has to be made to an existing record.

DELETE: Deletes a resource from a server.

Send the request over the network

You will be able to send the payload to the request body using a String or a JSON object. You can also send the JSON file as the payload to the request body.

Verifying the received Response

Based on the response code you receive, you will be able to identify the status of the request. There are several status codes that you’ll have to know, but we have listed the most important ones below.

200 – When the request is a success

201 – Request succeeded and has created the resource

400 – Server couldn’t process the request due to a client error

429 – When someone has sent too many requests

404 – When the requested page is not available

Example Program:

In this example for API Test Automation using Rest Assured, we will be adding an employee’s details to the server and verifying if the data was updated correctly.

package cap.utilities;
import com.fasterxml.jackson.core.JsonProcessingException;
import io.restassured.RestAssured;
import io.restassured.response.Response;
import io.restassured.specification.RequestSpecification;
import org.json.JSONObject;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

public class APIUtil {
   private static Map<String, Set<?>> dataMapForTestCaseDetails = new HashMap<>();
   public static void main(String[] args) throws JsonProcessingException {
       try {
           RestAssured.baseURI = "";
           String strURITokenForPost = "api/users";
           RequestSpecification request = RestAssured.given();
           JSONObject requestParams = new JSONObject();// JSON Object Creation
           requestParams.put("name", "John"); // Adding the information as key-value pair in the JSON
           requestParams.put("job", "tester");
           request.header("Content-Type", "application/json");
           Response response =; // here we are hitting the uri
           System.out.println("\n Status Code: " + response.getStatusCode()); // Response status code is printed here 
           System.out.println("---> Response JSON Body: " + response.getBody().asString());
       } catch (
               Exception ex) {
           System.out.println("WARNING: " + ex.getMessage() + " In API Util class file.");

Output of Verified Received Response

Code Explanation:

To make it even easier, we have explained the important parts of the sample code we have mentioned to perform API Test Automation using Rest Assured.

  • Though we can add other details such as authentication, caching, and so on, we have mentioned only the content type in the header part.
  • We have mentioned our base URI, base path, and given() to get the reference of the request specification
  • We have created a JSON object and added the information (Name & Job) in the key-value pair and passed it into the body.
  • Next, the request is hit with a post command which is used to add information to the server.
  • Finally, we got the status code as 201 as the script passed. If the script had failed, it would have thrown an exception.


We hope you are now clear on how to perform API Test Automation using Rest Assured. Being a leading API Testing Services company, we have used various other tools such as SoapUI, Postman, and so on. We have also written numerous in-depth blogs about API testing as well. So make sure to go through our entire collection and subscribe to our newsletter to not miss out on any of our latest blogs.

Postman Vs Rest Assured. An In-Depth Comparison

Postman Vs Rest Assured. An In-Depth Comparison

API testing is an integral part of the complete testing process as it will help you identify bugs and issues at different layers of your application. So choosing the right API testing tool is crucial as it can help you reduce testing time and increase testing efficiency. Being an experienced API testing company, we have used a wide range of API testing tools. Though Rest Assured is a Java library and not a standalone tool, it is one of the widely used tools for API testing along with Postman. So in this blog, we will be comparing Postman vs Rest Assured as they are widely used by many in the testing community. There is no one size fits all solution when it comes to choosing the right testing tools. With that being said, let’s find out which tool will suit you the best.


Many might have a misconception that Postman is used only to perform manual API testing. But Postman does have automation testing capabilities as well. According to recent reports, Postman has crossed the incredible milestone of having more than 20 Million registered users. This is an incredible feat considering that Postman initially launched in 2012 as a Google Chrome extension.

Rest Assured

Rest Assured is a Java-based library that can be used to perform automation testing on REST APIs and services. The libraries based on the Rest Assured library can also validate the server’s HTTP responses. Though Rest Assured isn’t as popular as Postman, it is still a great API testing library.

Now that we have been introduced to both options, let’s take a closer look at the difference between the two in our Postman vs Rest Assured section.

Postman vs Rest Assured: Key Highlights

Features Postman Rest Assured
Types Best suited for exploratory, manual, and automation Testing. A Java library for performing Automated API Testing.
Pricing A limited open-source version & an advanced Propeitory version. Open-source
Scripting Language Supports only JavaScript. It has support for Java, . Net, Python, Ruby, etc
API Response Time It is faster in comparison. It is slower in comparison.
Code Reusability Requests have to be copied from one collection to another manually. Can be done with ease as it is a Java client.
Integration Less scope for integration More scope for integration
Customized Reports Does Not allow us to customize Reports We can customize reports for rest assured.
Parallel Execution Harder to Achieve Easier to Achieve
Designing a Data-Driven framework Limited with only one data file for each collection No Limitations at all

Postman vs Rest Assured: In-Depth

Now that we have seen the key differences, let’s taker a deeper dive into the critical aspects you’ll have to consider.

Cost of the Tool

Though Postman does offer a free version that can be used, there are a lot of limitations that come along with it. But in contrast, Rest Assured is a completely free open-source option with all the features you’ll need to perform effective API Testing. So if you are looking for an open-source option and will be scaling your test suite with time, you can skip the Postman vs Rest Assured comparison and go straight ahead with Rest Assured. But if cost alone isn’t the only deciding factor, you can consider the below points as well.

Code Reusability

As Rest Assured is using Java client, we can easily make reuse the methods depending on our testing needs instead of writing new methods every time. Whereas, Postman doesn’t provide the option of reusing pre-written scripts. So if you are choosing between Postman and Rest Assured for a large project or will be scaling your testing in the future, Rest Assured would be the right choice.

Ease of Use

As mentioned earlier in our Postman vs Rest Assured blog, Postman is the actual tool, and Rest assured is a Java library. So Postman has a great user interface that you can access easily by logging through a browser; making it very simple and easy to use. You also wouldn’t need to know how to work with an IDE to get things done.

Though Rest Assured uses Given/When/Then test annotations to simplify your tests and make them easy to understand even for non-technical people, the lack of a GUI does make Postman more user-friendly.

End-to-End Testing

Let’s take an example where you have to test if the data received from the web has been processed by the API and stored in the database as expected. In such end-to-end testing scenarios, opting to use Rest Assured would be the better way to go. You can add other third-party applications such as Jenkins with Rest Assured for CI/CD Integration as it is a framework. So with the help of dependencies, we can easily cover that part. Whereas Postman has less support for such integration.

But if you’re primarily looking to debug or perform manual exploratory testing, Postman is still a great option thanks to its great UI. Though automation is possible with Postman, the scale at which it can be done is a major factor to consider in this Postman vs Rest Assured comparison.

General Tips for Making the Right Choice

According to us, the major differences when comparing Postman vs Rest Assured arise from the fact that one is a tool and the other is a framework. If you are still unable to pick the right choice, here are a few tips that can help you arrive at the right decision.

  • Analyze your requirements thoroughly and list them all.
  • Define the dealbreaker aspects before analyzing other attributes.
  • Sort your requirements based on priority.
  • See which tool satisfies most of your needs, by using the above-discussed points.


As in the case of most tool comparisons, the answer is not an easy this or that solution due to the numerous factors involved while choosing the right API testing tool. We hope our Postman vs Rest Assured comparisons have helped you understand the pros and cons of both these tools. In our years of delivering API testing services to different clients across the globe, we have used both Postman and Rest Assured based on the needs of the project. We recommend you do the same when it comes to choosing between Postman and Rest Assured. For more such insightful content, make sure to subscribe to our newsletter to not miss out on any of our latest updates.

The Definitive API Testing Tutorial for Beginners

The Definitive API Testing Tutorial for Beginners

API testing has become increasingly important as cloud apps and interconnectivity platforms have grown in popularity. In fact, many of the services we use on a daily basis rely on hundreds of interlinked APIs. So even if any one of the APIs fails, the service will cease to function. That is why it is extremely important to perform API testing without fail. If you are looking to learn what API testing is and how to do it, you’re at the right place. We will also be covering the different types of bugs and challenges of API testing in this API testing tutorial. But before that, let’s brush up on the basics by seeing what an API is and what it does.

What is an API?

API (Application Programming Interface) is a computing interface that allows two different software systems to communicate with each other and share data. Let’s take a look at a real-time example to better understand the functionality of an API. Let’s assume that you are in a restaurant and that you have decided what to order from their menu. Though you have made a choice, the food will reach you only if your order is received in the kitchen and that is made possible with the help of a waiter who takes your order. So in this scenario, your order is the request, the kitchen is the server, and the waiter is the API.

API Workflow

As shown in the figure, a Web API can also be defined as “a communication interface between a client computer and a webserver.”

Web Services vs Web API:

If you are aware of what Web Services are, you might feel that both Web Services and Web APIs serve the same purpose. Though Web Services (like Web API) are services that allow one computer to communicate with another. However, the main distinction between API and Web Services is that Web Services make use of a network. So let’s take a look at the key differences between the two

S. No Web Services Web API
1 Web Services Are Software Components That Convey Specific Data/Information, Send Or Post Data, Or Update Data Using Web Protocols Such As HTTP And XML APIs Are A Piece Of Software That Lets Two Separate Apps Or Machines Communicate With Each Other Without The Need For Human Intervention.
2 A Web Service Is A Type Of Network Communication Between Two Machines. Eg. Netflix A Web API Is An Interface Between Two Independent Applications.
3 Web Services Are Generally Developed In XML (Extensible Markup Language), Which Increases Their Security. Web APIs Frequently Employ JSON (JavaScript Object Notation), Which Makes Them Easier To Use.
4 Web Services Require A Network To Function. The Functioning Of A Web API Does Not Always Require A Network.
5 Web Service Is A Subset Of Web API. For Example, Web Services Are Based Only On Three Utilizations: SOAP, REST, And XML-RPC. Web APIs Are The More Advanced Version Or Superset Of Web Services. For Example, The Web API Supports All Three Kinds Of Web Services, But It Also Supports Alternative Styles Such As JSON – RPC.
6 In Most Cases, It Communicates Through The HTTP Protocol. It Also Communicates Through SOAP, REST, And XML-RPC. It Uses Any Communication Protocol Such As HTTP/HTTPS To Start The Interaction Between The Applications.
7 It Doesn’t Have A Comprehensive Set Of Requirements, And It Can’t Always Do All Of The Functions That A WEB API Can. An API Is A Collection Of Rules And Criteria That Are Followed To Make Interaction Easier.

What is API Testing?

Given the purpose, API testing can be termed as the process of evaluating a set of application programming interfaces (APIs) individually or as part of an integration test to see if they meet the expected functionality, reliability, performance, and security requirements.

What makes it different from other types of testing?

  • API testing is different from the regular type of testing as it is a black-box type of testing that doesn’t have a Graphical User Interface (GUI).
  • As there is no GUI, you will not employ the conventional input and output mechanisms such as keyboard, mouse, monitor, and so on for your API testing.
  • API testing would require you to use software to make the API calls, receive the output, and record the feedback as well.
  • Since there is no GUI, there is no focus on the look and feel of the app. Rather, it only focuses on the business logic layer of the software’s architecture.

How to do API Testing?

Now that we have seen how API testing differs from the other types of testing, let’s explore the different stages of API testing in this API testing tutorial.

Understanding API Requirements:

Understanding the requirements is the number one step in all types of testing. And when it comes to API testing, it would be helpful if the testers understand the application’s workflow and how it is expected to perform. This step helps the tester define the verification approach as API testing is all about the responses from the database.

Checking the output status:

There is a response code or the response status code in API testing for checking the output status. It enables the tester to know if a test case has passed or failed with ease. So here’s the list of the different types of response codes and their meanings.

  • 1xx (Informative): The request has been received and is being handled.
  • 2xx (Successful): The request was received, comprehended, and accepted successfully.
  • 3xx (Redirection): More action is required to complete the request.
  • 4xx (Client Error): The request has incorrect syntax or is unable to be fulfilled.
  • 5xx (Server Error): A seemingly valid request is not fulfilled by the server.

Organizing the API:

A testing project could contain dozens, if not hundreds, of APIs to be tested. For better test management, testers are strongly advised to classify them into categories. It is also critical to organize and size an API’s data, feedback, and goals in order to deliver an API that is easy to use and does not overload consumers.

Test Cases for API Testing

Positive test cases:

  • Check whether the API takes the provided inputs and provides the desired output as defined in the requirement.
  • Check the answer status code in the output status as mentioned in the previous part of this API testing tutorial.
  • Provide an input by filling just the bare minimum of the required fields and by also filling all the fields.

Negative test cases:

  • When the expected output does not exist, make sure the API responds appropriately.
  • Conduct an input validation test.
  • Use different levels of authorization to test the API’s behavior.

Automating the tool:

Using automation as much as feasible and as early as possible in the API testing process is very crucial as it can save a lot of time. It also makes it possible to save the test execution history. Since API testing is considered black-box testing, automation should be used extensively in order to maximize test coverage. It should also be conducted at an early stage of the SDLC.

API Testing Tools:

When running an API test, developers may either design their own framework or utilize one of several ready-to-use API testing solutions. API testing tools provide user-friendly interfaces with low coding requirements, making it possible for less-experienced engineers to deploy tests. So next up in our API testing tutorial, we’re going to take a look at the most useful API testing tools. Being a pioneer API testing Service provider, we always prefer to use open-source tools and have suggested the same here too.


SoapUI is one of the world’s most popular API testing tools that is designed to verify API functioning in both SOAP & REST APIs and web services as well. It is a great choice if you’re looking for an easy-to-use and fast tool to build & run automated functional, regression, and load tests.

Apache JMeter:

The Apache JMeter is a great open-source option that can be used to perform load testing for your API and see how well it performs at different load conditions. Though it was initially developed with the focus of testing web applications, its scope of usage has now widened.


Apigee is an API development and management platform that can be used as an API performance testing tool as well. It has an intuitive UI that works well for both technical and non-technical users. But what makes Apigee great is that it provides security, rate limiting, analytics, and so on by fronting the backend service with a proxy layer.

REST Assured:

As the name suggests, REST Assured is an API Testing tool that can be employed to test REST APIs. Like Apache, REST Assured is also a Java-specific tool and its biggest advantage is that it supports Behavior-Driven Development (BDD) syntaxes.

Swagger UI:

Swagger UI is also an open-source program that allows users to see and interact with the API’s resources without requiring any implementation logic. It simplifies the testing process by generating a web page that lists the APIs that have been used.


It is an end-to-end solution that enables users to perform API testing , verification, and automation. You can quickly explore, debug, & test your APIs and even design complicated API requests in HTTP, REST, SOAP, GraphQL, & WebSockets.


Katalon is a great choice if you are looking to improve your test coverage. It is also highly dependable as it follows the Data-Driven test approach. Despite being an open-source tool, it can be used in projects of all sizes all thanks to its productivity-focused features and user-friendly UI.

Types of Bugs in API Testing

It goes without saying that any type of testing would reveal the numerous bugs in a product. So we are now going to see the most commonly found bugs in our API testing tutorial to help you get an idea of what to expect when performing those steps.

  • Fails to effectively handle the incorrect conditions.
  • Overlooking the flags that have never been used before.
  • Duplicated or missing functionality.
  • It faces issues with Reliability Connecting to API and receiving a response is difficult.
  • Security Concerns
  • Bugs that arise due to multithreading.
  • Performance issues such as API response time.
  • Incorrect errors/warnings being sent out.
  • Inability to handle valid argument values.
  • The data in the response isn’t organised properly (JSON or XML).

Challenges of API Testing

Like every other type of software testing, API testing also has its own share of challenges.

1. When it comes to Web API testing, the 3 most common issues are parameter combinations, parameter selection, and call sequencing.

2. Since it is a black-box type of testing, the lack of a GUI makes it impossible to provide input values during the testing process.

3. API testing is also a little difficult for testers to validate and verify the results in a separate system.

4. The necessity to test the exception handling function is also a challenge.


Since the business logic layer is represented by a set of classes, functions, and methods in an API, it goes without saying that API testing plays a very crucial part in ensuring a product’s success. And you will need to use the correct testing methodology and tools to ensure the best results. We hope this API testing tutorial has provided you with a systematic approach and a lot of useful insights about API testing as well. Being a top Quality assurance company, we will be posting more insightful content in the future and highly recommend you to subscribe to our newsletter to make the most of it.

The Complete Guide to Perform Manual REST API Testing Using Postman

The Complete Guide to Perform Manual REST API Testing Using Postman

Postman is one of the most popular software testing tools which is used for API testing. Postman is widely used by both software testers and developers for testing as it is easy to integrate with Continuous Integration (CI) & Continuous Development Pipelines. Postman sends an API request to the webserver and receives the response. As one of the leading QA companies, we have been doing our manual Rest API testing using Postman whenever it was deemed necessary. So if you are someone who is looking for a complete guide that explains everything from what is REST API to how it works to how it can be manually tested using Postman, you will definitely find this blog useful.

API (Application Programming Interface)

An API is a set of defined rules that enables computers or applications to communicate with one another. APIs sit between an application and the webserver and acts as an intermediary that processes data transfer between systems.

What is REST API?

  • REST API (Representational State Transfer Application Program Interface) is an architectural style that allows the software to communicate with other software on the same device or over a network.
  • REST APIs communicate via HTTP requests to perform standard database functions like creating, reading, updating, and even deleting records (also known as CRUD) within a resource.


These are the major reasons as to why we choose REST API over the other options. REST API is

1. Easy to Learn & Implement

2. Easy to Build & Maintain

3. Scalable

4. Cacheable

5. Flexible and Portable

How does REST APIs work?

As stated earlier, REST APIs use HTTP requests for their communication. HTTP works as a request-response protocol between a client and server and enables client-to-server communication. For example, your web browser can be considered as the client, and the application on the computer that hosts the website can be termed as the server. So if your browser (client) submits an HTTP request to the server, the server will return a response that contains the status information of the request and the requested content if any were requested.

Common HTTP methods (CRUD commands) used in REST API:

Most of these commands have very straightforward names that make them self-explanatory. So once you have been introduced to them, it will be very easy for you to remember.

  • GET – The GET method can be used to extract information from the given server using a given URI. It is worth noting that when you use the GET request, it should only extract the data and not have any other effect on the data. So no Payload/Body is required.
  • POST – As the name suggests, a POST request is used to send data to the server. Data like customer information, files, and so on can be sent using HTML forms.

  • PUT – Using PUT, you will be able to replace all the current representations of the target resource with the uploaded content.
  • DELETE – It can be used to remove all the current representations of the target resource given by a URI.

There are other CRUD commands like patch, copy, and so on as well. So once you are thorough with these basics, you can explore them.

API Contract

We have seen the basics of REST API that you will need to know. There are also a few basics of Postman that you should be familiar with. But before we can move forward, we have to explore a few aspects of the API contract as you’d have to know the following information to perform manual REST API testing using Postman.


It is the address where the API is hosted on the Server. An End Point Request URL can be constructed as below
Base URL/resource/(Query/Path)Parameters


They represent the API/Collection that can be accessed from the Server. We have listed a few common examples below to help you understand better.


Here maps, search and images are the resources of which is the Base URL.

Path Parameters:

Path parameters are the variable parts of a URL path. They are generally used to point to a specific resource within a collection in the same way how a user is identified by ID.

Example for Path Parameters:


Here 1123343, and 112 are the parameters

Query Parameters:

Query Parameters are primarily used to sort or filter the resources. They can be identified with ”?” (A Question Mark). You’ll be able to identify them once you see a few examples.


Here orders and search are your resources and they are sorted and filtered by the query parameter that is followed by the “?”.


Headers represent the meta-data associated with the API request and its response. In layman’s terms, it will be used to send additional details to the API for processing our request. An example of it would be the authorization details.

Sample API Contract for Basic CRUD commands:

Apart from these values, we would also have to know about the HTTP method in use, the body, content types of the parameter and response (either Application or JSON), and also the response value. You will get a clear idea of these aspects when we see a few examples.

1. Request to Log in – Successful


Base URL:

Request : /api/login

Request Type: POST

Body :

    "email": "[email protected]",
    "password": "cityslicka"

Parameter Content Type: application/json


Response Content Type: application/json

Response Code : 200

Description : OK

Response Value :

    "token": "QpwL5tke4Pnpja7X4"
2. Request to Get a List of Users


Base URL:

Request: /api/users

Request Type: GET


Response Content Type: application/json

Response Code : 200

Description : OK

Response Value :

    "page": 1,
    "per_page": 6,
    "total": 12,
    "total_pages": 2,
    "data": [
            "id": 1,
            "email": "[email protected]",
            "first_name": "George",
            "last_name": "Bluth",
            "avatar": ""
            "id": 2,
            "email": "[email protected]",
            "first_name": "Janet",
            "last_name": "Weaver",
            "avatar": ""
            "id": 3,
            "email": "[email protected]",
            "first_name": "Emma",
            "last_name": "Wong",
            "avatar": ""
            "id": 4,
            "email": "[email protected]",
            "first_name": "Eve",
            "last_name": "Holt",
            "avatar": ""
            "id": 5,
            "email": "[email protected]",
            "first_name": "Charles",
            "last_name": "Morris",
            "avatar": ""
            "id": 6,
            "email": "[email protected]",
            "first_name": "Tracey",
            "last_name": "Ramos",
            "avatar": ""
    "support": {
        "url": "",
        "text": "To keep ReqRes free, contributions towards server costs are appreciated!"
3. Request to update user Information


Base URL:

Request : /api/users/{{User_ID}}


Request Type: PUT

Body :

    "name": "morpheus",
    "job": "zion resident"

Parameter Content Type: application/json


Response Content Type: application/json

Response Code : 200

Description : OK

Response Value :

    "name": "morpheus",
    "job": "zion resident",
    "updatedAt": "2021-10-05T19:20:33.979Z"
4. Request to Get a List of Users


Base URL:

Request : /api/users/{{User_ID}}


Request Type: DELETE


Response Content Type: application/json

Response Code : 204

Description : OK

Response Value :[]

Now that we have fully covered all the prerequisites when it comes to REST API, let’s see why we use test REST APIs and explore a few other prerequisites that will be required to perform Rest API testing using Postman.

Why Postman tool?

Postman is a simple GUI for sending HTTP requests and viewing its responses. It is built upon an extensive set of power tools, which are incredibly easy to use. Postman helps you perform a variety of functions and has a lot of useful functionalities as well.

  • Since Postman is accessible from anywhere, you have to just install it into the device and access it by logging into the account.
  • Your test suites will be more organized as Postman allows users to build collections for their API calls. Every set can create multiple requests and subfolders.
  • Using Postman, you’ll be able to test checkpoints with the verification of the successful HTTP response status that will be added to every API call.
  • Automation Testing becomes easier as several iterations of the tests can be performed by using the Collection Runner or Newman. So you can save a lot of time when performing repetitive tests.
  • As Postman makes it easy to create environments, you can design multiple environments and reduce the replication of tests as you’ll be able to use the same collection for a different setting.
  • The postman console helps to track what data is being retrieved makes it possible to effectively debug the tests.
  • The scope for collaboration is also high as you can import or export your collections & environments and share those files. You can also use a direct connection to share the collections.
  • Postman supports continuous integration as well.
  • You can use Postman by either downloading & installing their application or use their web version. It is a good option to have as both offer great performance.

How to create API requests in Postman

Learning how to create API requests is an integral part of learning how to perform manual REST API Testing using Postman. You will need to know more about the following 2 features to create an API request.

  • Workspace
  • Collections
Workspace in Postman:

Postman Workspaces acts as a common working area where you can group your API projects together and use API builder to define APIs or generate API elements. So they are helpful in organizing your API work better and collaborating with your teammates as well. Now let’s see how to create one.

Creating a Workspace in Postman:

Click on the Workspace dropdown in the header -> New Workspace -> WorkSpaceName (Type any workspace name you wish) -> Create Workspace.

Creating Workspace in Postman

Collections in Postman:
  • Postman Collections are Executable API Descriptions Postman’s collection folders make it easy to keep your API requests and elements organized.
  • Generate Collections from API schemas Generate a collection from an API schema to view and edit each request.
    Creating Collections in Postman:

Click on File -> New -> Collection -> CollectionName (Assign a Collection Name as you wish)


Click Collection -> Create Collection Icon (+) -> CollectionName (Enter a Collection Name of your wish)

Creating Collections in Rest API testing using Postman

For testing the CRUD commands, we are going to use the information which is present in the above mention API contract.

Testing POST Request to Log in – Successful:

To make a POST request, click on the More option icon (…) -> Add Request -> Login User

Testing POST request to log in

1. From the Dropdown select POST

2. In the “Enter request URL” text box, type the following (URL):

3. Click on Body Tab, select the ‘Raw’ radio button, and then the JSON format from the dropdown list.

4. In the text box, paste the Login Credentials:

 "email": "eve.hol[email protected]",
 "password": "cityslicka

5. Click on the Send button

6. You should be able to see the below response:

Testing POST request response in Rest API Testing using Postman

7. Also, make sure to check for the correct status code here. In this case, you should get: ‘Status: 200’ as shown in the image below.

Correct Status Code in the response

Testing GET Request to Get the List of Users:

To make a GET request, you have to click on the More options icon (…) -> Add Request -> Request to Get List of Users (Assign any requested name you wish)

1. From the Dropdown list, select GET

2. Type the mentioned URL ( in the “Enter request URL” text box.

3. Click on the Send button.

4. You’ll be able to see the below response:

Testing GET request response in Rest API Testing using Postman

5. Once again, check for the status code and see if it is ‘Status: 200’.

Correct Status Code in the GET response

Testing PUT Request to update user Information:

Same as above, you have to click on the More option Icon(…) ->Add Request -> Request to Update user Information (Enter any request name of your choice)

1. Click on ‘PUT’ from the dropdown list.

2. In the “Enter request URL” text box that appears, type this URL:

3. Click on the ‘Body’ Tab, select the ‘Raw’ radio button, and then choose the JSON format from the dropdown.

4. Paste the Login Credentials in the text box:

    "name": "morpheus",
    "job": "zion resident"

5. Click on the ‘Send’ button

6. You will see the below response:

Testing PUT request response in Rest API Testing using Postman

7. Check if the status is shown as ‘200 OK’.

Correct Status Code in the PUT response

Testing DELETE Request to Remove Users from Database

Click on the More option Icon (…) -> Add Request -> Request to Get the list of Users (Enter any request name you wish)

1. From the Dropdown list of options, select ‘DELETE’.

2. Type this URL in the “Enter request URL” text box.

3. Click on the ‘Send’ button

4. Check is you see the below response:

Testing DELETE request response in Rest API Testing using Postman

5. Check if ‘Status: 200 OK’ is visible as shown in the image below.

Correct Status Code in the DELETE response


It is evident that the steps we saw for each request were almost identical to each other. So by now, you should have no trouble in performing Rest API testing using Postman in an effective way to ensure high quality. As a leading manual testing services provider, we have often used Postman for our manual testing projects. But Postman can also be used for automation testing with the help of Test scripts.

A Wall-to-Wall Postman Guide for API Testing

A Wall-to-Wall Postman Guide for API Testing

Postman is an API (Application Programming Interface) development tool that allows users to perform GET, POST, PUT, DELETE, and many other requests to the web service API. Postman allows you to manually test your APIs in both its desktop and web-based applications. However, it also has the ability to automate these tests by writing JavaScript assertions on your API endpoints. As one of the best QA companies, we always thrive on using the best tools for our projects, and Postman has become one of our go-to tools when it comes to API testing. So in this Postman Guide, we will be exploring how to perform the above said requests like Post, Request, and so on. But before we proceed further, let’s have a brief introduction to API testing.

What is API Testing?

API testing is a type of software testing where application programming interfaces (APIs) are tested to determine if they meet the expected functionality, reliability, performance, and security levels. It only concentrates on the business logic layer of the software architecture.

API Testing - Postman Guide

Some of the important components in Postman

  • Pre-Request Script:

Users will be able to write a script to manipulate the data being sent with the request. The pre-request script will run before the request is sent.

  • Tests:

This is the test editor where the users can configure the test cases that are being validated once the request has been fulfilled.

  • Environment:

The environment in postman is a set of key-value pairs which is used to set dynamic values.

  • Collections:

A group of requests will be displayed under collections, and it can be used to organize and keep track of related requests.

Postman Guide to create & run the First API Request:

First and foremost, we have to create a new workspace and click on the New option under ‘File’, and then select ‘Request’.

Creating API request and running in Postman Guide

Enter the name as ‘GET Request’ and then click on + NEW COLLECTION. Following which we will be able to assign a suitable name for the collection.

Once we click on Save, the collection name will be displayed with your API in it. Now that we have prepped everything, let’s make the first API call by following the below steps,

We have to enter the URL in the address bar and click on the ‘Send’ button to see the response.

The response will include details such as the status code, time, size, headers, and cookies alongside the Body.

Response Image

Status Code

So if you take a look at the above image, the HTTP status code is shown to be “200 OK”, which means that everything has worked as expected and that our request is successful.


Right beside the status code, we can see that the time taken to complete the request is 509 ms.


The other available parameter is the size of the requested data, we can see that size is mentioned to be 1.92 KB in the above image.

Note:If we hover the mouse over the time and response values, we will be able to view more details

To save this response, we can simply click on the ‘Save Response’ option.

As stated above, we can also see the body, which is an HTML file in the image. Clicking on the ‘Preview’ option under the body will enable us to view the body in HTML format.

We can click on ‘Cookies’ to view the session-related information and on ‘Headers’ to view other details such as date, content type details, etc.

So by following the above instructions, we have successfully made our first request! Now let’s find out how to send a post request in Postman.

Postman Guide to send a Post Request:

Post is one of the HTTP methods that can be used to add new resources like a webpage and so on. So if we want to create and add a new user to the database, we can utilize the Post request. Likewise, we can also use Post requests for form submissions, authentication requests, and so on.

Let’s see how Post request works:

In Postman, we have an endpoint that responds back whenever we send a request. So, now we are going to send a particular key-value pair in the JSON format to a server.

First, we have to set the HTTP Method to POST.

Next, we have to mention the URL in the address bar.

In the Body tab of the request editor, we should select the ‘Raw’ option and then select JSON from the dropdown list.

We have chosen Raw with JSON as it is one of the most commonly used Post Requests.

So enter the REQUEST in the Body and click on ‘Send’.

Post Request working - Postman Guide

We can see that the user has been created in the above image. In addition to that, we also have the same type of information that we saw earlier that includes status code, time, and so on.

But this time around, we have the status code displayed as 201, which implies that the request has been created.
Click on ‘Save’ to save this request.

‘POST REQUEST’ can be used to add a set of data into the server database. But it is crucial to make sure that the fields are filled with the correct data type, as any incorrect data will result in a 400 Bad Request.

Postman Guide to send a DELETE Request:

Previously, we saw how to send a post request in which we created a user and sent a body. Now let’s see how we can delete a request in Postman. We can use the DELETE HTTP Method to delete an existing record of a user in a database. The expected response in the Status for this is 204.

So primarily, we would have to set the HTTP Method to DELETE, then mention the URL in the address bar, and also mention the final endpoint.

Once the above actions have been completed, we can go ahead and click on ‘Send’.

Expected Report

So as expected, we have the Status Code shown as 204, which denotes that the particular resource has been deleted.

But what if the user has some additional parameters? We can pass query parameters and add them to the body section for deleting those resources as well.


Collections are nothing but a group of requests grouped into a folder. The simplest example of this would be the way we organize the files on our computers or mobile phones. Let’s say we have multiple files of different formats like text files, audio files, video files, etc. We most probably would create new folders and segregate all the files based on their format.

In the same way, we can create different groups using POSTMAN, and each group can have its own type of request. In addition to having the option to create a collection, we will also be able to share this collection with the team members and encourage healthy collaboration. The other advantage is that since we can share the collection, we will also be able to perform various actions like assigning roles, documentation, mock servers, monitors, etc.

Postman Guide to create a collection:

Now that we have seen the purpose of collection, let’s find out how to create one by making use of the following steps.

Click on the ‘New‘ option, then click on ‘Collection’, and enter the Collection Name. We will be able to click on ‘Create’ once we have also added the description of the collection.

How to create a collection - Postman Guide

Now we can see that we have several options like Run, Share, and so on displayed.

Here we can click on ‘Add Requests’, or replace any existing requests.

Once we click on ‘Run’, a new window will be opened, enabling us to run the collection by clicking on ‘Run My Collection’.

So now we are able to see results for all the requests under the collection, making it evident that we can save an ample amount of time by running multiple requests at a time.

Results of Collection reports

We can click on the ‘Run Again’ option to rerun the collection. Following this, we can click on ‘Export Results’ to export the results as a JSON file. If you take a look at the below image, we can understand that it can be downloaded as well.

Exporting Results in Postman Guide

Different features of collections

• We can add the collections to favorites.

• It helps users share & assign the roles, create fork & pull requests, and also merge changes.

• We can create a duplicate of collections and export them.

Environment in Postman

It is very important to create distinct environments where one is dedicated for testing, one for development, and another for production. An environment is nothing but a set of variables or key-value pairs which we can be used in our requests. We can also change the value of the variables to pass the data between requests and tests. But how we do create an Environment? Let’s find out.

Postman Guide to create an Environment:

1. First, we have to click on the ‘Environments’ option.

2. Then we have to click on the ‘Add’ icon.

3. We can now enter the Environment name.

4. Followed by which we can enter the variable name to use it with the request.

The initial value is shared with your team when you share the variable in a collection as it will be shared with the collaborators who have access to the environment.

How to create an environment

The current value is always used when a request is sent as they are never synced to Postman’s servers. If left untouched, the current value will automatically be assumed as the initial value.

Click on ‘Add’ to create the environment. Once the environment has been created, users can share, copy or even download them if needed.

Global variables in Postman

Global variables allow users to access data between collections, requests, test scripts, and environments. Global variables are not dependent on any environment, making them available for all the requests. They are available throughout the workspace. But on contrary, local variables are available only in particular environments.

When to use Global and Local Variables

When we have multiple key-value pairs which do not depend on any environment, we can make them a Global variable.

Local variables can be used when we have key-value pairs which will change or differ between the environments.


We hope you have enjoyed reading our Postman Guide for API Testing, as Postman is an effective tool when it comes to API testing. We have just seen the tip of the iceberg here, as these are the most important and basic functionalities every tester must know. As a leading test automation company, we have used Postman in various projects and have always been pleased with its performance. So one can always explore the many more useful functionalities that Postman has to enhance their API testing skills.

What Is API Testing?

What Is API Testing?

Once individuals understand and profoundly comprehend API testing, they, in a significant endeavor, can unlock the power to formulate an effective testing strategy. In software development, an Application Program Interface (API) is a communication method in which various applications correspond with each other using a common language. It is often referred to as a contract. Examples of API include swagger for RESTful services, WSDL for SOAP services, and interface language in databases, i.e., SQL. API works similar to UI. Much like how UI allows users to communicate with an application, APIs enable machines to interact with each other efficiently.

What is API testing?

API testing is undertaken by testers and developers to gauge the reliability of the software. In the absence of API testing, developers will be stuck with manual testing programs, waiting until the entire application is stacked with a functional UI to begin their assessment. In this article, we have further explained how to write manual test cases for API testing.

How can you undertake API testing?

The best way to approach an API is to start from the bottom and work your way to the top, and to this end, a fantastic way to formulate a test strategy is to refer to Martin Fowler’s testing pyramid. The pyramid approach facilitates individuals to undertake an array of API tests (for example, contact, scenario, performance, etc.) with a comprehensive understanding to assume unit tests followed by UI tests. API tests allow developers to examine an application logically at a level that unit tests cannot provide.

Contract Tests

The most primary API test is the contract test, which assesses the condition of the contract itself. The contract illustrates how to interact with the interface, services available, and how a user can activate them. It serves as a communication channel, and if there is a flaw in the contract, nothing else in the application matters otherwise. Contract tests validate the legitimacy of the code and work a series of tests that can authorize that:

  • The service contract is formulated as per the specifications
  • Semantic correction (schema validation) of message request and response
  • Tests the validity of the endpoint (HTTP, MQ/JMS Topic/Queue, etc.)
  • Ascertains whether the contract has undergone any alterations upon running

Component Tests

Component tests can be categorized as unit tests for the API. Similar to unit tests, component tests too pick individual cases and check them under isolated settings. You can formulate component tests by creating a test step for each method or resource that is available in the service contract list. The most convenient mode to do is to consume the list and let the service contract establish clients.

You can then data-validate each individual test case with positive and negative outcomes to authenticate that the responses that are obtained as results have the following characteristics:

  • Ensure that the request payload is constructed comprehensively (schema validation)
  • Verify that the response payload is well-built (schema validation)
  • The response status turns out to be as anticipated (200 OK, SQL result set returned, or even an error if that’s what you are looking for)
  • The response error payloads involve correct error messages
  • The service responds within an appropriate timeframe.
  • Individuals must ascertain that the response obtained must match the expected baseline. It can take two forms:

Regression/diff- The process is a fantastic catalyst in identifying API change. During this procedure, the payload response looks precisely the same as you jump from call to call. It is also referred to as the top-down approach, where all you need to is take a snapshot of the response and verify it accordingly.

Assertion- The distinctive elements in the response status match your expectations (it is a surgical, more tightened approach that is targeted at finding a specific value in the output process)

The individual tests are essential assessment criteria since subsequent leveraging of the verification will be based upon it. What is the need to build individual test cases when you refer to API test calls at any time? It not only promotes consistency and efficiency but also simplifies the process to approach API.

Scenario Checks

Scenario testing attributes to the conditions one can concoct in their heads while they are API testing. In this testing strategy, you can assemble distinctive components and make them undergo a sequence of tests. Moreover, there are two comprehensive techniques for obtaining an immaculate series:

  • Evaluate the user story to know the individual API calls that are system is making.
  • Test the UI and apprehend the traffic being made to the underlying APIs.

Scenario tests allow individuals to understand if flaws might be induced by combining various data points together. An enormous benefit of scenario testing is the ability to authenticate expected behavior when your APIs are utilized in a manner that you did not expect.

When you carry forward a release on an API, you provide a series of building blocks to the world. You may have laid down the techniques for amalgamating these blocks together, but sometimes clients have unrealistic desires. However, in a vague attempt to achieve those standards, they can unexpectedly combine APIs that can expose your application to potential defects. Consequently, to safeguard your work against this, you may want to formulate n number of scenario tests with different combinations and sets of APIs to bulletproof your application against critical breakdown or potential flaws.


Formulating an automated API testing strategy is by far the best way to secure your application from potential malfunctioning or abrupt collapse. API testing can allow you to build a framework to identify threats and flaws in every layer. It would further make your application more transparent to your clients.