Testing APIs Using Postman

DZone 's Guide to

Testing APIs Using Postman

In this post, we introduce the topic of automated testing for APIs, and how to use Postman and Newman to easily test your RESTful APIs.

· Integration Zone ·
Free Resource

Postman is one of the most efficient applications for testing RESTful APIs. Most developers write a simple test and check the result of the REST API. That is fine for a few APIs, but if we have many APIs to test it is better to automate these test cases. This post is an introduction to automated testing using a simple API. There is command line version of Postman. It is called Newman. I will also cover the procedure to test using Newman.

This post covers:

  • Environment
  • Simple Test Scripts
  • Setting up Newman
  • Test Collections

Environment and Collections

In general, you should create one testing collection for each functional area, which may have many test cases. Then, you should create an environment for dev, test, sit, prod, etc., as each environment may have a different configuration.

Simple Test Scripts

For demonstration purposes, I created two test cases. The first is to get an OAuth2 token from my local server. The second is to validate the token. To validate the token, I will need to pass the token as query parameters. To copy and paste the token into the query parameters is not practical. In this case, I created an environment variable named access-token-password in the first test case. And pass this variable to the second test case as follows:


The syntax is self-explanatory.

The following are the details about the test script:

var jsonData = JSON.parse(responseBody);

postman.setGlobalVariable("access_token", jsonData.access_token);

postman.setEnvironmentVariable("access_token", jsonData.access_token, "OATH2");

postman.setEnvironmentVariable("access-token-password", jsonData.access_token, "OAUTH2");

tests["access_token is not null"] = jsonData.access_token !== null;

tests["token_type == bearer"] = jsonData.token_type === "bearer";

As you can see, the test script is in JavaScript. And the meanings of each line are self-explanatory as well. I set the environment variable access-token-password to the OAuth2 environment.

The following picture shows the collection, testing scripts, and the test case output:

To run the test for the collection, click the arrow, then run the test as shown in the following pictures

From the above pictures, we see that we can run the test cases with one click and verify if all the test cases are passed. However, this kind of testing is still very much manual. We need to automate the whole procedures automatically. For this purpose, we can use the command line version of Postman, namely, Newman.

Using Newman

In order to use Newman, we need to do three things:

  • Install Newman.
  • Export the collection.
  • Export the environment variables.

Install Newman

npm install newman --global;

Export Test Collection

Right-click the three dots beside the collection:

Then click Export --> Export. Save the file.

Export Environment Variables

Find the tool picture on the top-right of the GUI, find the collection, click the download button, as shown in the following picture:

In my case, for the purpose of this demo, I saved the two files in the Download directory.

-rw-------@  1 gl17  staff   3.4K Jan 27 12:34 oauth2-demo.postman_collection.json
-rw-------@  1 gl17  staff   653B Jan 27 12:35 OAUTH2.postman_environment.json

The following are the command lines:

gl17@GaryLiu17sMBP:~/Downloads$ newman run oauth2-demo.postman_collection.json  -e OAUTH2.postman_environment.json --insecure 


→ username&password
  POST https://localhost:8082/external/access_token?grant_type=password&username=max&password=mule [200 OK, 374B, 402ms]
  ✓  access_token is not null
  ✓  token_type == bearer

→ https://localhost:8082/external/validate?access_token=3URNgv-o3Tu9pP9WNfEhewlrBba7CsUfwJM1nZYYq8n7SlhxWq5E13wMy2ZeOcFx2q4edPSgG7u61Hg3_rFSpQ
  GET https://localhost:8082/external/validate?access_token=raJ1KXUBR4GfbVXNBFHNcAnNUQgQ34wcZ_jo0KODNdUmX4N4Th279THfZNPkCEmKQs2mOng9zcX97DMJtIsl-A [200 OK, 171B, 5ms]
  ✓  client_id is not null
  ✓  access-token-password is not null
  ✓  Status code is 200

│                         │ executed │   failed │
│              iterations │        1 │        0 │
│                requests │        2 │        0 │
│            test-scripts │        2 │        0 │
│      prerequest-scripts │        0 │        0 │
│              assertions │        5 │        0 │
│ total run duration: 529ms                     │
│ total data received: 345B (approx)            │
│ average response time: 203ms                  │

That is it all. Pretty simple and straight forward.

In this post, I have covered the following topics:

  • Procedures to test RESTful APIs using Postman and Newman utilities.
  • Simple syntax on how to write tests with JavaScript.
api testing, integration, newman, postman tutorial, restful api

Published at DZone with permission of Gary Liu , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}