Say Hi

Postman API Testing Guide

2023-01-02

Postman is a powerful tool for testing and documenting APIs. This guide walks you through setting up Postman, authenticating requests, and testing common API endpoints with detailed examples.

Prerequisites

Before you begin, ensure you have:

  1. Postman installed (Download here)
  2. An API to test (with authentication details)
  3. Basic understanding of HTTP requests (GET, POST, PUT, DELETE)

Step 1: Set Up Postman

  1. Install and launch Postman.
  2. Create a new Collection to organize your API requests.
  3. Give the collection a descriptive name (e.g., Leave Management API).
  4. Optionally, set up environments (e.g., Development, Staging, Production) to manage base URLs and tokens dynamically.

Step 2: Obtain an Authentication Token

Most APIs require authentication. Here we’ll obtain a Bearer Token using a login endpoint.

  1. Create a new POST request.
  2. Set the URL to your login endpoint, e.g.:
http://yourapiurl/api/login
  1. Go to the Body tab → select raw → choose JSON.
  2. Provide your credentials:
{
    "email": "user@example.com",
    "password": "password"
}
  1. Click Send.
  2. Copy the access token from the JSON response.

✅ Tip: Save the token in an Environment Variable (e.g., {token}) for reusability.

Step 3: Test the Index Endpoint (GET)

  1. Create a new GET request.
  2. Set the URL to your index endpoint, e.g.:
http://yourapiurl/api/leaves
  1. Go to the Headers tab and add:
Key: Authorization
Value: Bearer YOUR_ACCESS_TOKEN
  1. Replace YOUR_ACCESS_TOKEN with the token from Step 2.
  2. Click Send.

If successful, you should see a JSON response with a list of leaves.

Step 4: Test the Create Endpoint (POST)

  1. Create a new POST request.
  2. Set the URL to your create endpoint, e.g.:
http://yourapiurl/api/leaves
  1. Add Authorization Header:
Key: Authorization
Value: Bearer YOUR_ACCESS_TOKEN
  1. Go to the Body tab → select raw → choose JSON.
  2. Provide the payload. For example:
{
    "employee_id": 1,
    "leave_type_id": 2,
    "start_date": "2024-08-01",
    "end_date": "2024-08-05",
    "reason": "Family event"
}
  1. Click Send.

You should see a JSON response confirming the leave creation.

Step 5: Example Postman Configuration

Here’s how your Postman setup should look:

  • Collection: Leave Management API
    • Request 1: Login (POST) → Saves token
    • Request 2: Leaves Index (GET) → Requires token
    • Request 3: Create Leave (POST) → Requires token

Best Practice: Store tokens in Postman Environments and reference them with {token} instead of pasting manually.

Additional Testing Scenarios

  • Update Request (PUT/PATCH)
    Test updating existing records with JSON payloads.

  • Delete Request (DELETE)
    Test deleting resources by ID.

  • Negative Testing
    Provide invalid data or omit required fields to verify error handling.

  • Automated Test Scripts
    Add JavaScript test snippets in Postman’s Tests tab to validate responses automatically, e.g.:

pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

pm.test("Response has token", function () {
    var jsonData = pm.response.json();
    pm.expect(jsonData).to.have.property("token");
});

Conclusion

By following this guide, you can use Postman to authenticate, test, and automate API requests.
This structured approach ensures:

  • Secure authentication with tokens
  • Organized request collections
  • Automated validation with Postman scripts
  • Clear separation of environments (Dev, Staging, Prod)

With these practices, you’ll have a reliable workflow for API testing and validation in any project.

Back to all posts