Automation API Testing using Postman

Written By: Dishant Agnihotri

Last Updated: March 17, 2022

Preferred for Team: Backend

#How it works

API automation is designed to quickly test the custom-facing API without any manual work. To accomplish this, we set up a Postman collection which hits all the custom-facing API endpoints and runs a few tests on the response, checking first of all if the HTTP response code is 200 (OK) and some other basic details.

However, the main way we will run the collection is through a trigger in AWS Code Pipeline (api-dev).

A build project called PostmanAPITest is run after the development environment API code is deployed, which runs code to execute the postman collection with a tool called

newman⁠

⁠

#Monitoring

If you go to CodePipeline and look at api-dev, you can see whether the most recent run of the postman collection was successful or not.

It’s also easy to see when the automated api test fails in the alerts-deploy channel on slack

#Writing tests for each endpoint

You can write JavaScript directly into postman’s “Tests” tab, which is accessible via the UI

Probably the most basic test is to check HTTP status code of the response, syntax is like this and it should probably be on every endpoint’s tests.

NoneBashCSSCC#ElixirErlangGoGraphQLGroovyHaskellHTMLINIJavaJavaScriptJSONKotlinLispLuaMermaid DiagramObjective-COCamlPerlPHPPowershellPythonRubyRustScalaSQLSoliditySwiftTOMLTypeScriptVisual BasicYAMLZigCopy

pm.test("Status code is 200", function () {

pm.response.to.have.status(200);

});

You can also check fields on the response body, for example:

const responseJson = pm.response.json();

pm.test("Object field is set correctly", function () {

pm.expect(responseJson.object).to.include("client")

})

Official

examples⁠

with more variants are here.

#Collection Environment Variables

In many cases we want to store identifiers for newly created objects, for example the ID of a newly created client. Because postman tests are run sequentially, this allows subsequent tests to reference previously-defined environment variables for API requests, or for other reasons.

In order to do it we write the value using a command like such in the test tab

const responseJson = pm.response.json();

postman.setEnvironmentVariable("clientID", responseJson.id);

We should define all the Postman collection environment variables we want in this interface

#Scenarios to cover

400 - Bad request, validate request with invalid input is covered

403 - Permission denied, unauthenticated case is covered

404 - Not found, validate entity test for entity that does not exist or is unauthorised covered

test accessing entity that is in different portal

test accessing entity that does not exist (e.g. after delete)

200 for POST/PUT

base case test case - validate request passes with minimum required inputs

full test case - validate request with all inputs provided passes

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.