API Testing

API Testing

Mark March 2, 2021

These are my notes from this excellent course Postman Beginner’s Course – API Testing

It is not a replacement for this course, it is just my notes, more written information can be found here:-


I have used some of the notes from github below and I used Postman web to connect to the API –

Postman Web link – https://web.postman.co/home

My Notes …

First API request via Postman …

Workspace > Open a new Tab > Past in the API URL > Add “/status” at the end of the URL

Click the “send” button and it will return the status

It is worth noting at this moment we have sent a “GET” request

Postman collection – This allows you sate request to use later

we are storing the base address of the API in a collection variable called baseUrl

To change the variable, in the collect go to edit > Add Variables

The next section will get a list of the books, to use the “baseUrl” you will need to associate this to collection that has the variable defined “New Collection. Using the Get to get the full list.

In the query parameters you can search and bring back keys (type) with a certain value (fiction), not this will change the request URL (it has added books?type=fiction)

In the API documentation there are 2 “Optional query parameters …

List of books

GET /books

Returns a list of books

Optional query parameters:

  • type: fiction or non-fiction
  • limit: a number between 1 and 20.

So we can use the “limit” Parameter to limit the amount of responses

Path Variables

:bookId is a path variable in the URL and the endpoint allows you to specify a value that changes all the time, depending on the book. :bookId is just a placeholder and does not get sent, you can use path variables in combination with query parameters (if the API accepts this)

Lesson 10 – POST request / API Authentication

 POST request allows you to send data in the request body

  • the endpoint for submitting orders requires authentication
  • some APIs/endpoints are public and require no authentication
  • other APIs/endpoints are private are require authentication
  • an access token is temporary password generated by the API
  • to send JSON, select the POST request method and from the Body select Raw and from the list JSON

We are going to register for a token for the API client.

As long as the email and name have not previously registered you will receive an accessToken

We can now set this as a Variable for the token in the collection

When we try again we get another message …

To submit an order, check the documentation …

So to post the order we need to add some information on what we want to order, “bookId”: 1, … and the “customerName”: “John” … this is set in the body

If successful you will receive confirmation on the order and IT

We can use a random name, you can use a special type of Postman variables to generate random data, example: {{$randomFullName}} to inspect the request body you can use the Postman console (see the bottom)

To retrieve the orders, duplicate from the “order book” post request as the authentication is set

For a single order review the documentation

You can use the “PATCH” function to amend orders

You can confirm this has taken effect changing this back to a GET to confirm the person has a new last name.

If you need to Delete an order ….