API Testing Guidelines using Postman
1. Understand the API
Read the API documentation carefully. Identify the base URL, resource endpoints, request
types (GET, POST, PUT, DELETE), required headers (e.g., Content-Type, Authorization),
request payload and response schema, and the authentication mechanism (Bearer Token,
API Key, Basic Auth, etc.).
2. Basic Functional Testing
Verify each endpoint performs its intended function:
- GET: Fetch data correctly
- POST: Creates resource successfully
- PUT/PATCH: Updates data as expected
- DELETE: Deletes the resource properly
3. Use Environment and Collections
Create Postman Environments (Dev, Prod) with variables like base_url, token, etc. Organize
API requests into Collections with folders for each module or functionality.
4. Authentication Handling
Use Pre-request Scripts to fetch tokens dynamically (if applicable). Store tokens in
environment variables securely. Ensure token expiry is handled properly.
5. Data Validation
Validate response fields such as status code (e.g., 200, 201, 400, 401, 404), response body
structure and data types, and key-value pairs in the response payload.
6. Write Test Scripts
Use the Tests tab to write validation logic using JavaScript.
pm.test("Status code is 200", () => {
pm.response.to.have.status(200);
});
pm.test("Response has expected field", () => {
const res = pm.response.json();
pm.expect(res).to.have.property("id");
});
7. Negative Testing
Test with invalid inputs, missing fields, and unauthorized requests. Check for correct status
codes (400, 403, 422, etc.) and ensure no sensitive data is exposed in error messages.
�8. Automation & Collection Runs
Use Collection Runner to run all tests in batch. Use CSV/JSON files for data-driven tests.
Export test results in reports for review.
9. Performance & Response Checks
Measure response time and ensure SLAs (if defined) are respected (e.g., response < 2s).
10. Documentation and Naming Conventions
Clearly name each request and folder. Add meaningful descriptions. Document
prerequisites and expected results in each request.
Summary for Testers
Task Expectation
Setup Use environment & variables
Execution Use correct method, headers, and payload
Validation Status code, body, error response
Scripting Basic test scripts in the Tests tab
Reporting Export and share results with the team
