API testing using POSTMAN
The API Testing is performed for the application, which has a collection of API that must be tested. API calls verify functionality and expose failure of application.
API testing is strongly connected with Back-end/Database testing, you may have brief knowledge of SQL queries. (That would be an advantage )
Why Back-end /Database ?
For API testing, you may not aware about GUI of application. So DB is only the way to cross-check, you are doing right or wrong.
(As we cross-check with database, if you know basic sql queries ( SELECT, UPDATE, ALTER, DELETE ) that would be advantage to use POSTMAN, you can refer http://www.w3schools.com/sql/ it)
API Architecture
API calls Collection include mainly three things:
How to Install POSTMAN ?
POSTMAN is very easy to use, but API testing is very tricky when your application is complex. Application provide you collection of API calls, you have to follow that collection of API callls for API testing of your application.
When you open POSTMAN, It looks like :
How POSTMAN works:
Select API call (GET/PUT/POST/DELETE)
Set Authorization, Header, Body information accordingly your API call :
Then, You can click on send to perform your API call.
How to set Environment Variable in POSTMAN ?
From Top-Right corner you can set environments variable.
Example : If want to check on local env. , Dev env. OR QA env. Even you can set accordingly your various projects as well.
It is very easy to set environment variable.
Steps to set environment variable.
Https://8081:lmdemo/group_1/api…
Here, I am considering it is a QA environment.
Name Of Environment = QA
Key = urlQA and value = 8081:lmdemo/group_1/
Whenever, I want to use this environment, I just select QA from top corner.
And here we have to use …
Https://{{urlQA}}/api For any API calls
Add Collection:
You can add Each API call in collection and create a collection.
That will be reusable for application.
You can import collection of others.
You can export your collection, others can use it on their machine as well.
Example
We can take a simple example from Google API’s.
For more practice you can find API call from here.
https://console.developers.google.com/project/609424378919/apiui/apiview/geocoding_backend/overview
Geocoding API (GET call )
Geocoding is the process of converting addresses (like "1600 Amphitheatre Parkway, Mountain View, CA") into geographic coordinates (like latitude 37.423021 and longitude -122.083739), which you can use to place markers or position the map. The Google Geocoding API provides a direct way to access a geo coder via an HTTP request. Additionally, the service allows you to perform the converse operation (turning coordinates into addresses); this process is known as "reverse geocoding."
Pass this in URL ( GET call)
https://maps.googleapis.com/maps/api/geocode/json?address=122+Flinders+St,+Darlinghurst,+NSW,+Australia&sensor=false&key=AIzaSyCm_rpUy1DEjf347bYZIveccGPpqs83lSw
My google api key=AIzaSyCm_rpUy1DEjf347bYZIveccGPpqs83lSw.
It is different for others.
Change it before you try this call.
In response:
It shows Latitude and longitude of your passed location.
Normally, We have to pass authorization in header for call ( if it is in your project requirement )
GET call – There is no request body for GET call.
PUT/POST/DELETE call - There is no request body for PUT/POST/DELET call.
No worries, You have API collection (API architecture) when you implement for your project. In API architecture, required information for calls would be there, which makes more sense to you.
API testing is strongly connected with Back-end/Database testing, you may have brief knowledge of SQL queries. (That would be an advantage )
Why Back-end /Database ?
For API testing, you may not aware about GUI of application. So DB is only the way to cross-check, you are doing right or wrong.
(As we cross-check with database, if you know basic sql queries ( SELECT, UPDATE, ALTER, DELETE ) that would be advantage to use POSTMAN, you can refer http://www.w3schools.com/sql/ it)
API Architecture
API calls Collection include mainly three things:
- HTTP headers
- HTTP Request (POST,GET,PUT,DELETE )
- Status Code/ Response Code
- HTTP headers - HTTP headers are always depended on your application, Mainly two:
- Authorization - A token included with requests to identify the requester. This header has to be included in all requests other than the login request.
- Content-Type - A standard MIME type describes the format of object data.
Content –type in most of the requests and responses will be application/json.
- HTTP Request - There are mainly four request, which we used frequently: DATA =
- POST - Create Or Update data
- PUT - Update data
- GET - Retrieve data
- DELETE – Delete data
- Status Code/Response Code - There are many status/response code, from them we can verify the response.
- 200 - OK, The request was successful.
- 201 - Created, The request was successful and data was created.
- 204 - No Content, The response is empty.
- 400 - Bad Request, The request could not be understood or was missing required parameters.
- 401 – Unauthorized, Authentication failed or user does not have permissions for the requested operation.
- 403 - Forbidden, Access denied.
- 404 - Not Found, Data was not found.
- 405 - Method Not Allowed, Requested method is not supported for the specified resource.
- 500 - Internal Server Error.
- 503 - Service Unavailable, The service is temporary unavailable.
How to Install POSTMAN ?
- Open a Google chrome
- Click on : https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en
- Launch app
POSTMAN is very easy to use, but API testing is very tricky when your application is complex. Application provide you collection of API calls, you have to follow that collection of API callls for API testing of your application.
When you open POSTMAN, It looks like :
How POSTMAN works:
Select API call (GET/PUT/POST/DELETE)
Set Authorization, Header, Body information accordingly your API call :
Then, You can click on send to perform your API call.
How to set Environment Variable in POSTMAN ?
From Top-Right corner you can set environments variable.
Example : If want to check on local env. , Dev env. OR QA env. Even you can set accordingly your various projects as well.
It is very easy to set environment variable.
Steps to set environment variable.
- Click on Manage Environment.
- Click on ADD
- Write down the Name of Environment.
- Fill key & value, You can pass key = variable and value is your host IP address.
Https://8081:lmdemo/group_1/api…
Here, I am considering it is a QA environment.
Name Of Environment = QA
Key = urlQA and value = 8081:lmdemo/group_1/
Whenever, I want to use this environment, I just select QA from top corner.
And here we have to use …
Https://{{urlQA}}/api For any API calls
Add Collection:
You can add Each API call in collection and create a collection.
That will be reusable for application.
You can import collection of others.
You can export your collection, others can use it on their machine as well.
Example
We can take a simple example from Google API’s.
For more practice you can find API call from here.
https://console.developers.google.com/project/609424378919/apiui/apiview/geocoding_backend/overview
Geocoding API (GET call )
Geocoding is the process of converting addresses (like "1600 Amphitheatre Parkway, Mountain View, CA") into geographic coordinates (like latitude 37.423021 and longitude -122.083739), which you can use to place markers or position the map. The Google Geocoding API provides a direct way to access a geo coder via an HTTP request. Additionally, the service allows you to perform the converse operation (turning coordinates into addresses); this process is known as "reverse geocoding."
Pass this in URL ( GET call)
https://maps.googleapis.com/maps/api/geocode/json?address=122+Flinders+St,+Darlinghurst,+NSW,+Australia&sensor=false&key=AIzaSyCm_rpUy1DEjf347bYZIveccGPpqs83lSw
My google api key=AIzaSyCm_rpUy1DEjf347bYZIveccGPpqs83lSw.
It is different for others.
Change it before you try this call.
In response:
It shows Latitude and longitude of your passed location.
Normally, We have to pass authorization in header for call ( if it is in your project requirement )
GET call – There is no request body for GET call.
PUT/POST/DELETE call - There is no request body for PUT/POST/DELET call.
No worries, You have API collection (API architecture) when you implement for your project. In API architecture, required information for calls would be there, which makes more sense to you.