API Testing and Development with Postman - Second Edition

API Testing and Development with Postman - Second Edition

by Dave Westerveld
Released June 2024
Publisher(s): Packt Publishing
ISBN: 9781804617908

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Avoid common API coding pitfalls and make test automation effortless with Postman and the Newman CLI

Key Features

  • Learn the tenets of effective API testing and design with workflow testing and more
  • Gain an in-depth understanding of Postman’s new and existing features, including Mock Servers
  • Know when and how to use Postman to create high-quality APIs for software and web apps

Book Description

Postman is an invaluable tool for exploration and testing of web APIs and helping testers and developers figure out how an API works. With Postman, you can create effective test automation for any APIs, and this guide will help you unleash its full potential.

API Testing and Development with Postman is an invaluable resource for anyone who wants to create a good quality API, but isn't sure how to go about it. This guide will help you unleash the full potential of Postman’s test automation capabilities.

A combination of theory coupled with real-world examples will help you learn how to use Postman to create well-designed, documented, and tested APIs. After you’ve familiarized yourself with the theory, you’ll move on to hands-on projects that will teach you how to add test automation to an existing API. You’ll also learn some of the new and powerful features that Postman has that can help you avoid introducing bugs.

This second, fully updated edition features new chapters on workflow testing, creating and using mock servers, API security testing, and performance testing. The new and expanded information in this edition will help you future-proof your APIs.

By the end of this book, you'll be able to use Postman to set up and run API tests for any API that you are working with.

What you will learn

  • Find out what is involved in effective API testing
  • Leverage Postman to improve the quality of you API
  • Use data-driven testing in Postman to create scalable API tests
  • How to create and use a Mock Server in Postman
  • Verify and improve the quality of an API using contract testing
  • Understand the basic principles of security testing
  • Get to grips with functional and non-functional testing of an API
  • Discover how to use industry standards such as OpenAPI and mocking

Who this book is for

The book is for software testing professionals and software developers looking to improve product and API quality through API test automation. You’ll also find this book useful if you have a basic understanding of APIs and want to build your skills for creating, testing, and documenting them. The book assumes beginner-level knowledge of JavaScript and API development.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Get in touch
  2. API Terminology and Types
    1. What is an API?
    2. Types of API calls
    3. Installing Postman
      1. Starting Postman
      2. Setting up a request in Postman
      3. Saving a request
    4. The structure of an API request
      1. API endpoints
      2. API actions
      3. API parameters
        1. Request parameters
        2. Query parameters
      4. API headers
      5. API body
      6. API response
    5. Learning by doing – making API calls
      1. Setting up the test application
      2. Making a call to the test application
      3. A challenge
    6. Considerations for API testing
      1. Beginning with exploration
        1. Exploratory testing case study
      2. Looking for business problems
      3. Trying weird things
    7. Different types of APIs
      1. REST APIs
      2. SOAP APIs
        1. SOAP API example
      3. GraphQL APIs
      4. GraphQL API example
    8. Summary
  3. API Documentation and Design
    1. Technical requirements
    2. Start with the purpose
      1. Figuring out the purpose of an API
        1. Personas
        2. The why
        3. Try it out
    3. Creating usable APIs
      1. Usable API structure
      2. Good error messages
    4. Documenting your API
      1. Documenting with Postman
      2. Good practices for API documentation
      3. RESTful API Modeling Language
    5. API design example
      1. Case study – Designing an e-commerce API
        1. Defining the endpoints
        2. Defining the actions
        3. Adding query parameters
        4. Using the RAML specification in Postman
      2. Modeling an existing API design
    6. Summary
  4. OpenAPI and API Specifications
    1. Technical requirements
    2. What are API specifications?
      1. API specification terminology
      2. Defining API schema
      3. Types of API specifications
        1. RAML
        2. API Blueprint
        3. OpenAPI/Swagger (OAS)
    3. Creating an OAS
      1. Parts of an OAS
      2. Petstore OAS schemas
    4. Creating your own OAS
      1. Starting the file
        1. Understanding the API schema
      2. Defining parameters
      3. Describing request bodies
      4. Using examples
    5. Using API specifications in Postman
      1. Creating a mock server
      2. Validating requests
    6. Summary
  5. Considerations for Good API Test Automation
    1. Technical requirements
    2. Exploratory and automated testing
      1. Exercise – considerations for good API test automation
      2. Writing good automation
      3. Types of API tests
    3. Organizing and structuring tests
      1. Creating the test structure
      2. Organizing the tests
        1. Environments
        2. Collection variables
        3. Choosing a variable scope
        4. Exercise – using variables
    4. Creating maintainable tests
      1. Using logging
      2. Test reports
    5. Creating repeatable tests
    6. Summary
  6. Understanding Authorization Options
    1. Understanding API security
      1. Authorization in APIs
      2. Authentication in APIs
    2. API security in Postman
      1. Getting started with authorization in Postman
      2. Using Basic Auth
      3. Using bearer tokens
      4. Using API keys
      5. Using AWS Signature
      6. Using OAuth
        1. Setting up OAuth 2.0 in Postman
        2. OAuth 1.0
      7. Digest authentication
      8. Hawk authentication
      9. Using NTLM authentication
      10. Using Akamai EdgeGrid
      11. Handling credentials in Postman safely
    3. Summary
  7. Creating Test Validation Scripts
    1. Technical requirements
    2. Checking API responses
      1. Checking the status code in a response
        1. Using the pm.test method
        2. Using Chai assertions in Postman
        3. Try it out
      2. Checking the body of a response
        1. Checking whether the response contains a given string
        2. Checking JSON properties in the response
        3. Try it out
      3. Checking headers
      4. Custom assertion objects in Postman
      5. Creating your own tests
        1. Try it out
      6. Creating folder and collection tests
      7. Cleaning up after tests
    3. Setting up pre-request scripts
      1. Using variables in pre-request scripts
      2. Passing data between tests
      3. Building request workflows
        1. Looping over the current request
        2. Running requests in the collection runner
    4. Using environments in Postman
      1. Managing environment variables
    5. Summary
  8. Data-Driven Testing
    1. Technical requirements
    2. Defining data-driven testing
      1. Setting up data-driven inputs
      2. Thinking about the outputs for data-driven tests
    3. Creating a data-driven test in Postman
      1. Creating the data input
      2. Adding a test
      3. Comparing responses to data from a file
    4. Challenge – data-driven testing with multiple APIs
      1. Challenge setup
      2. Challenge hints
    5. Summary
  9. Workflow Testing
    1. Different types of workflow tests
      1. Linear workflows
      2. Business workflow
    2. Workflow testing with the Flows feature in Postman
      1. Configuring a Send Request block
      2. Building a Flow in Postman
    3. Advice for creating workflow tests
      1. Checking complex things
      2. Checking things outside of Postman
    4. Summary
  10. Running API Tests in CI with Newman
    1. Technical requirements
    2. Getting Newman set up
      1. Installing Newman
        1. Installing Node.js
        2. Using npm to install Newman
      2. Running Newman
    3. Understanding Newman run options
      1. Using environments in Newman
      2. Running data-driven tests in Newman
      3. Other Newman options
    4. Reporting on tests in Newman
      1. Using Newman’s built-in reporters
      2. Using external reporters
        1. Generating reports with htmlextra
      3. Creating your own reporter
    5. Integrating newman into CI/CD builds
      1. General principles for using Newman in CI/CD builds
      2. Example – using GitHub Actions
    6. Summary
  11. Monitoring APIs with Postman
    1. Setting up a monitor in Postman
      1. Creating a monitor
      2. Using additional monitor settings
        1. Receive email notifications for run failures and errors
        2. Retry if run fails
        3. Set request timeout
        4. Set delay between requests
        5. Follow redirects
        6. Enable SSL validation
      3. Adding tests to a monitor
    2. Viewing monitor results
      1. Cleaning up the monitors
    3. Summary
  12. Testing an Existing API
    1. Finding bugs in an API
      1. Setting up an API for testing
      2. Testing the API
      3. Finding bugs in the API
      4. Resetting the service
      5. Example bug
    2. Automating API tests
      1. Reviewing API automation ideas
      2. Setting up a collection in Postman
      3. Creating the tests
    3. An example of automated API tests
      1. Setting up a collection in Postman
      2. Creating the tests
        1. Updating the environment
        2. Adding tests to the first request
        3. Adding tests to the second request
        4. Adding tests to the POST request
        5. Cleaning up tests
        6. Adding tests to the PUT request
        7. Adding tests to the DELETE request
    4. Sharing your work
      1. Sharing a collection in Postman
    5. Summary
  13. Creating and Using Mock Servers in Postman
    1. Getting started with mock servers
      1. What is a mock server?
      2. When to use a mock server
      3. Things to be careful of with mock servers
    2. Setting up mock servers in Postman
      1. Modifying mock server values
      2. Creating more mock values
      3. Mocking route parameters
      4. Mocking dynamic data
    3. Using mock servers
      1. Using private servers
      2. Mocking a third-party API
    4. Summary
  14. Using Contract Testing to Verify an API
    1. Understanding contract testing
      1. What is contract testing?
      2. How to use contract testing
      3. Who creates the contracts?
        1. Consumer-driven contracts
        2. Provider-driven contracts
    2. Setting up contract tests in Postman
      1. Creating a contract testing collection
      2. Adding tests to a contract test collection
        1. Running contract tests
        2. Using Postman Interceptor
    3. Running and fixing contract tests
      1. Fixing contract test failures
      2. Sharing contract tests
    4. Summary
  15. API Security Testing
    1. OWASP API Security list
      1. Authorization and authentication
      2. Broken object-level authorization
      3. Broken property-level authorization
      4. Unrestricted resource consumption
      5. Unrestricted access to business workflows
      6. Unsafe consumption of APIs
    2. Fuzzing
      1. Fuzz testing with Postman
      2. Cleaning up the tests
      3. Fuzzing with built-in methods in Postman
    3. Summary
  16. Performance Testing an API
    1. Different types of performance load
      1. Processing load
      2. Memory load
      3. Connection load
    2. Using load profiles in Postman
      1. Fixed load profile
      2. Spike load profile
      3. Ramp load profile
      4. Endurance load profile
    3. Running performance tests in postman
      1. Running multiple requests
    4. Performance testing considerations
      1. When to do performance testing
      2. Benchmarking
      3. Repeatability
      4. Collaboration and communication
    5. Summary
  17. Other Books You May Enjoy
  18. Index

Product information

  • Title: API Testing and Development with Postman - Second Edition
  • Author(s): Dave Westerveld
  • Release date: June 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781804617908