API Testing with Postman & Newman: Beyond Clicks and Collections

Part of the “10 Days of QA — From Beginner to Expert”

Intro — You’ve clicked “Send” in Postman hundreds of times — but real API testing is more than watching a 200 OK appear. It’s about trusting data integrity, contracts, and behavior under edge cases. Today we go beyond clicks — into automation, validation and continuous confidence.

1️⃣ What is API Testing Really About?

API testing is validating the communication between services. Instead of a UI, you test requests and responses directly — faster, more reliable, and perfect for early feedback.

Typical objectives:

Confirm status codes and headers
Validate response data structure and types
Check business rules and edge cases
Measure response times and error handling

Think of API testing as the X-ray of your application — you see what’s under the UI skin.

2️⃣ Setting Up Postman — from Collections to Environments

Start with a simple example API: https://reqres.in/api/users

Create a collection “User API Tests”
Add GET / POST requests with params and headers
Use Environments to store base URL and token variables (e.g., {{base_url}})
Add scripts under “Tests” tab to assert responses

Example Test Script in Postman


// Tests tab in Postman

pm.test("Status code is 200", function () {

  pm.response.to.have.status(200);

});

pm.test("User object contains email", function () {

  var json = pm.response.json();

  pm.expect(json.data.email).to.include("@");

});

3️⃣ Running Collections with Newman

Newman is Postman’s command-line runner — perfect for CI. Install it with:

npm install -g newman

Export your Postman collection and environment files (.json), then run:

newman run User_API_Tests.postman_collection.json -e QAEnv.postman_environment.json --reporters cli,html

Mentor tip: Treat your Postman collection like code — version it, review it, and run it every build.

4️⃣ Validating JSON Responses — Deep Checks


// Example in Postman

pm.test("JSON schema is valid", function () {

  const schema = {

    "type":"object",

    "properties":{

      "data":{"type":"object"},

      "support":{"type":"object"}

    },

    "required":["data","support"]

  };

  pm.expect(tv4.validate(pm.response.json(), schema)).to.be.true;

});

You can use libraries like Ajv or tv4 for schema validation. Postman already bundles tv4.

5️⃣ Real Example — Login and Token Flow

Let’s simulate an API login and subsequent authorized call.


// POST /login

pm.test("Token is returned", function () {

  let data = pm.response.json();

  pm.expect(data.token).to.be.a("string");

  pm.environment.set("token", data.token);

});

// GET /users (after login)

pm.request.headers.add({

  key: "Authorization",

  value: "Bearer " + pm.environment.get("token")

});

Now your API tests are linked — mimicking real user journeys across requests.

6️⃣ Python Validation Alternative

If you love Python, you can run simple API validations using requests + pytest for cross-checking your Postman logic.


import requests, pytest

def test_users_list():

  r = requests.get("https://reqres.in/api/users?page=2")

  assert r.status_code == 200

  data = r.json()

  assert "data" in data

  assert data["data"][0]["email"].endswith("@reqres.in")

7️⃣ Integrating Newman with CI/CD

Here’s a GitHub Actions workflow that runs Postman tests on each PR:


name: API Tests

on: [pull_request]

jobs:

  newman:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v3

      - name: Install Newman

        run: npm install -g newman

      - name: Run API Tests

        run: |

          newman run postman/User_API_Tests.json -e postman/QAEnv.json --reporters cli,junit

      - name: Upload Results

        if: failure()

        uses: actions/upload-artifact@v3

        with:

          name: newman-reports

          path: newman/

8️⃣ Common Mistakes & Fixes

Mistake	Better Approach
Hardcoding URLs or tokens	Use environment variables
Ignoring response time	Add `pm.expect(pm.response.responseTime < 500)`
One giant collection file	Modularize by feature or service
Manual runs only	Automate with Newman + CI

9️⃣ Performance Quick Checks

Postman can measure latency too:

pm.test("Response time < 500ms", function () {

  pm.expect(pm.response.responseTime).to.be.below(500);

});

Mini Challenge (30 min):

Create a Postman collection for GET/POST / DELETE users
Add auth token flow between requests
Run it with Newman and generate an HTML report
Bonus: Integrate it in a GitHub Action

🔟 How to Evolve API Testing in Your Team

Start simple: a few core endpoints with auth flow
Automate daily: run collections nightly in CI
Add schema validation: prevent breaking changes
Visualize trends: track failure rates and response times

Final Thought — The API Mindset

APIs connect everything — your UI, mobile apps, and third-party integrations. A QA engineer who understands and tests APIs is already halfway to becoming an SDET. The tools (Postman, Newman) are just means — the real skill is how you think about data, contracts, and impact.

Bugged_But_Haapy

Search This Blog