API Testing with Postman & Newman: Beyond Clicks and Collections

-
API Testing with Postman & Newman: Beyond Clicks and Collections

API Testing with Postman & Newman: Beyond Clicks and Collections

Part of the “10 Days of QA — From Beginner to Expert”

Intro — You’ve clicked “Send” in Postman hundreds of times — but real API testing is more than watching a 200 OK appear. It’s about trusting data integrity, contracts, and behavior under edge cases. Today we go beyond clicks — into automation, validation and continuous confidence.

1️⃣ What is API Testing Really About?

API testing is validating the communication between services. Instead of a UI, you test requests and responses directly — faster, more reliable, and perfect for early feedback.

Typical objectives:

  • Confirm status codes and headers
  • Validate response data structure and types
  • Check business rules and edge cases
  • Measure response times and error handling
Think of API testing as the X-ray of your application — you see what’s under the UI skin.

2️⃣ Setting Up Postman — from Collections to Environments

Start with a simple example API: https://reqres.in/api/users

  1. Create a collection “User API Tests”
  2. Add GET / POST requests with params and headers
  3. Use Environments to store base URL and token variables (e.g., {{base_url}})
  4. Add scripts under “Tests” tab to assert responses

Example Test Script in Postman


// Tests tab in Postman

pm.test("Status code is 200", function () {

  pm.response.to.have.status(200);

});

pm.test("User object contains email", function () {

  var json = pm.response.json();

  pm.expect(json.data.email).to.include("@");

});

3️⃣ Running Collections with Newman

Newman is Postman’s command-line runner — perfect for CI. Install it with:

npm install -g newman

Export your Postman collection and environment files (.json), then run:

newman run User_API_Tests.postman_collection.json -e QAEnv.postman_environment.json --reporters cli,html
Mentor tip: Treat your Postman collection like code — version it, review it, and run it every build.

4️⃣ Validating JSON Responses — Deep Checks


// Example in Postman

pm.test("JSON schema is valid", function () {

  const schema = {

    "type":"object",

    "properties":{

      "data":{"type":"object"},

      "support":{"type":"object"}

    },

    "required":["data","support"]

  };

  pm.expect(tv4.validate(pm.response.json(), schema)).to.be.true;

});

You can use libraries like Ajv or tv4 for schema validation. Postman already bundles tv4.

5️⃣ Real Example — Login and Token Flow

Let’s simulate an API login and subsequent authorized call.


// POST /login

pm.test("Token is returned", function () {

  let data = pm.response.json();

  pm.expect(data.token).to.be.a("string");

  pm.environment.set("token", data.token);

});

// GET /users (after login)

pm.request.headers.add({

  key: "Authorization",

  value: "Bearer " + pm.environment.get("token")

});

Now your API tests are linked — mimicking real user journeys across requests.

6️⃣ Python Validation Alternative

If you love Python, you can run simple API validations using requests + pytest for cross-checking your Postman logic.


import requests, pytest

def test_users_list():

  r = requests.get("https://reqres.in/api/users?page=2")

  assert r.status_code == 200

  data = r.json()

  assert "data" in data

  assert data["data"][0]["email"].endswith("@reqres.in")

7️⃣ Integrating Newman with CI/CD

Here’s a GitHub Actions workflow that runs Postman tests on each PR:


name: API Tests

on: [pull_request]

jobs:

  newman:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v3

      - name: Install Newman

        run: npm install -g newman

      - name: Run API Tests

        run: |

          newman run postman/User_API_Tests.json -e postman/QAEnv.json --reporters cli,junit

      - name: Upload Results

        if: failure()

        uses: actions/upload-artifact@v3

        with:

          name: newman-reports

          path: newman/

8️⃣ Common Mistakes & Fixes

MistakeBetter Approach
Hardcoding URLs or tokensUse environment variables
Ignoring response timeAdd pm.expect(pm.response.responseTime < 500)
One giant collection fileModularize by feature or service
Manual runs onlyAutomate with Newman + CI

9️⃣ Performance Quick Checks

Postman can measure latency too:

pm.test("Response time < 500ms", function () {

  pm.expect(pm.response.responseTime).to.be.below(500);

});
Mini Challenge (30 min):
  1. Create a Postman collection for GET/POST / DELETE users
  2. Add auth token flow between requests
  3. Run it with Newman and generate an HTML report
  4. Bonus: Integrate it in a GitHub Action

🔟 How to Evolve API Testing in Your Team

  • Start simple: a few core endpoints with auth flow
  • Automate daily: run collections nightly in CI
  • Add schema validation: prevent breaking changes
  • Visualize trends: track failure rates and response times

Final Thought — The API Mindset

APIs connect everything — your UI, mobile apps, and third-party integrations. A QA engineer who understands and tests APIs is already halfway to becoming an SDET. The tools (Postman, Newman) are just means — the real skill is how you think about data, contracts, and impact.

Location: Pune, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

AI Agents in DevOps: Automating CI/CD Pipelines for Smarter Software Delivery

-
Image
AI Agents in DevOps: Automating CI/CD Pipelines for Smarter Software Delivery Bugged But Happy · September 8, 2025 · ~10 min read Not long ago, release weekends were a rite of passage: long nights, pizza, and the constant fear that something in production would break. Agile and DevOps changed that. We ship more often, but the pipeline still trips on familiar things — slow reviews, costly regression tests, noisy alerts. That’s why teams are trying something new: AI agents that don’t just run scripts, but reason about them. In this post I’ll walk through what AI agents mean for CI/CD, where they actually add value, the tools and vendors shipping these capabilities today, and the practical risks teams need to consider. No hype—just what I’ve seen work in the field and references you can check out. What ...
Read more

What is Hyperautomation? Complete Guide with Examples, Benefits & Challenges (2025)

-
Image
What is Hyperautomation?Why Everyone is Talking About It in 2025 Introduction When I first heard about hyperautomation , I honestly thought it was just RPA with a fancier name . Another buzzword to confuse IT managers and impress consultants. But after digging into Gartner, Deloitte, and case studies from banks and manufacturers, I realized this one has real weight. Gartner lists hyperautomation as a top 5 CIO priority in 2025 . Deloitte says 67% of organizations increased hyperautomation spending in 2024 . The global market is projected to grow from $12.5B in 2024 to $60B by 2034 . What is Hyperautomation? RPA = one robot doing repetitive copy-paste jobs. Hyperautomation = an entire digital workforce that uses RPA + AI + orchestration + analytics + process mining to automate end-to-end workflows . Formula: Hyperautomation = RPA + AI + ML + Or...
Read more

Getting Started with Automation: When, Why & How

-
Image
Getting Started with Automation: When, Why & How Getting Started with Automation: When, Why & How Part of the “10 Days of QA — From Beginner to Expert” Automation is one of those topics everyone talks about — and few start correctly. In this post I’ll walk you through: deciding what to automate, what to avoid, selecting tools, building a simple test, and how to integrate automation into CI. I’ll show runnable examples in both Python (Playwright + pytest) and JavaScript (Playwright + Cypress) so you can pick what fits your stack. Why automation — the real business case Automation isn’t about being fancy or saving a few clicks. You automate to: Increase confidence — run the same checks consistently on every build Save time — free human testers to do higher-value exploratory work R...
Read more