Postman API Testing

Comprehensive Postman shortcuts and workflows for API development and testing.

Shortcut	Description
`Ctrl+N`	New Request
`Ctrl+Shift+N`	New Collection
`Ctrl+O`	Open
`Ctrl+S`	Save
`Ctrl+Shift+S`	Save As
`Ctrl+Enter`	Send Request
`Ctrl+R`	Reload
`Ctrl+W`	Close Tab
`Ctrl+Shift+W`	Close All Tabs
`Ctrl+T`	New Tab
`Ctrl+Shift+T`	Reopen Closed Tab

Request Management

Shortcut	Description
`Ctrl+L`	Focus URL Bar
`Ctrl+M`	Change HTTP Method
`Ctrl+Shift+P`	Open Command Palette
`Ctrl+K`	Search Collections
`Ctrl+H`	Show/Hide Sidebar
`Ctrl+Alt+C`	Open Console
`Ctrl+Alt+E`	Open Environment Quick Look

Text Editing

Shortcut	Description
`Ctrl+A`	Select All
`Ctrl+C`	Copy
`Ctrl+V`	Paste
`Ctrl+X`	Cut
`Ctrl+Z`	Undo
`Ctrl+Y`	Redo
`Ctrl+F`	Find
`Ctrl+G`	Find Next
`Ctrl+Shift+G`	Find Previous
`F3`	Find Next
`Shift+F3`	Find Previous

Environment and Variables

Shortcut	Description
`Ctrl+Alt+E`	Environment Quick Look
`Ctrl+Shift+E`	Manage Environments
`\\{\\{variable\\}\\}`	Variable Syntax
`pm.environment.get("var")`	Get Environment Variable
`pm.environment.set("var", "value")`	Set Environment Variable
`pm.globals.get("var")`	Get Global Variable
`pm.globals.set("var", "value")`	Set Global Variable

HTTP Methods and Status Codes

Common HTTP Methods

Method	Purpose	Example
`GET`	Retrieve data	Get user profile
`POST`	Create new resource	Create new user
`PUT`	Update entire resource	Update user profile
`PATCH`	Partial update	Update user email
`DELETE`	Remove resource	Delete user account
`HEAD`	Get headers only	Check if resource exists
`OPTIONS`	Get allowed methods	CORS preflight

HTTP Status Codes

Code Range	Type	Common Codes
`2xx`	Success	200 OK, 201 Created, 204 No Content
`3xx`	Redirection	301 Moved, 302 Found, 304 Not Modified
`4xx`	Client Error	400 Bad Request, 401 Unauthorized, 404 Not Found
`5xx`	Server Error	500 Internal Error, 502 Bad Gateway, 503 Unavailable

Pre-request Scripts

Common Pre-request Script Examples

// Set timestamp
pm.environment.set("timestamp", Date.now());

// Generate random data
pm.environment.set("randomEmail",
  "user" + Math.random().toString(36).substring(7) + "@example.com");

// Set authentication token
const token = pm.environment.get("auth_token");
pm.request.headers.add(\\\\{
  key: "Authorization",
  value: "Bearer " + token
\\\\});

// Generate UUID
const uuid = require('uuid');
pm.environment.set("requestId", uuid.v4());

// Base64 encode credentials
const username = pm.environment.get("username");
const password = pm.environment.get("password");
const credentials = btoa(username + ":" + password);
pm.environment.set("basicAuth", credentials);

Test Scripts

Basic Assertions

// Status code tests
pm.test("Status code is 200", function () \\\\{
    pm.response.to.have.status(200);
\\\\});

pm.test("Status code name has string", function () \\\\{
    pm.response.to.have.status("OK");
\\\\});

// Response time test
pm.test("Response time is less than 200ms", function () \\\\{
    pm.expect(pm.response.responseTime).to.be.below(200);
\\\\});

// Header tests
pm.test("Content-Type is present", function () \\\\{
    pm.response.to.have.header("Content-Type");
\\\\});

pm.test("Content-Type is application/json", function () \\\\{
    pm.expect(pm.response.headers.get("Content-Type")).to.include("application/json");
\\\\});

JSON Response Tests

// Parse JSON response
const responseJson = pm.response.json();

// Test JSON structure
pm.test("Response has required fields", function () \\\\{
    pm.expect(responseJson).to.have.property("id");
    pm.expect(responseJson).to.have.property("name");
    pm.expect(responseJson).to.have.property("email");
\\\\});

// Test specific values
pm.test("User ID is correct", function () \\\\{
    pm.expect(responseJson.id).to.eql(123);
\\\\});

pm.test("Email format is valid", function () \\\\{
    pm.expect(responseJson.email).to.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/);
\\\\});

// Test array responses
pm.test("Response is an array", function () \\\\{
    pm.expect(responseJson).to.be.an('array');
\\\\});

pm.test("Array has correct length", function () \\\\{
    pm.expect(responseJson).to.have.lengthOf(5);
\\\\});

Variable Extraction

// Extract data from response
const responseJson = pm.response.json();

// Set environment variables
pm.environment.set("userId", responseJson.id);
pm.environment.set("userToken", responseJson.token);

// Extract from headers
const location = pm.response.headers.get("Location");
pm.environment.set("resourceUrl", location);

// Extract using regex
const responseText = pm.response.text();
const match = responseText.match(/token:\s*"([^"]+)"/);
if (match) \\\\{
    pm.environment.set("extractedToken", match[1]);
\\\\}

Collection Runner

Running Collections

// Collection variables
pm.collectionVariables.set("baseUrl", "https://api.example.com");
pm.collectionVariables.get("baseUrl");

// Data-driven testing
// Use CSV or JSON files for test data
// Access data using pm.iterationData.get("fieldName")

// Workflow control
postman.setNextRequest("Request Name");
postman.setNextRequest(null); // Stop execution

Authentication Workflows

Bearer Token

// Pre-request script for login
pm.sendRequest(\\\\{
    url: pm.environment.get("baseUrl") + "/auth/login",
    method: "POST",
    header: \\\\{
        "Content-Type": "application/json"
    \\\\},
    body: \\\\{
        mode: "raw",
        raw: JSON.stringify(\\\\{
            username: pm.environment.get("username"),
            password: pm.environment.get("password")
        \\\\})
    \\\\}
\\\\}, function (err, response) \\\\{
    if (response.code === 200) \\\\{
        const token = response.json().token;
        pm.environment.set("authToken", token);
    \\\\}
\\\\});

OAuth 2.0

// OAuth 2.0 configuration
const clientId = pm.environment.get("clientId");
const clientSecret = pm.environment.get("clientSecret");
const tokenUrl = pm.environment.get("tokenUrl");

pm.sendRequest(\\\\{
    url: tokenUrl,
    method: "POST",
    header: \\\\{
        "Content-Type": "application/x-www-form-urlencoded"
    \\\\},
    body: \\\\{
        mode: "urlencoded",
        urlencoded: [
            \\\\{key: "grant_type", value: "client_credentials"\\\\},
            \\\\{key: "client_id", value: clientId\\\\},
            \\\\{key: "client_secret", value: clientSecret\\\\}
        ]
    \\\\}
\\\\}, function (err, response) \\\\{
    if (response.code === 200) \\\\{
        const accessToken = response.json().access_token;
        pm.environment.set("accessToken", accessToken);
    \\\\}
\\\\});

API Testing Workflows

CRUD Operations Testing

// 1. Create Resource (POST)
pm.test("Create user successfully", function () \\\\{
    pm.response.to.have.status(201);
    const user = pm.response.json();
    pm.environment.set("createdUserId", user.id);
\\\\});

// 2. Read Resource (GET)
pm.test("Get user successfully", function () \\\\{
    pm.response.to.have.status(200);
    const user = pm.response.json();
    pm.expect(user.id).to.eql(pm.environment.get("createdUserId"));
\\\\});

// 3. Update Resource (PUT/PATCH)
pm.test("Update user successfully", function () \\\\{
    pm.response.to.have.status(200);
\\\\});

// 4. Delete Resource (DELETE)
pm.test("Delete user successfully", function () \\\\{
    pm.response.to.have.status(204);
\\\\});

Error Handling Tests

// Test error responses
pm.test("Returns 400 for invalid data", function () \\\\{
    pm.response.to.have.status(400);
    const error = pm.response.json();
    pm.expect(error).to.have.property("message");
\\\\});

pm.test("Returns 401 for unauthorized access", function () \\\\{
    pm.response.to.have.status(401);
\\\\});

pm.test("Returns 404 for non-existent resource", function () \\\\{
    pm.response.to.have.status(404);
\\\\});

Best Practices

Organization

Use collections to group related requests
Create folders within collections for logical grouping
Use descriptive names for requests and collections
Document APIs using collection descriptions
Use environment variables for different stages (dev, staging, prod)

Testing Strategy

Write comprehensive test scripts
Test both positive and negative scenarios
Validate response structure and data types
Check response times and performance
Test error handling and edge cases

Data Management

Use environment variables for configuration
Implement data-driven testing with CSV/JSON files
Clean up test data after test execution
Use dynamic variables for unique test data
Separate test data from production data

Collaboration

Share collections with team members
Use version control for collection exports
Document API changes and test updates
Create reusable test scripts and snippets
Establish naming conventions and standards

Postman API Testing

Basic Navigation

Request Management

Text Editing

Environment and Variables

HTTP Methods and Status Codes

Common HTTP Methods

HTTP Status Codes

Pre-request Scripts

Common Pre-request Script Examples

Test Scripts

Basic Assertions

JSON Response Tests

Variable Extraction

Collection Runner

Running Collections

Authentication Workflows

Bearer Token

OAuth 2.0

API Testing Workflows

CRUD Operations Testing

Error Handling Tests

Best Practices

Organization

Testing Strategy

Data Management

Collaboration