March 28, 2020
Estimated Post Reading Time ~

Overview of Postman

In this tutorial, you will learn about the Postman testing tool. The Postman testing tool is used for testing APIs(Application Programming Interface) of a software application. As the number of web and mobile applications is increasing, the importance of API testing is also increasing. So, we have to learn postman testing for testing APIs.

Postman Tutorial for Beginners
What is Postman

Postman is a software testing tool used for API Testing. API(Application Programming Interface) enables software applications to interact with each other.
What is API
API is defined as a collection of functions, procedures, and other Access Points that a program or an operating system makes accessible to developers to allow it to communicate with the other software applications.

Why Postman is used
Postman is used for API Testing due to the following reasons:
1. Availability
After installing Postman into your system, you can use it anywhere by just logging into your account.
2. Make use of collections.
In Postman, users can create collections for their corresponding API calls. Every collection will create multiple subfolder requests. This assists in arranging the test suites.
3. Collaboration
Environments and Collections are imported and exported to enhance file sharing.
4. Test Creation
Verification of successful HTTP response status is added to each API for testing checkpoints.
5. Continuous Integration
Postman can support Continuous Integration. Development procedures are carried out according to that.
6. Automation Testing
By using Collection Runner Newman, we can run tests in multiple iterations to reduce the time for iterative tests.
7. Debugging
To Debug the tests efficiently, the postman console assists in monitoring what data has been retrieved

Advantages of Postman
  • Postman enables us to create integration test suites easily.
  • Postman allows us to save data for other tests.
  • Postman supports integration testing.
  • Postman can easily integrate with other build tools like Jenkins, etc.
  • Postman eases the movement of environments and tests to code repositories.
How to use Postman
The features of Postman are as follows:
  1. New: This feature is used to create a unique environment or request.
  2. Import: This feature is used for importing a collection or environment.
  3. Runner: This feature is used for executing automation tests.
  4. Collaboration: This feature is used for inviting team members for interaction.
  5. Collections: Collections are created for arranging the test suite.
  6. Open New: This feature is used for opening new tabs.
  7. My Workspace: New Workspace is created individually, or as a team.
  8. History: This feature is used for displaying past requests.
  9. Request Tab: This feature is used for displaying the title of the request.
  10. HTTP Request: This feature is used for displaying the dropdown list of various requests.
  11. Params: This feature is used for writing the required parameters for a request.
  12. Authorization: To use APIs, appropriate authorization is required.
  13. Save: This feature is used to save the changes made to a request.
  14. Headers: You can set headers depending upon the requirement of the organization.
  15. Pre-request Script: This feature is used for executing the test scripts before requests.
Postman API Testing
After installing Postman Successfully, we can start API Testing by making HTTP requests to the server.
HTTP Methods
The Hypertext Transfer Protocol is used to allow communication between servers and clients. It acts as a request-response protocol between the client and the server. The web browser is considered as a client, and the application that hosts the website is viewed as a server.
The most popular HTTP methods are as follows:
  • GET: GET Method is used for retrieving the data from the server through the URI.
  • POST: POST request is used to send data to the server.
  • PUT: It is used to send data to a server to create/update a resource.
  • PATCH: It is used to update partial resources.
  • HEAD: HEAD is similar to GET; the only difference is HEAD does not have a response body.
  • DELETE: The DELETE Method deletes the mentioned resource.
Testing GET Requests
Let us test the APIs and to test the API we have to make a GET request. The procedure for the GET request is as follows:
  • Create a collection in POSTMAN.
  • Create a request and save it in a collection.
  • Now, we have to pass different parameters to the request to get a response.
  • Now we have to enter the URL needed, and then we have to click on the "SEND" button.
  • Now we will get a response in the body section indicating that we have tested the API Successfully.
Testing POST Requests
For example, if we want to create a user or delete a user in Gmail, then we will use the POST method. In Post request, we will send some data in the request body and API will send data in response to that.
The procedure for creating POST Request
  • Create a Request and save it in a collection.
  • Select POST from the menu.
  • Enter the website URL in the request URL.
  • Select the "Raw" radio button after clicking on Body Tab.
  • After typing the required code, click the send button.
  • After checking the response and the status code, we can say that we have successfully tested this API.
Request Parameterization
It is one of the essential features of Postman. Rather than making the same requests with different data, we can use variables for parameters. Parameterization helps in avoiding the repetition of similar tests.
Steps to be followed for creating parameterized get request
  • Establish the HTTP Request as GET.
  • Give any URL as Input link. Substitute the first part of the URL with any parameter.
  • Click send and Set the environment to use the parameter.
  • Press edit to establish the variable to the global environment to use in all collections.
  • Establish the URL and Save it.
  • When you see the next screen, click close.
Creating Postman Tests
Postman tests are developed using javascript, and they are included in tests to check results like failed or successful status and expected results comparison.
Steps to be followed for creating Postman Tests
Step 1) First go to Get user request.
Step 2) Move to the test tab.
Step 3) When you go to the snippets section, click on "Status code: Code is 200".
Step 4) When you click send, the test result will be displayed.
Step 5) After returning to the tests tab, we will add another test and compare the expected result with the actual result.
Step 6) In Postman, we can create different types of tests, depending upon the requirement to select the test.

Conclusion
Postman is a freeware testing tool used for testing APIs. As APIs are used for software interaction, testing them is essential before delivering the product. It supports the continuous integration of the development code. It supports every method of the HTTP request so, that we can test any URL.

Introduction of API Testing
API stands for Application Programming Interface. API describes how one software program communicates and exchanges data with other software programs. It behaves like an interface between different software systems for interacting with each other. API is a set of functions, subroutines, protocols, standards, and code that glues our technical world together.

Let us understand API through one example. Consider you have booked an UBER for your commute. UBER uses Google maps for directions and live updates. That doesn’t mean UBER has developed its own maps for the same functionality. They are using Google Maps API to plug the same functionality into their app. This is how an API is used to plug and play the functionality.
There are many other famous APIs like YouTube API, Twitter API, Amazon Advertising API, etc.
Any application is made up of 3 layers.
  1. Presentation Layer
  2. Business Layer
  3. Database Layer

GUI testing is done on the presentation layer. API testing is totally different than GUI testing. It is applied to the business layer of an application. API testing is done to check whether API is giving the expected results, whether it is reliable, how its performance is and whether it is secure or not. API testing doesn’t focus on the application’s look and feel. It concentrates on API’s performance and integration.
Types of API Testing
There are various types of tests done on API. They are categorized in below 9 categories.
  1. Unit testing
  2. Security Testing
  3. UI testing
  4. Interoperability and WS Compliance testing
  5. Functional Testing
  6. Load Testing
  7. The run time or Error Detection
Let us discuss each and every testing type in detailed
Unit Testing: Unit testing is defined as the testing of a unit or some specific functionality
Functional Testing: Functional testing is defined as a test of functions in the codebase. These tests are run to ensure API functions are within expected parameters and errors are handled properly.
Load Testing: Load testing is done to ensure the performance and functionality of an API under load.
Security Testing: Security testing is carried out to ensure the API is secure from external threats.
UI Testing: UI testing is termed as a test of your user interface for API and its components. It is especially concerned with the function of UI, whether interface depends on command line calls or graphical in nature.
Runtime Error Detection: This test is carried to identify exceptions or resource leaks to prevent future erroneous scenarios.
Penetration Testing: Penetration testing is done to identify how vulnerable the application is for attackers.
Fuzz Testing: Fuzz testing is negative testing to see how API behaves in a worst-case scenario. In this testing, a lot of random data is given as input to create fuzz and check how API handles this forced crash.
Interoperability and WS Compliance Testing: It is only applicable for SOAP APIs. It generally checks 2 fields. Firstly, Interoperability is checked by making sure with Web Services Interoperability Profiles. Secondly, compliance is checked to make sure standards like WS-Discovery, WS-Addressing, WS-Federation, WS-Security, WS-Policy, and WS-Trust are properly utilized and maintained.

API Testing Vs. Unit Testing
Due to test-driven development, unit testing becomes an integral part of every development effort. On the other hand, there are many applications that provide API for code-level access for functionality. Both types of testing target to the code level and have similar tools. Let us see how they are different from each other.

The below table states the difference between API and Unit testing.


API Test Environment Setup
API Testing is different than another testing as GUI is not involved in API Testing. To test API, we need to set up an environment, which accepts input parameters, invoke APIs with those parameters and derive the result.
To set up the API Test environment, we need to configure the database and server as per application requirements. Once that is installed, we can call API functions to verify if API is working or not.
Test Cases for API Testing.
Below is the list of some common tests we carry for API testing:
  • Return value for an input condition: we need to verify responses based on the request. It is comparatively easy to test as input variables are known and results can be authenticated.
  • Effect of updating data structure: If we update data structures, it will affect the outcome of an API. This outcome needs to be authenticated.
  • Redirection of an API – an event or another API call: If an API redirects control to an event or another API then those also should be tracked.
  • In case of no return value: When API doesn't return any value, its behavior must be verified.
  • Resource Modification: If API calls modify some resources, then those resources must be verified and validated by accessing them.
API Testing Approach
There are various points that help us to choose the best API testing approach
  • Define the scope of the program by understanding the functionality of the API program
  • Setup the test environment which includes database and server configuration as per the application requirements.
  • Perform API testing by using different testing techniques like boundary value analysis, equivalence classes, and error guessing. Also, write test cases for the API.
  • Plan and define input parameters for the API properly
  • Perform test cases with known input configurations and ensure API meets the expected result.
Once you have applied the above points, you need to start organizing yourself for the API test. Try to answer the below questions:
  • Who consumes API? Who is the target audience?
  • Which environment API should use?
  • What is the expected result in normal circumstances?
  • Any preference for testing API?
  • For which problems we are testing?
  • What will happen in abnormal circumstances?
  • Which API can communicate with this API?
  • What are your pass and fail scenario?
This will be helpful to create testing boundaries and requirements. Altogether, all these points help us to decide on a perfect API test strategy.

How to do API Testing?
Once we have decided on testing boundaries and requirements, we need to decide what exactly we want to test API for. Apart from the usual SDLC process, below are a few testing methods.
Discovery testing: The Testing team needs to manually test the set of calls included in API such as ensuring a resource used by API is listed, created or deleted as required.
Usability testing: This testing verifies if API integrates with other platforms properly. This method is to check if API is user-friendly and functional.
Security testing: This testing method verifies the type of authentication required and ensures sensitive and confidential data is encrypted over HTTP.
Automated testing: This testing method creates a script that executes and trigger API regularly without any manual efforts.
Documentation testing: This method verifies if documentation is providing enough information about API. This documentation is delivered as a part of the final deliverable by the development team. There are many API documentation templates available like Miredot, Slate, RestDoc, API blueprint, FlatDoc, Swagger, etc.

What do you need to verify in API Testing?
In API Testing, we generally send a request to API with some input parameters and analyze the response we received for those known data. Below are the key areas we need to verify while performing API testing:
  • Response Time
  • HTTP Status Codes
  • Data Accuracy
  • API return value (error codes if API returns an error)
  • Authorization checks
  • Non-functional testing like security testing, and performance testing.
Types of Bugs and errors detected by API Testing
There are various types of bugs or errors detected by API testing. Below are some of them:
  • Security issues
  • Performance issues
  • Multi-Threading issues
  • Unused flags
  • Duplicate or missing functionality
  • Reliability issue i.e. difficulty while connecting and getting a response from API
  • Improper warnings or errors to the caller
  • Unstructured response data
  • Valid arguments not handled correctly
Best Practices of API Testing
Once you have prepared your test plan, make sure you follow some thumb rules to succeed in the test as much as possible:
  • Start testing with typical or expected results.
  • Add stress to the system by carrying a series of API load tests
  • Test for a failure condition. Make sure API fails consistently for negative cases.
  • To ease the work for the tester, prioritize API function calls
  • Verify how an API behaves and handles any unforeseen problems
  • Automate any API testing task if possible.
  • Group test cases based on their category.
  • Try to cover all possible input combinations for maximum test coverage
  • Mention parameter selection in test cases explicitly.
  • Test Chaining should be avoided
  • Call Sequencing should be well planned.
Make sure each test case is independent of dependencies if possible.

Advantages of API Testing
API testing provides several advantages to improve the test coverage which provides a faster and effective result. Some of the advantages are mentioned below:
Core Functionality Test: Application can be accessed without any user interface through API testing. Core functionality tests result in an early evaluation of any build before any GUI tests are applied to it. This practice identified small issues that can become larger while performing GUI testing. This will reduce the testing cost.
Language Independent: Data is exchanged in JSON or XML while performing API testing. Transfer modes here are completely language-independent. You can select any core language while automating testing for your application.
Time and Cost-Effective: API testing is less time-consuming than GUI testing. API tests require lesser code and hence provide faster and better coverage than GUI testing.
Risk Reduction: API testing is helpful to find bugs early in the test cycle, hence reduce risks.
GUI Integration: You can easily integrate GUI testing with API testing. This is most helpful when you want to perform API testing followed by functional GUI testing.

Challenges of API Testing
There are some challenges that we face while doing API testing.
  • Choosing the right parameters and their combinations
  • Validating the output
  • Choosing the parameter category properly
  • Difficulty in providing input value due to absence of GUI
  • Call sequencing should be proper in order to avoid inadequate coverage while testing
  • Testing exception handling function
  • Coding knowledge is required by a tester.
Tools for API Testing
API testing can be done through various tools. Having the right tool and process for API testing is the most important task as it is the crucial component for any application. There are many open-source and commercial tools available for API testing.
Below is the list of some of the best tools available in the market for API testing:
SoapUI: Automation testing tool for REST and SOAP API. It supports cross-platform and has free and aid plans.
Katalon Studio: It is a Web, API, and Mobile testing tool. It is good for beginners as well as experts. It has a free license and paid support services.
JMeter: It is designed for load testing and functional testing.
Postman: It is an API development environment. It has free as well as paid but cheap plans.
Fiddler: It is a tool to monitor, reuse and manipulate existing HTTP requests. Its APITest extension allows us to validate APIs behaviors across the web.
Apigee: Apigee is a cross-cloud API testing tool that allows users to validate API performance along with building and supporting APIs with other tools like Swagger.
Rest-Assured: It is a tool used for testing REST services in Java environments. It is an open-source tool.
Swagger: It is a tool for the API designing process which includes the whole API lifecycle.
Assertible: Assertible is an API testing tool known for automation and reliability.
Karate DSL: It is a tool that allows testers to write test cases using the domain-specific language for web service.
RestSharp: It is an API testing tool that is used to test REST for the .NET environment.
There are many other tools available in the market for API testing. Choose according to your requirements and environment.

Conclusion:
API testing plays an important role in any application. If it is not tested properly, it can create problems while calling the application. It is a crucial and mandatory test in the software lifecycle.


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.