Here is the thing: we don't always have the time and resources to properly verify and test the API’s behavior.
In this case, this problem arose when we were working on the development of mobile applications consuming a non-public REST API.
When we detected that most errors on client side were caused by a bad performance of the API endpoints and constant functional variations on them, automated tests to verify the API seemed to be the best solution.
As we did not have enough time to develop a framework and properly test the API, we decided to use an intermediate solution like Postman.
What is Postman?
Postman is a rest GUI client that can be installed as a Google Chrome Extension or a Mac Application: https://www.postman.com/
As many other rest clients it supports different methods like those available in the HTTP protocol. Also comes with different kinds of authorization protocols like oauth2, Aws signature, basic auth etc.
In comparison with other tools, Postman can be a bit less powerful than others, for example command line tools like "Curl".
The idea of this document is not to go into deep detail of the Postman usage, but rather to show the useful alternative that it provides when it comes to REST API automation.
What does Postman provide?
Recently, postman added some new features that allow users to simply create automated tests and control a test suite execution by adding some js code.
- Test editor and runner: Lets you write and run tests within Postman.
- Collection runner: Lets you run an entire Postman collection in one go.
- Data variables: Lets you parameterise requests with values from a JSON/CSV file.
As shown on the right section of the picture below, the tool comes with a number of functions that allow the user to add validations, assertions or even to set variables and prepare the test scenarios.
Controlling test scenarios
Example 1: Setting variables
Suppose we have a situation where the execution of a certain request depends on some data value/state returned by the execution of another request.
For example, if we are using oauth2 authorization in order to access the API, it may be necessary to specify a bearer token in all the requests.
We can easily do that the following way:
var data = JSON.parse(responseBody); postman.setGlobalVariable("access_token", data.access_token);
As the global variable "access_token" contains the access token value, we are now able to use it in all the requests that may require this authorization header.
Example 2: Asserts
There are several types of validations we can add for a specific test case.
The following example shows four common assertions we may frecuently use.
- The first assertion is cheking that the response code value is 200 for this request.
- The second assertion is checking if the response header contains the key "Content-Type"
- The third assertion is validating that the body data in the response contains some string.
- The fourth assertion is validating the response time.
Executing a set of test
An interesting utility in Postman is that it allows a set of test to be executed, then obtain a summary of results and determine which of them has failed and why.
Once you have created a new request, you can add it into a test execution suite by saving it into a specific collection name.
Using the runner service, the entire collection can then be executed:
All the validations added in each test case will also be performed.
After the execution is complete, a summary will be displayed. In the following example, 9 test have passed except for one of them, where the expected status code did not match with the returned one.
A tool like this can get us out of trouble in certain circumstances where development and testing time is limited.
Creating and performing a set of automated tests like the one shown in the example does not take more than 20 min.