YTread Logo
YTread Logo

Postman Beginner's Course - API Testing

Jun 08, 2021
Hello and welcome to the Postman API Testing


. My name is Valentine. I am a software developer and I like to share my passion for APIs with others in a way that is easy to understand when I am not speaking at a conference or traveling the world I like to share what I know by creating short tutorials and online


s like this in this course you will understand what is bozeman and why we need this tool start using


to interact with apis and write api tests in the latest As part of the course we will explore ways to automate the entire


postman beginner s course   api testing
You will gain hands-on experience using an API throughout the course. I'll give you assignments as a way to practice what you've learned if you're serious about API


. You need to practice on your own, be sure to check the video description for course notes. I'll put in there the most important steps you need to follow links to resources any updates in case anything has changed so let's get started before we get our dirty hands let's make sure you understand the basics if you're new to APIs here's a very quick introduction. An API is essentially an interface to a server that has some data or performs some actions to understand the concept of an interface.
postman beginner s course   api testing

More Interesting Facts About,

postman beginner s course api testing...

Think of any electrical outlet. that you have in your house, no matter what device you want to power your laptop, a washing machine or a television, the wall outlet is designed to accept any plug following a predefined specification, an interface is essentially a contract, I live here in Europe, so All sockets have a specific shape. If I bring a device from the United States or Australia, this will not work as they have a different interface. The APIs we are dealing with share a similar concept. To use an API, we need to know and follow the specifications if you are totally new to APIs.
postman beginner s course   api testing
I recommend you watch another course here on Field Code Camp created by Craig Dennis to get a good understanding of the basics of APIs. I think the best way to understand APIs is to use them. Let's go back to the


. The postman is a tool. To interact with web based apis i.e. apis that work over the internet, an api is like a power outlet that offers a server and instead of electricity we get data, we use postman to connect to this power outlet, but Instead of using a physical cable we use the Internet Postman can help us connect to that API and make sure the process of sending and receiving data is much easier.
postman beginner s course   api testing
Without that interface with the server, it will be much more difficult to communicate, which is why we need Postman in this lesson that we will learn. how to install postman postman uses a freemium pricing model and for many use cases, including this course, is free to use. There are two ways to run postman in your browser by going to or as a standalone app that you need to download and install there is also an old and outdated Google Chrome extension, don't use it. I'll be using the browser app throughout this tutorial, but the apps' functionality is very similar.
You will find installation instructions in the course notes. I'll go to Postman. com and sign up for an account, setup after this is relatively easy and I won't be creating a team yet, that's right, postman is actively developing when I finish recording, editing and publishing this course, a new version will be released, you may notice There are slight differences from what you see now in this video, however, I can assure you that the principles remain the same. I'll update the course notes if there's anything really important. You should know the first thing I like to do when I open Postman for the first time. weather is changing to the black theme so to do that just locate this gear icon this will take us to the settings and from the themes tab I will select the black theme and just close it so let's go ahead and start using an api in postman for this course we will use an api that allows us to order a book now every time we want to start using an api we need to understand how to interact with that api and the best way to start is always by looking in the API documentation now, any API that you want to use should have an API documentation that explains how to use that API, explains what is available, etc., the API we will use allows us to take a look at a list. of books and to order a book, directly from the API documentation that you see here and which will be linked in the course notes, you will be able to see that the API is available at this specific address and also there are some endpoints that we can use Endpoints offers different types of answers and let's take a look at them.
The first endpoint we need to look at is the status endpoint, so what I'm going to do is just copy the API address and here inside the postman. from the workspaces i will select my workspace the workspaces in postman will allow you to organize your work better let me make it a little bigger so i'll go ahead and open a new tab and it looks pretty similar to what you have in a browser it's a little more advanced. I'm going to paste the address here and then write the state. All requests that will go to this API must include this address.
Here I will press the submit button and what I will get is at the bottom of the screen. I'm going to say OK status, so this is our first request in Postman. We've sent a request to this API to this status endpoint and essentially the status endpoint is just telling us that the API is available, working as expected, and that we can start using it. Next, let's take a closer look at what what happened here. You can upload this here to the address where we are using this https protocol. https stands for http hypertext transfer protocol. and s stands for secure so it's a secure connection, most APIs should use https but for the purpose of what I'm going to demonstrate below http and https are essentially the same thing now just to do a little recap of http in our communication between the client. and the server now in this case the client is postman and the server or the API is the simple books API.
We are using http messages. The http message that goes from postman to the API is called a request and what returns from the API is the response to the request in postman is represented here at the top and essentially postman allows you to configure many things about the request, the request will contain the URL or the address that you send this request to, in this case we have this is the API address and this is the endpoint, but we are specifying everything in one address, we also have the request method and we'll talk about that a little bit Later we can specify headers and the postman has been very kind and already added some headers for us. and we'll look at those headers a little bit later and we can also specify a body which for a get request we don't need to do, but we'll never do that for a get request because with a get request we're just trying to get data, we're not sending any data, for example, with the post request, we will specify a body.
Now, this is essentially what happens with a request, so again, to quickly summarize, Postman allows us to set the different properties. From the http request at the bottom of the screen here this is the response and the response also contains some properties. You will find the status code in this case 200. The response will also contain some headers and generally for both the request and the response. headers are like meta information some additional information that goes with the message it's not always necessary to have this but it just makes communication a little bit easier just to give you an example here what comes here is a header called content type and it's basically , tells the postman that, hey, what we received here is represented as json.
You'll see the json application bar here, and using this information, postman can look at the body of the response and say, Oh, I know this is Jason, so I'm going to display it as json instead of using, for example, text, you can see it doesn't look that good, so it's extra stuff that travels with both the request and the response. The answer will also contain what is probably the most interesting and important part of the answer. body essentially the response body contains the entire response, whatever we would like to get, as the server information will be available in the response body.
I'll point out the different parts of the http request message and the http response message throughout the course, but I just wanted to do a quick summary of what's available and where you can find this information within Postman. Now let's say we want to keep this request. We have already configured the API address here and let's say you want to reuse it at a later time. So what we can do here is click on the Save button inside Postman and we can also give this request a name, for example we can call it API status and we can't just save this request as it is, we will see here that this Save button. is disabled, we have to create a collection.
The collection is essentially a list of multiple requests, usually they are all connected to the same API, so if you are working with multiple APIs you will probably have a collection for each individual API or sometimes even for the same API. Depending on the use cases, I'll go ahead and click on create collection and call it Simple Book API. Click here on this check mark and now this request will be saved in this collection if I go ahead and close the tab I will be able to find here in this part here of the collections, we will see here the collection itself and if I click on one of the requests inside the collection the tab will open automatically and I can run that request again, normally in postman we try to avoid having addresses or settings in our requests in case something changes so I'm going to go ahead and select this address here you will see here postman offers this set as a variable, so we can essentially replace this with a variable. which we can configure in one place, so let me show you what I mean by that.
I'm going to click here on set as variable. I'm going to select here set as a new variable. I'll call it base URL. because this is the URL where all our requests will go and we will only use different endpoints, the value to be saved is available here and should not include the trailing slash, we also have to select the scope, now there are different scopes available in Postman. where we can save this variable, I'll get into that a little bit later for this example, we'll select the scope of the collection, so essentially this variable will be saved in the collection and that's it.
I can go ahead and save this. request again and you will see here if I hover over this variable it has this very special syntax here with double braces at the beginning and two double braces at the end, you will also see the value that it has if you want to change this variable all we have to do is Hover over the collection name. Here these three dots will appear and select here edit and from the variables tab you will be able to see here the base URL variable in case this set variable option does not appear when you select the address, don't worry you can simply go ahead and add manually the variable here for any variable in Postman.
You will notice the initial value and the current value. The initial value is something that will be shared with other people, for example if you share this collection with another person in your organization, a friend of yours or anyone, they will be able to see the initial value and this is fine for this API because it is a public API , the address is known, so there is no secret, later we will use some secrets and we may not want to share them with others and we will keep them at the current value so you can keep in mind that the current value is what is use in Postman. and this is private to you, the initial value is something that is not used when you send a request and will be shared with others, so if you go ahead and run this request again, we will see that there is absolutely no difference, so postman.
We will replace this variable with the address and send this request as before. It's much better for us to have it all in one place. Okay, let's use this API again. So far the state endpoint hasn't been very exciting, so let's take a look at the next endpoint and this is the forward slash books endpoint. This will give us a list of books, so in postman what we can do is select the address that we already have here, open a new tab and paste the address. here because this request is not in a collection you will see here that a base URL is not resolved, here it would say variable unresolved because the variable is only in the collection and this current request that we have here, this tab is not saved in that collection, so we'll go ahead and click here to save the Simple Books API is already selected in case you don't.see here or have multiple collections to select, just select the respective collection where you want to save. the request and I'm going to call this list of books and we're also going to change this to books, so if you're looking here in the API you'll see that we need to send a get request to the forward slash books endpoint. so we have here get git is always by default we have here the base URL slash books so let's go ahead and click on the submit button and see what happens again at the bottom of the screen we will see the response what is important to note here is that we get the status 200 since 200 always indicates that a request was understood and essentially everything was fine, so when you see 200 fine, this means that everything is fine and you will see here that we have a list of different books that you see here this way of formatting data which is called json and it is very easy to get this information which is essentially just text and parse it and use it in virtually any programming language available so this data is very portable from one system to another.
Going back to the API documentation, we will also notice that there are some optional query parameters and this is what we wanted. take a look at this lecture, so what are query parameters? Well, query parameters are some additional data that we can send with our request for some APIs. They are required and for some APIs they are optional. In this case, these query parameters are optional, so let me give them. you are an example we can add here in postman below the query parameters. You'll see here that we have parents selected and right below that we have query parameters so we can type something like write and let's say we're looking for a Chromebook, so I go.
To write the crime value here, you may notice that as I write here, the address itself has also changed and you may notice in the query parameters of an address at one point where you see a question mark and then you will see something like a key pair -worth. so the key is type, then we have the equal sign and then we have a value. In this case I hope this helps us filter out all of these books and only get the books that are crime books. Now this time something different will appear here. First, see that the status has gone from a status of 100 to a status of 400.
When you see a status of 400, it usually means that you have done something wrong, so the API has understood your request, but everything you have sent is not correct. and most of the time you will see additional information in the body of the response that says here and it is very important that you read these errors. Sometimes they are a little technical and maybe confusing at first, but you just have to endure them and try. to understand what's going on here it will say invalid value for query parameter type the query parameter type is what we are trying to send here this type and it says here it must be one of fiction or non-fiction, so essentially the answer is revealing we, hey, you have sent something here that I didn't expect, this is not valid, we only accept fiction and non-fiction, there is no crime or anything like that, so if I select fiction here and replace crime with fiction, you will see also the The address here has changed, so I will bring back the list of only fiction books and you can even see here that everywhere it says fiction, fiction, there is no known fiction anymore.
Now these query parameters tend to be a bit confusing at first because it seems quite arbitrary like why they should be called type or why it works this way and the thing is that there is no rule about what query parameters are available you can only know By reading the API documentation we can add parameters, for example I can make up the parameters as complete. and we give here the value bar and notice here how the direction has changed. Now we have this end sign between the pairs. This is how you can send multiple pairs of query parameters with your request, but essentially nothing has changed, so we can't send data. to the API, but that doesn't mean that the API will look for this data and do anything to change it, which is why it's important to consult the API documentation which is documented here.
They are optional, so they are not necessary. There are two. Optional query parameters, one is the type and the other is the limit. Also, with query parameters in postman, what you can do is simply click on this checkbox and if you uncheck it, you will see that the query parameter disappears from the address and if at some point you decide that you no longer need that query parameter, you can just hover over it and you should notice this x here. You can click on it. This will remove that query parameter. Okay, it's time for a task, now you have to go and study the API documentation. and use the limit query parameter and add it to your request.
I also encourage you to try different values. I'll give you a few moments to pause the video and try this on your own. Okay, let me show you how. First of all, I would solve this task. It is always important to go back to the documentation to understand what is happening. It's also important that whenever you use a query parameter you use it exactly as stated in the documentation, which I usually like. What you need to do is just copy the name so that you don't enter anything wrong, make mistakes while writing that specific parameter, whatever it is, we will see here that it should be a number between 1 and 20.
So let's try to understand. What does this? I'll just paste it here so you can see that it's been added. It still has no value. Let's say I'm going to write here a limit of two and what I hope this does is just give. we two results back, you see here now we have four books that are coming back and now with the limit of two we only get two books, that's great now if I try something else like for example 25, I will get here a bad request now again. We've sent something to the API and the API doesn't allow it, so it says here that you can't get more than 20 books in one request, for example, for performance reasons, so we have to adapt this to something that the API accept. we can see that 2 has been what I was saying before that it's very easy to write something different, for example if I type limit with a capital l, I won't get just two results, there will be more results, so essentially we can say that limit with a capital l and a limit written all in lowercase there are two different query parameters and the api only recognizes one of them and totally ignores the other it's like writing here foo and with the value 2 it doesn't make any difference let's continue exploring this api Now we have a list of books , but as you can see, there is a lot of information about each book and the reason is that this view here where we see a list of books is a simplified view if you take a look at the documentation here.
The next endpoint we can use is to get a single book and this time the path will look a little different, so we're going to copy this path here, open a new tab, paste it here and of course you should also use the base URL , so the first step is to simply save it to the collection to get a single book. This is what I'm going to call this and as soon as the request is inside a collection, I can use the syntax with double curly braces, so double curl. braces and a variable we are trying to use is the base URL and this has been detected.
You're probably wondering what's up with this book ID here in the address. This is what we call a path parameter or a path variable because, as a name. The variable implies that it changes all the time. This endpoint allows us to specify a value for this path variable that represents one of the books we are trying to obtain additional information about. We look back at a list of books. You will see here that each book has. an id you will see here id 1 id 3 id 4 id 6 and so on, so let's go ahead and edit the book id path variable here and put the variable 1.
And just a few seconds later, we now have just one book that we are achieving that this final point allows us to obtain a single book, but now we obtain more detailed information. We can see the ID and name. We already knew that, but now we see information about the author, the code of the book, the price of the book, how many. books are in stock etc. so the purpose of this endpoint is to give us detailed information instead of having here a list of books that contain a lot of information, we can get specific information from this specific API that we only need. to know the book id if we enter here a book id that does not exist for example 100 what you will get is 404 not found you probably know 404 not found when browsing the internet when you end up on a page that does not exist anymore the same principle that applies to APIs, in this case we are trying to get the book with ID 100 and the API tells us, hey, there is no book with ID 100, this will always also be reflected in the error itself.
What's interesting about the path variables is that they are different from the query parameters we've used before. First of all, you will notice that there is no question mark here other than this key identification of this book. This is not something that will be shipped, so to make it even more. explicit, this is what will be sent, it will have the base URL, slash, slash, a postman will replace that route parameter with the value that we see here in the editor, a little better, it's easier for us to see and one here will be part of the route just as the books are part of the route, but the books are always there.
The books don't change, but here we can have id1, we can have id2, we can have id4, etc., that's why we prefer the syntax where we specify here the book ID how we call this, we can call it book ID, we can just call it ID, it doesn't really matter because as I mentioned the key itself versus the query parameters will not be sent, it is also possible to use both the query parameters and the path. parameters there is nothing stopping you from adding a query parameter called complete with a value bar, but this is something the API has to accept, since in query parameters, if you just send some random data, the API will ignore it for complete, so let's remove this. query the parameter and save the request, let's say we have identified the book we want to order, then what would be the next step?
We need to go back to the documentation and to understand how to submit a request, you can now see the endpoint that I need to use orders, but this time also the http request method. We no longer obtain data with the publication. We are sending data, so we need to create a post request with postman. I'll copy this endpoint and do the same process once. Again, if creating this request manually is too time consuming, you can also go here in your collection to an existing request, click on the three dots and click duplicate, we will create a copy of that request where we already have this request saved so that everything what we have to do is enter the new path and we can also change the name, so for example here we will name this request order book, as you remember we can no longer use a get request if we try to get a request, this it will not work.
I have to select a post request now, as you remember, with the post request we have to provide a body, so if we go here to the body, you will see that we don't have a body, but anyway we are missing something for this, so I'm just going to click submit and see what happens this time, we'll get a 401 unauthorized and it says here in the error that the authorization header is missing when working with API, some endpoints such as status or endpoints of this book, were public. and does not require authentication, essentially anyone can use other endpoints, for example this one where we are essentially trying to create something, create an order, they can be private and require authentication, this totally depends on the API provider, there is no rule strict to tell you that. you know for this case you need authentication for others you don't need for some APIs they are totally public but especially if you are trying to create data most of the time you will have to deal with some kind of application if you look here in the API it will also say it requires authentication, so to figure out how to deal with this we have to look at the part of how to make this authentication work, so if we scroll down the page we will see this part with API authentication says here to send or view a order, you need to register your API client.
The API client is in our case the postman client server communication is what we are doing, we are the client, we are sending http messages to the server and the server is responding, what essentially means is that we need to register in the API and it is a way for the API to identify who is sending this request and who is creating the data, if data has been created. There are many authentication methods when it comes to APIs and it is impossible to analyze them all. I will only explain to you a case ofvery typical usage that you can find with essentially any public api you are trying to use.
The purpose of this registration is to obtain what is known as an access token. The Nexus token is like a temporary password that you get and you can use that password with all your requests and this way you are authenticating yourself, don't worry if it doesn't make sense right now. We will get to this in a second so this time we need to send another post request and this post request should go to the clients of this api dash endpoint and it should also include the following json body and here is an example so again . I'll just go ahead and save this order book.
I'll duplicate it, let's call it register API client and the end point will be a forward slash for API clients. You can add a trailing slash or not for most APIs, as you remember it won't make any difference. We have to select the post http request method here because post will allow us to send a request body. I'm going to click here on the body and instead of none, which essentially means don't send any data with a request so we can send a json request body we have to select raw here and from the dropdown menu that you see here we're going to select json, let's go back to the API documentation and luckily here we also have an example of what this request body should look like So I'm just going to go ahead and copy this example here and paste it here.
Basically what we send here is that we give ourselves a name and we also specify our email address. It's very important that when you send json that you make sure that this json is valid, for example, if I don't put these values ​​in double quotes or if I forget one of these double quotes here, something red will appear essentially if you see something red when you're trying to send json it is not a good sign and you should go ahead and fix it in this case everything looks good so I will click submit this time we get a different status code and this is 201 created two one created is quite similar to 200 so which means it's okay, everything that starts with two somethings is usually good.
The sign means that everything was okay. Anything starting with four indicates that there was some problem with the recurrences we sent and if there is something like 500, it usually indicates a problem with the server or some other problem, so now we have sent our name and email. and we got an access token, this is the password that we can use in the next request, so I'll just double click on it, copy it, go to our collection, click edit, open variables here, close this documentation, here I'm. I'm going to write the access token here. Now the initial value is something I don't want to provide in case I share it with someone.
This is my token. I don't want to share it with anyone else, so I won't add it. to the initial value, the current value is what the postman is using within this facility. I want to make sure this access token is saved because if I try to send this request one more time with the exact same data, I will get the API error. The client is now registered and you will see here that we get another 409 status code conflict, indicating that something has gone wrong. Basically, this API client is already registered, so make sure to use another email address;
It doesn't have to be a real email address. for this API now we have this token so we can close this request and let's go back to our post request now as you remember here it says that there is a missing authorization header so we have to go back to this header which we avoided until now when working With API, you will not be provided with a form where you can add your username and password, so we always need to send this information in some way with our request, especially when authentication is necessary. Typically you will add this authentication information to the headers that some APIs allow you to do. to add them as query parameters, some of them allow you to add them in the body, but it's quite common to add them to headers.
Now there are some headers here that Postman added for us and we can take a quick look at them. Basically, one of the most important ones is the user agent, which essentially identifies who is making the requests, it also indicates what kind of responses are accepted, etc., and here we have to add this authorization header, now we don't want to get too technical. Now, Postman is known for making things a little easier for us. Here is this authorization tab. If I click on it, you'll see that we have different types of, let's say, authorization helpers that we can use.
Now I know the list is a bit long and I won't be able to get into each one of them, but essentially what we have here is a token, so we'll select the beer token and you'll see a simple form here where you can simply add your token. . Now we don't want to add our token here, we're going to use our variable, so again using the syntax access token, we're going to select it and you'll see here that it's available, so double curly brace at the beginning and then exactly the name of the variable just like you had it and if this request is saved to the collection and you hover over it you should be able to see the value.
Perfect, now if we go back to the headers, you'll see here that postman has automatically generated a header. that's called authorization, exactly the header we're missing and it has a value in a very specific way. This beer token authorization should include the word beer, then a space and then essentially the token, so that's it instead of doing this manually and we can definitely do this manually as well. We can use this authorization wizard in Postman and Postman will take care of it. It's absolutely the same. I just wanted to show you what's happening from a technical standpoint.
Okay, let's hit this submit button one more time. and see what's happening now, this time we don't get a 401, we still get a 4 and something, we get band requests 400 and it just tells us an invalid or missing book id, so we're trying to submit an order that we have. We haven't specified anything, but we'll sort it out a little later, so let's resubmit this order. We wanted to order a book and we have to tell this API what book we want, so if we go here to the body and select raw example and say something like we want to reserve with id1 and send this request.
I'm afraid the API won't understand what we mean by this, so again we have to look at the API documentation to try to understand how to do this and how to submit. this information how to specify what we want, in this case, to submit a request, you will see here an example and again we have to send a request body in json format and include these properties and fortunately, again we have an example here. which we can just go ahead and copy so I'm going to completely replace this with this json here and I wanted to take a moment to talk about json because I know a lot of people who are just starting out with json sometimes have problems and the most common problem is generate invalid postman json, as I mentioned before, try to take care of it and help it if you make any mistake.
Still, it's important to understand what json is now. json is essentially just a key value way of sending data, for example here the key is the book id and the value is 1 and again we have a comma here separating this, let's say values ​​we are sending key-value pairs and the next key-value pair is the name of the customer and it has the value john if we try to write something different instead of this column we are adding an equal sign here, this is not valid so it has to match the syntax of what json It's essentially from a specification point of view, we have these quotes here, so if you specify one of the keys without using the quotes, this again is not valid json, so we need to specify these quotes, they also have to be double quotes, they can't be single quotes, there is an exception to these quotes and you probably already see it here.
It's not between codes and you may be wondering. Why is it like this? The truth is that we are using quotes when we send strings. The reality is that we are sending many strings, for example, John is a string if we have an address that is also a string, but one here is one. number we can also have a boolean value for example if we specify something like true or false that is also fine so there are some exceptions and if we put for example one between two double quotes this would be a valid json but Technically it will no longer be like that. speaking a number, it will be a string, so keep in mind that you must send valid information to the API if you send invalid json.
That API won't be able to understand what you mean and let me give you a For example, I'm removing this comma here, you'll see here. The postman is trying to warn you that you don't care. Keep going and you will receive something like this. It is not actionable. I can't work with this. This is what the API does. is telling you so always pay attention make sure you understand what the postman is trying to tell you make sure the json you are sending is valid so welcome to the next task and in this task you have to create this request publication that should be ready, submit it and see what's happening.
Additionally, I want you to see and identify a book within a book collection that has a stock of zero, so essentially not in stock, and try to order that book as well and see what's happening. I will give you a few seconds to pause the video and do the task on your own and I recommend that you practice this well, so let me show you how I would solve this task. Basically, we should have a valid json here, so if we go ahead and press the submit button, what we will get here is the status tool that was created, so we have successfully created this request, it even says here and the response is created as true and we'll get an order right here, that's totally fine. so it means we have sent an order now and this order will be processed, of course the order we send here is very simple, it doesn't include an address, phone number etc, so it's not 100% realistic, but the idea It's still the same now.
What happens if we try to submit an order for a book that is no longer available? First of all, how do we find this book? Well, we have to go back to the list of books here and you can see it here with the filters that we have. I already have them all available. I'm going to remove the full one here and you'll be able to see here that the book with id2 says here available false, so let's take a look inside that book to see what's going on, so I'm going to go to the end point to get a single book and specify a book id and you will see here that the current stock is zero, so I wonder what will happen if we try to order this book and we will get a 404 not found.
I'm going to say this book is not available, please try again later, so this is the task when we try to test APIs and especially when we need to send data, we have a tendency to reuse essentially the same data over and over again. and most of the time this will prevent us from identifying problems with the API, especially if we have been asked to test and make sure that API is working correctly. In this case, there are not so many things that can go wrong. We've already proven what's happening. the id of the book which is in stock and other which is not in stock, you can also try and play with different values, but how about we get help from postman to try different values ​​and for example here for customer name, and you?
I know how to generate a random client name so I don't send all requests with John. Unfortunately, there is a hidden functionality in Postman that allows us to send random data with our request and it is a special type of variable called a random variable. I'm going to remove John here, but I'm going to make sure to keep the double quotes because if we try to send a string without double quotes, you know it's not going to be valid json, so I'm going to open two double curly braces here. the dollar sign and as soon as you do this you will see here a huge list of variables that are available now.
I'm not going to review them all. I'm going to type here randomly and let's say we want a random full name for everyone. Ok, let's click here on submit and again we will get the error that the book is not in stock, so let's try a different one and now again a new request has been sent. The problem now is that we are sending something, but we have no idea what we have sent. Fortunately, Postman has another interesting functionality and that is the Postman console. It's a little technical and a little geeky, but it's important to use it as one of the most important tools.
When you use Postman, you can find one. The postman here right at the bottom of the screen should say console and it will open up inside the postman. Usually you should already have a long list of things here that we don't need right now, so what I'm going to do is I'm going to click here on delete, let's send this request oncemore and now this time we will see here the post request coming out with a complete address on the order endpoint. I can expand it by clicking here, you'll see the request headers here. are not interesting, but also the request body, so let's click here on the request body.
This will open an additional window here within the console and you will be able to see the body of the request that we have sent. The postman console is particularly useful for debugging when something goes wrong when you don't understand what's going on, always go back to the postman console and take a look at the request, see what happened there, see here, the book id is one, this is the name of the client we sent, so this has been randomly generated by postman if you don't need it anymore, the first x here is to close the request body and the other is to close the console.
That's all. I want to take a short break now from Postman and so far in the course. You've seen a lot of ways to use Postman, but in this session I wanted to go a little deeper into how not to use Postman, so to be clear, you've seen that we've used Postman to interact with APIs. Postmate is not a tool for dealing. With user interaction, think about if you have a website with a form or buttons and you need a tool to click on them. boozman is not a tool that deals with those things, it only works with apis postman is also not a tool for performance testing. or any type of testing where you need to send many requests in a very short period of time and also, Postman is not designed for security testing.
You can use it for security testing, but this is not the main focus of the tool, there are many others. tools that I think do a much better job of helping you test to see if an API is actually secure, so I hope this short lesson has helped you understand if Postman is the right tool for what you're trying to do. We have already done it. I sent out a few orders, so maybe now is the time to see how many orders we have. In order to see it again, we have to look at the API documentation to see if there is anything that can help us in this regard.
See here. right below submit an order, there is also this endpoint to get all orders, which is essentially the same slash endpoint, but this time we only have a get request, we are not trying to create an order, we are just receiving a order that we are essentially receiving. all the orders we have, so let's go back to postman and we'll be lazy again and we'll just duplicate this request. Get all book orders will be the name of our request because we have duplicated it, we also have the authorization header with us. so this request again requires authorization and instead of publish, we will simply select get and luckily if we look here within each order, we will see a list of all the orders that we have.
Each order has an order id which you can see here, it is no longer a number, it is a The string says here which book we have ordered, who is the customer name, also the quantity and such information, and these other orders have been created using this random full name functionality that we have found in Postman and this has ensured that we can now have different names that we are sending, so essentially these are all the orders that we have in this task. I'm asking you to take one of these existing orders and view it individually, so instead of looking at all the orders, take one order id and find out if there is an endpoint that allows you to see a single order id gives you a few seconds to pause the video and then I'll show you how to solve this, so let's go back to the API documentation and see what we can do.
Look, here we have an endpoint getting order and the structure of this endpoint is quite similar to the one where we were trying to get an individual book, so we're going to go ahead and copy this, come back in postman and duplicate one of the requests that we have and I'm going to replace the orders here with this endpoint. I'm going to make sure there are no spaces or anything like that because this will break and postman will send this request to the wrong endpoint. I'm just going to rename this to get an order and also we need to specify this order.
ID, so if I'm just sending this as it is now, essentially the postman won't send anything, so we'll send the request to the orders endpoint so you can see all the orders in case you're wondering what happened there and if you type some value that does not exist. I'm going to get a 404 not found, so I need to get an actual order, so the actual order, let's say, would be this one for John. I'm going to paste the order ID here exactly as it was. in the other request and now we'll see an individual order that you're getting here, so that's it, you know, if I'm looking at this order right now, I'm not very happy with the customer's name, John, it's not the full name, so how can we change this now?
If we go back and use the post request once again to order the book, essentially two orders will be created, so I was wondering if there is a way to update this and luckily the API documentation here will notice this. endpoint that says update an order and it will use the http request method patch to update this existing order and it will require authentication and only allows us to update the client name depending on the API you can update the entire order or just some specific properties. It depends from one API to another and again here we will get an example of how to do this so let's try to update this order.
I'm just going to copy this customer's name here and essentially the structure is the same as getting an order, for that reason I'm going to duplicate this name and rename it so that I can identify it easily and for some reason the parameter here got lost, maybe I forgot to save it here before creating it, don't worry, I can just go ahead and Copy this from here so we have the exact same request. I'll try again with get. I realize this is the order we're trying to update, so I'm going to select the patch here and the patch is again. one of these http methods that allows us to send a body, so I'll click here on the body, select raw and again we'll send json, I'll paste it here, so let's add another value here. and we can even use this postman random variable here, so let's say a random last name, this would be good, so let's save it, let's run it again and we won't get anyone back and this is totally fine because the status will be indicated via the http response status and this is 204 again. 204 indicates that everything was fine, so if we are trying to get that order again, you will see here that the customer's name is john anderson and we have managed to update the same order. the order id is still the same the book we are ordering is still the same the only thing that changed is the customer name now suppose we already have too many orders here and we are trying to delete some of them with patch itself we can just update the information, but now we need a way to delete this request.
Let's say we already wanted to test something but we don't need it anymore, so going back to the API documentation, you may notice that there is also an endpoint to delete a request. Basically the path for all these operations from getting an order, updating an order or deleting an order remained the same, the only thing that changed was the http request method that we had used, we had used a patch, we had used a post to create an order and now we are using delete, so delete does not require anyone, we just have to specify in this case what is the order id again.
What we are using here is just an example and it is always important that you study the documentation of the API you want. I'm trying to use it just because a respective endpoint works one way with one of the http methods for this API, it doesn't mean that all APIs work exactly the same, so to update an order I'll just continue here, click here on duplicate I will call it delete order and I have to select the correct http method, this is delete order id is already pre-populated here so all I have to do is click submit.
I'll get here 204 not content, but if we're still not sure if it worked correctly, we can go back to get an order, so if we try to get the same order that we deleted, you'll notice that it's no longer here and especially if we try to see everything. The orders we have will see that we now have one less order, so obviously the delete order worked correctly. Let's save this as well and it will also display correctly here in the collection. You may notice that we already have quite a few tabs open. let's go ahead and close them so what you can do is just close all the tabs and if there are unsafe changes you will have the ability to save those changes if you have a lot of tabs and you don't need them anymore because it only contains temporary data you can just do Click here on the three dots and select force close all tabs and you will be prompted welcome to the second part of the course where we begin to lay the foundation for automating the testing of this API as you have seen.
So far we started working with the API, but there is still a lot of manual work involved. If someone changes the API we have to retest everything manually and this is not much fun and also time consuming instead of checking the API with our own eyes. Let's let Postman do this for us by writing API tests. We also want to avoid any manual intervention such as copying and pasting data from one request to another. Automation means we let Postman do the work and only intervene if something goes wrong at the end of the process. In the course, you will know how to test this API with just one command or just one click.
This is the most exciting part of the course, so let's get off to a good start, let's start writing API tests. So far, we've tested this API manually and gone through all of these requests and essentially created a sort of workflow. We first check if the API status is correct and get a list of books. We look at a single book. We asked for that book. We take a look at all orders. we got an individual order, we updated that order and finally we deleted it and of course for some of these operations we also needed to register with this API, the way we have seen it is for example the status of this API, essentially for postman as long as the request has been sent and something comes back, this has been a successful request response interaction, the postman has no idea unless we also tell the postman whether this was successful or not and tell him when inspecting the answer, normally we are looking at the answer.
We're not looking at the requests as much because we already know the request, we look at the response and we look at, for example, the status code, we think here 200 and we look at the body here and we see the correct status. So instead of us manually looking at this information, let's tell the postman to do this for us and to do that we'll change here to this part of the request where it says here tests and this is where we can write tests of what you can write in this window here is the programming code it's javascript if you want to be very specific about us luckily if you're not really into programming or you're just starting out don't worry I'll try to make things as easy as possible. as it gets postman here you have this window with so called code snippets that essentially allow you to quickly do some things with javascript without writing a lot of code and especially for us as


s right now, that's totally fine, the simplest test we can do it.
What I can write is to test that the status code is 200, so if we scroll through the fragments here, you should be able to identify one of the fragments that says here the status code is the code and if you click on it, this code will be generated now if for some reason. reason these snippets have changed or you can't find them anymore, don't worry, you can just go ahead and type it in as you see it here now. This is a piece of code that will be executed when the response arrives and the postman will check if the status is 200 and you can even see it here in the statement that we are writing here.
It's easy to understand, it says here: pm.response.2 has status 200. So it's relatively easy to read, so again you know what's going on here. and also the postman knows what's happening here so let's send this and now if we were paying attention here on the test results it will say one of one and if you click on it you will see here a green road map that says that the status is 200 whenever we are. While writing tests we should always make sure that it will also fail in case we have made any mistake while writing this code here it is totally possible that this test will break or it will always show that it is working when sometimes it is notworks, so let's try to fail this test.
We can fail this test by entering an address here that doesn't exist, for example if I type status foo here and pretend that the API will send me something else, I can make this test fail and you will see here that we expect the status. The code is 200 but we get this assertion error. The response was expected to have status 200 but I got 404 as you see here. 404 I'll fix it again, but this was just a little test to indicate that what we've written here is working. correctly, now if the status code is, let's say, good, but not enough for our use case, we may also want to take a look at the response body for most APIs, the response body will be written in json, this is just a very simple way to send data from the API to Postman or any programming language, let's say, and transform it and use it there, essentially the data that comes back is relatively easy for other programming languages ​​to use and understand , so let's try to write a test that checks that the state is correct now, the first step we need to do is parse the response and people usually wonder when they hear about parsing why we need to parse it and the reason is what you see here. json but this is essentially just text, it is not an object that we can use within javascript, for that reason in javascript what we will do is define a variable so that the constant response defines a javascript variable and we will initialize it the same and this is something which comes from postman so I'm going to write pm.response this contains the response and we are going to call a function called json and a function call in javascript is always like this so inside this variable response in javascript, now we will have the response which will be parsed from json into a javascript object.
If you want to take a look inside and see what the response value is, we can go back to our old friend, the postman console, by default, the postman. The console will not log the values ​​of the different variables that are available unless we are told to do so. We can use, for example, console.log, which is again a function and we will specify in this function parameter and that parameter is the response, so let's go ahead and open the console. Again I'm going to delete everything you see in here. Hit submit one more time and you'll see here that the request that was sent is blocked by default and then you'll see here from our console.log statement you'll see here. this javascript object that has been created from parsing the json response, the way it is represented looks quite similar to json but it is not json, it is a javascript object, now let's say we are trying to get this right here and we have here an object that has a property called state now in javascript there are two ways how we can get to that property we can write the response that state and we can record that information and you will see here now it says okay or the alternative is to write this state in square brackets like a string and this is sometimes necessary when dealing with names that contain, say, a hyphen or other special characters, maybe a space or something like that that will break the syntax, so this is another way to use it. but the most common thing is that you see it this way.
They both returned. Well, now we have achieved something very important and that is to get to the data that we are trying to test if we cannot read it. having it in our console after using it with the console log, there's no point in writing a test yet, especially if you're a little confused about json and javascript and parsing and everything, first make sure you look at what you're trying to test. inside console.log is fine, so now we have it there. We know it exists, so let's write another test. A test in Postman always starts with pm.test and pm.test is a function that takes two parameters, so you can see here pm.test, this is a function, the first parameter will be the name of the test, so let's say that here the state should be fine, it is totally up to you what to write inside here and the second parameter, this is a little more complicated, we have to specify the second parameter after a comma and this will be the so called callback function. and this has a syntax like this or it can start as a function this these two syntaxes are compatible with each other this one is a little more modern now I'm going to press here enter and this is where we can start writing our assertions by default, if we leave this empty test, it won't do anything, it doesn't really matter what we have here as a name, it will show it here as past even though we don't have assertions.
Now we'll start with something very simple and What we're going to do here is write something like pm.expect and we can expect for example a point 2 eql to be equal to 1. You have to be very careful when writing the syntax and it should look exactly like I. here let's hit submit again if I see that 1 is expected to be deeply equal to 2 we expect this to fail it will say here the assertion error 1 is expected to be deeply equal to 2. Don't worry about this deeply equal it is essentially failing and what he says is not equal to everyone at this time, how can we make this statement that the state is fine?
We already know that this object here with this property contains good, so let's check if it contains good, so instead of this hard-coded expected value, we'll paste it here. and here in double quotes I'm going to write "it's okay", so let's send it again, we'll see what happens and if I write something else, for example, not okay, it will fail and I'll say expected "it's okay" to deep equal "it's not okay ", so this is an additional test that we have written in addition to checking that the status is 200 if for some reason again we call here the full status bar for the endpoint that does not exist, we expect a few things to happen, so first of all nothing we will get here 404 not found but also here this entire code that we have here will also fail because we no longer get json.
This is not possible, so it will fail completely, but this is just a very simple way of how to ensure that this simple endpoint is working correctly. Now it's time to do another task based on what you learned in the previous lesson. I want you to write a status code test for all requests within the collection and I also want you to make sure those tests work correctly. fail if you have to, I'll give you a few seconds to pause this video and then I'll show you how I'm going to create this so that nothing stops us from starting with what we already have.
I'm just going to change the syntax here, make it a little more modern, but as I mentioned before, this is absolutely equivalent and shouldn't make any difference. I'm going to copy this and bring it here to the book list, click here on type tests paste it and again the status I get is 200. I see here that the test results work. If I try something else, say books, it will fail with a 404, so it's perfectly fine to re-paste a single book. absolutely the same test and I will be absolutely sure that this will also fail, okay, book now this is interesting, let's see what happens if we just paste this test here and you will see here that the status that we are getting is 201. created that the test will fail, we can adapt this here to check the 201 status and it also makes sense to adapt the test name.
This, of course, is not necessary, but it is good to keep it consistent, for what is now happening. Also, these others are absolutely the same and I'm not going to spend a lot of time making sure they work since they will always come back here 200. This is another interesting one that tries to get an order and that order doesn't. It doesn't exist anymore so we get 404 not found and also our test fails so it's a good thing this happened. We can look back here at the order book result. We can get one of these order IDs.
Set it here. the parameters and running the test here we will see that the status is 200, so this has worked, we have to do the same for the next one where we are patching it, so if I am switching between too many tabs here I am now. inside a patch request when pasting the test, it should have gotten a 204 and I expect 200, so I'm going to change here 200 into 204 and now this one is also passing, delete an order is pretty similar, I'm going to be first let it fail, I am getting here 404 not found. You should also get a 204 by now getting the correct order id and putting it inside a parameter.
Okay, another test going on and also this with the API client registration. I have to identify the correct test and I'm going to paste it here as well if I remember correctly because we are creating something that we hope to get to one obviously by saying the same data again this won't work but now we have a simple test that tests that each individual request in this collection returns the status code and as you have already seen, this is already a pretty important test, it already gives us a pretty good idea of ​​whether that request was successful or not, as you may have noticed in the previous task.
It's particularly annoying and that's copying and pasting this order id from one request to another. Basically, we start here after we have this order book, we get an order ID and then we want to go through all the other requests that we have to paste. He repeats it over and over again and, to be honest, we don't like it very much. I mentioned at the beginning of the course that Postman has different variable scopes and essentially those variable scopes are collection variables that you've seen so far, they're also global. variables, which is a type of variable that is available within the entire workspace for all collections, not just for a specific collection or there are also environments.
They are useful if you have different environments, for example, if you are developing software and you have a premises. local host development environment, you have a test development environment and you have a production development environment, then you can define multiple environments and you can easily switch within them and have here for example the base URL, you can easily swap it with the test environment or production environment or localhost is addressing the topic a little bit right now in terms of this, the problem we're trying to solve is to use a postman variable to store this order id, so what I'm going to do here is copy the value. and I'm going to click here on this eye icon here in the corner and what we're going to do here is define a global variable in the same way that we could have defined this inside our collection as a collection variable, but to be honest , this is kind of like transactional data, we don't really want to save it inside the collection, we can just put it in these global variables and not worry about it as much, so we'll click here in this edit.
I'm going to define here the variable key which is the order id, of course you can call it whatever you want. I don't really care about the initial value. I'll just paste the current value here. The current value is now this, now next. At the time when we create this request we can grab this order id again if you lost it here you can simply click here on this eye you will see here the values ​​and you can even click here on the current value and change it easily make sure don't add spaces or new lines where you are pasting data, so now in the next request to get all the book orders, there is nothing we need to change, but when we have here we will get an order instead of manually specifying this parameter here.
I'm going to use the order id here with double braces. You'll notice that this is the order ID that we just saved, so I'll even copy this variable here. Go to the next request. Replace this too. Go to delete the order. Replace this here. Also, the next time we click here on orders, let's see what will happen, so we'll get a new value. Let's get a new value here again. Click on the environment. Replace it here if I'm trying to get an order. I'll look at that order and it should be exactly the same so we can check what we have here for a variable from what we get in the response.
I can update that order. I can go back and see the updated information and Of course I can go ahead and delete that order and if I try to get it again it won't be there anymore and as you may have noticed the postman tests ran in the background and already give us an idea if all went well. It's either okay or not, so we don't even have to look at the response body or anything like that. In this case we went off the mark in terms of flow, but the rest of the testing was useful and we've now managed to reduce a bit of the amount of manual work we have to do to test this.
If we look back at the collection, we will notice that we still have some requests that contain some data, let's say, encrypted and it all starts with this. list of books where we have seen some of these books, we have identified a book id and we have used that book id in some of the next requests, for example, get a single book, we have here an id which is encoded and of course , then in thenext request when sorting the book, we again have the id here, so this type of hardcoded data makes our tests and our entire collection a little bit susceptible to changes, for example, if that book is deleted and it has this hardcoded value, it will not. does us some good, so we have to find a way to make everything a little more dynamic, so looking at this list of books, let's say, for example, we want to get the first non-fiction book we can find here so that you can Remember we can basically add a filter here so we can add the filter type here and say we're looking for a non-fiction book, so we can change that here and we'll submit this again, we'll just get non-fiction. books, so let's try again setting this to a variable and see what happens.
The question is: how can we obtain this information? We have previously manually set this variable but still want to avoid getting this. We want to set this variable automatically and this. it's totally possible, so let's go here to the scripting part where we have the tests and we also have the response here, so let's imagine that we want to get to this id here, id 2. First of all, let's define a new variable . called response and we are going to do the analysis opm.response.json will analyze the json into a javascript object, open the console again, send the request and we will see here that the data we have, this data format is different from the one we had before because it is a list of books or what it is called in javascript, it is an array which now contains multiple objects, so this book i with id2 is an object, then there is the next object with the other book with id5 if we try it inside the record from the console to do something like you will see here it says undefined and the reason for this is because first we have this array so first we need to get that data from the array and then we have an object where we can call the property id, the array that we have has keys essentially a form that allows us to access that information, for example, if I write a square bracket here and say zero, this will give us the first element of the computing array that we always count. from scratch so that's why the first item has the key zero let me show you this you see here we get these two now the problem here is that this first book is not available so what we have to do is get the second book in the second book we'll have the key trying to get that and we'll get ID number five here, that's fine.
The problem is if this data set changes or for example the first one will become available or the second one will become unavailable. having this data encoded here will cause us some problems, for example, even if something changes in the parameters, we will no longer set this non-fiction filter here, the id we can get if we keep the encoding strict like this. it will be different all the time and we don't want this to be too risky so we have to find a different way to handle this because this is an array we can use a specific function that this array has so we can define it here. a new constant, let's call it, for example, none of the nonfiction books and we can get an answer.
I'm going to use the filter method and inside here we can define a condition. Now the condition that we are going to define here is inside another one. function where we will receive a book of parameters and then with this book we can define a condition for example book point available and we can decide here if available should be true. Of the two books that we have here, we can notice that the first one is not available, but the second one will be available and suppose we will always know that we will get one of these books, so now what we can do is from these non-fiction books we can get the first item that get because we will know that this filter will be available will discard any books that are not available and will only give us the books that are available and then by specifying 0 nonfiction books we will essentially get the first book that is available and that It is a non-fiction book and you will see it locked here.
This way you managed to get to this property that is actually hidden inside the response without having to write something hard coded with the only assumption that all the time you should find at least one non-fiction book that is available for most APIs . This is a pretty valid assumption. The criteria you use here is entirely up to you. You can search by a specific name or by any other characteristic if you are in a situation where you need to filter a list of different objects and extract only one, so far this has not been done. It helped us a lot, so what we want to do next is set that variable as well.
Fortunately, Postman has another code snippet that we can use and the code snippet is called set a global variable, so I'll click on it and it will be generated. here and all we have to do here is specify the following, we will specify here the book id, this is the name of the variable, you can call it whatever you want and then we also have to specify the value and when you are specifying. the value you want to make sure you're not putting anything in between the codes because it's going to be a string, but since we have a javascript object here, we're going to put it in now, of course, we don't want to have the object itself that we want. to get just one property of that object, then I will write here that id to get this object and let's know that the property id is 5.
After submitting this, you can click on this icon here and you will see quite similar to the other variable that we have manually configured, that now the book id has the value 5. So it means that now we can get an updated book id with our requests and we don't have to do anything else now in case something happens. happens and no book is found, it makes sense to take the test, so in case we don't have any books, there is a postman test that will let us know, hey, we couldn't find any non-fiction books and in this case, We're not going to directly assert the answer, but indirectly through this filter that we have, so let me show you what I mean by that, let's go ahead and write a new test pm.test and say here book found, this is the test name will be the callback function and inside we will try to write an assertion instead of logging this.
I am going to define a variable called book and write some expectations so I will use pm. I will expect book to be an object so first of all we expect book to be an object and furthermore we can write other statements for example bm .expect book available to be true and this is absolutely the same as writing pm.expect book available to be true is just a different way of writing it so again this just ensures that everything is as we expect it to be what we are setting up here , instead of using this we can use this and We can also try to make this fail now, it may fail in a different way.
We can write here, for example, instead of equal to true, we can set a filter that will never exist and we will actually get here, first of all, a type error because we are trying to get the property id of something that doesn't is defined, essentially postman will warn us anyway that something didn't go right, but this additional test is that we can write a nice place to make sure we document how the API should behave and document what we expect to return, so I'll fix this and let everything is executed correctly. For example, just to make sure that everything is working correctly, we can also surround this with something like let's say if it's just reserved, then we'll set this global variable so that we make this fail again and then we'll see here that we're no longer getting this javascript error that it says here book found failed so it didn't find a book and then we make the expectation undefined to be an object so this is one way to fix that JavaScript error you've seen before but other than that like this It's how we make sure that what we've written here in terms of JavaScript is handled correctly in case something unexpected happens and now is the time.
For another quick task for you, we have identified a book here and seen that it is available. I wanted to give you the opportunity to write an expectation of your own and I want you to expect this book to be of the non-fiction type. even if we have used this parameter here and specified that it is non-fiction, I just wanted to test it again and also try to make it fail, I will give you a few seconds to pause the video and do the task on your own and after that I will show you how I would solve it, everything okay, this is pretty easy, I'm just going to duplicate the last expectation that we have here because from the structure it's already as it should be and I'm going to change here. property from available to type and the type we're interested in is nonfiction, so let's fix this error here from the top to true and we have tests that are passing, let's disable the type and maybe we can even change it to fiction, but essentially The first book available What we found was a fiction book, for that reason the test did not pass, so now we have made sure that everything we get is a non-fiction book because this was the original requirement and after a task, what is it? better than doing another assignment because practice really matters now this assignment will have two points.
The first is that I want you to use this book id variable that we have saved here and you have seen that it has been saved correctly as a global variable. I wanted to use it in a request to get a single book and also to order a book. This is in the body of the request and is here as a parameter since you're already looking at a request to get a single book. How about you check again to see if it's inside here? So let's write. for example five, I would like to check that the current stock is actually greater than zero and I will give you a little hint on how to do this, so I will continue here just copy the structure of the test here, let's say we are going to write that it is in stock, for so this would be the name of the test and the expectation would be pm.
Expect one two to be above two, a very simple expectation here that will help you by stating that the current stock is greater than zero and you will see here that one is not above two, so it doesn't work. I'll give you a few seconds to pause this and then I'll continue solving the task, so the first part of the task is. super super easy, we just have to replace here any hardcoded value with what we have here book id as a global variable and you can see that it is being processed and we also have this order book and in here again it's super simple, you just have to do it right and we'll be able to test if it's working correctly, we're not getting any errors, so all good, going back to the test we wanted to check here, the property we want to use is this current stock, as you'll remember first of all. we have to parse the response so we define a variable called response and we are using pm.response.json we are parsing that and what we can do here is wait for the response the current stock is above zero the problem is super simple.
What you're getting here is that you'll get this strange error saying that the stock is not defined and you probably won't understand what that means. The problem is this dot syntax, this dot notation when getting properties of an object works. these kind of simple properties that are one word when you have this script here this script here this would be like breaking the syntax and you have to resort to the other syntax with square brackets so we add here this square bracket that we are putting It is the name of the property as a string here, it can be single or double quotes, use it as you want and that will give us the correct property and we will see here, now it is in stock, we are trying to get something that is not in stock, for example, book ID 2, I think It was not in stock.
We will have a failed test here. 0 was expected to be above 0 so it's not working but with our book id here it's working properly so this was the task now it looks like We have all the elements that can help us do proper test automation . We've written API tests that ensure the API responds how we expect it to respond and generally how we expect the API to work and we've also added all of these variables and essentially no longer have to copy and paste anything from a request to the request. following. The next step is to move to the direction of automation.
We want to take this request and instead of going request by request from one request to another and run this manually. I will use a built-in Postman tool. This is the collection runner and the collection runner allows us to run the entire collection with just one click, so let's see how it works. First of all, I have too many requests here open again, so I'm. I'll just go ahead and close them all. NoI need them. Everything is saved and here at the bottom of the screen it's a little bit hidden. You'll find this button, so I'll click on it in the postman above. versions, you can start the runner directly from the context menu of the collection, I'm not sure if this will be added back, but just in case, if you're seeing this a little later, maybe this has returned here in the collection, just saying, "It's okay." So this is essentially the runner and to run this collection we're essentially going to drag and drop it here and here is the execution order in what order this request will be executed now, for example, here the way we've organized it. the requests here in the collection this is how they will be executed, for example here the way we did it is before ordering a book, we first register our API client, so it may make sense to do this somewhere before That, of course, is not affected.
So if we don't want this anymore, we can just close it completely, open the collection runner again, drag it here and you'll see the new order. You also have the possibility to reorder the requests or disable some requests that you do not need. this is in terms of what order this request will be executed. There are other things we want to do. A very important one is to save the answers and, in case something goes wrong, by saving the answers we can take them. a look at what happened, okay, so let's click on this button and let the runner do its job now, as you can notice that some of the requests have been successful in terms of testing and some of them have failed, for example, here register the API client. failed and we already knew that sending the same data would cause this to fail, so it's not a big surprise that there are also others that have failed here, for example getting an order failed now, if you want to better understand what happened we can take a look a look here and if we look at the request here, we will see that we have this request and let's try to understand what happened here.
You will notice that we have this order id, but this is the order id that we have manually coded here we are not updating this with each run and yes, this is your next task. Do you have any ideas how we can fix this? I'll give you a few seconds to pause this video and try to perform this task in Okay, obviously manually coding this is not the best approach and as you can see we completely forgot that this was added manually so what we have to do here is to fix this order, so where does this come from?
Post the request order book and we've added a test, but we won't do anything else, so let's submit it again. This is the property that interests us. If we want to be sure that it works correctly, we can use the console again. .log but we're going to speed it up a little bit, so again we're looking at the response, we have to do this all the time and it's not pm.request.json, it's pm. I have to be careful what I'm writing and we're going to set the global variable and we're going to be careful to name it order ID, so this is the key, this is what the name of the variable is going to be and we're going to get it from the order ID. order of response points.
You see, I'm always copying and pasting this because I don't want to make any mistakes in terms of how I name this. Let's run it again, inspect it and what do we see here. It is absolutely the same order ID that we have in the response, so it means that it has been updated and let's go back to our execution and see if this helps us get rid of the error. I'm going to click here to run again and now I can see that apart from the registration API client that failed, the rest are working correctly and we have at least one status code test that ensures everything is working correctly.
Good job, there's still something very annoying about this logging API client. request, on the one hand, we don't want to get rid of it because we might need it later, but at the same time, when we're automating execution, it's a little annoying to have it there and luckily there's a way to do it. can influence the order in which requests are executed and let me give you an example. I'm going to go here to this API status request. I'm going to go to the tests and what Postman allows us to do is specify here in the code. where the postman should go with the next request and currently this is done by typing postman, this is instead of pm, which is, let's say, the newer way we interact with the postman.
This postman is a bit older and may be replaced later, maybe at the time you are currently seeing this in the version I am using it still works just saying but it allows us to specify where the next request should go and this says set the next request, you will see here the autocomplete and here We will not specify a URL, but we will specify the name of the request, so for example, how about we skip this so that the normal execution goes from here to here and from here to here ? How about we tell the postman to have verified the API? status, go to the book list, so we have to get the name of this request here exactly as it is.
I'm just going to copy the name and put it here as a string, so going back to the collection runner, I'm going to hit this one here and if you look here you'll see that we had the API status. You know, you registered the API client. No, it's not there anymore. We jumped right into the book list and you know the flow continued. We didn't want to skip any other requests and you can see. here that the registration API client is not present, an alternative to do this is to move this right here at the end and for example you can go to this delete order request and specify that postman set the next request and this time We don't want to go. everywhere else we just want to say stop, so to say stop we just say specify null null means don't go anywhere else don't go here, for example, we'll run it again, this one with the API state has absolutely no effect. go to the book list as an instructor, but this is also normal behavior.
What's changed here is that the delete order request will essentially be the last request because it will tell the postman, hey, stop the loop, now what happens with these loops is fine. it can get crazy so you have to be very careful when you use these conditions and especially when you want to stop something if you just want to skip something that's totally fine but I'm just going to demonstrate what happens if I'm going to set it up. to the book list, so it runs and runs and runs, so essentially it will run forever because we don't have any conditions telling it to stop, it will continue to run endlessly, so I'm going to manually stop it here, but especially if you want it.
To do automation, it's probably not a good idea to have a job running all the time, so be very careful about the conditions you're writing and use the collection executor to test it before doing anything else, so we've achieved automate this. with a collection runner we still need to do this manual click there and how about a way to run this collection all the time but not worry about doing that click and there is functionality that is built into the imposition and it is the monitors that you can notice that here from the collections a little further down you have monitors, but also from the context menu of the collection you can select here the monitors collection so that the monitors collection or clicking here on monitors and clicking on create a monitor will take you to this page, so let's look here. the name of the monitor will be Checkbook API.
Say, for example, we want to make sure that this book API is running all the time without us having the postman open or without starting the collection runner and we can define a frequency so that, for example, we can decide to run it. every day, run it every day of the week, etc., so there are a lot of settings that we can select here and I won't go into all of them, of course, which is important here. If you go this route, you should also select the most important collection. so we are using the simple workbook API, the only collection available in this workspace.
I'm going to continue here, click create and once this monitor has been created, you don't need to do anything else, it will start on its own and you will receive an email notification. Something went wrong, of course, just for testing purposes. I will run it manually once, but if you don't write the menu it will start on its own according to the schedule. This execution will be done on postman's infrastructure and is completely decoupled from your browser, your computer or anything else, it's a relatively easy way to check if something is working. In this case, you'll see here that it says unhealthy, something went wrong, so we can scroll down a little bit and we'll see this. report and it will show us what happened and you will see here that the test that we had here in the first request that we have is working, but as soon as we do something with the orders, it will no longer work, the test will fail and say here 401 unauthorized, so , what is happening, there is not that much information regarding this and you will have to guess what happened as remember that at one point we have created within our collection this token that we have generated manually. and we haven't specified it in the initial value now when we created this monitor we have essentially shared this collection with the postman and since we haven't given them the access token they don't know what to do so this will fail so if we continue and we add the current value to the initial value, save it, go back to the monitor and run it again, you will see now that it has worked perfectly, unfortunately when something doesn't work right here it's a little bit harder to debug because you don't have access to all the information that you normally would would have within Postman, but especially when everything is working correctly, it's still a pretty powerful tool now, usually when something goes wrong in automation or with a pickup runner or here with a Postman monitor.
These are usually missing postman variables or something that hasn't been set correctly, so it's always a good idea to check first the most important tool when trying to automate a collection run is Newman and Newman is a CLI tool that can perform a postman collection run. all the tests and at the end also generate a report. If you know how to use Newman, you can run a postman collection with API tests on any professional server that handles building and testing software, such as jenkins gitlabci teamcity or whatever else you use. We're not going to look at specific integrations, but I wanted to show you how we can use Newman correctly.
In order to use Newman locally on your computer, you need to have Nodejs installed and I've added some details on how to do this. I opened the course nodes here in the terminal and I already have a new one installed, so I'm going to type in the version of Newman Dash Dash here and this will indicate that Newman was successfully installed on my computer. Now you are probably wondering how we can get it. go into the postman collection that we have and run it with Newman and that's definitely a very good question. First of all, you can go to your collection, click on these three dots and export this collection as a json file.
I've created a new folder to hold this collection and I'm going to simplify the name a little bit to be postman underscore collection.json let me go ahead and save it. An alternative way to do this is to simply click here on the collection's context menu by clicking on share collection getting a public link and this public link will be generated. You should pay attention that this link is not automatically updated when you update something within your collection and every time you make a change and use this public link it must return. here and click the update link to make those changes visible.
There is also a third way that I won't show using a postman API. Postman also has an API that allows you to access these collections using an API key that will be added. The course points out some details about this, so there are three ways to do it and I will be demonstrating two of them, so from the terminal window that I have, I will go inside the folder where I saved this collection. it's a simple book API and you'll see that the Postman collection is here, so I can just use Newman Run and then I'll specify the path to the collection.
Now you can notice that all the execution has been successful and all the tests. has been generated successfully, everything seems to be working fine. The alternative to using it as a file is something like Newman Run, specifying here the link where the collection is. This can be essentially anywhere it is accessible via http. I'm just going to copy the link that we have here as a public link and absolutely the same thing will happen. The reason this may fail is again due to missing variables or tokens that you may have in your collection that are not set asinitial value or are they only available as a global variable or something that hasn't been exported if you are using for example the environment you also need to export those environments and also specify them here probably one of the most important things when working with Newman is the ability to generate reports and one One of the reports that everyone in the postman community loves is the additional html report which will generate an html report.
Now not only is it nice to have a nice looking report but it's also very useful when you're trying to debug something that went wrong. The report will contain everything that you record, it will contain the entire request and the entire response to really a lot of data. I'll link to it in the course notes, also this reporter and how you can install it, and I'll go too. through the installation steps and how to configure it in a moment, this is the command you need to run to install this reporter. I already have it here and in terms of usage, you can notice here that we have Newman Run here and it's the collection and all we have to do is specify the reporter.
We can use Dash Dash Reporters, which is my preferred way to specify flags or any additional information to a command because it's much easier to read, so this is the Newman Run command. I'm going to write here reporters, we'll still keep the cli reporter, this is the cd reporter that you're looking at here and without spaces, comma and we'll write the html reporter and you're writing these commands, it has to be exactly as it is so it's not a report html, it's extra html, sorry, but you have to write the reporters space and then specify the reporters, they are not equal reporters or anything like that, so be very careful what you are writing and as you have seen, I have written the wrong reporter name, so this ran and I'll look inside the folder to see what this report looks like.
Inside that folder you will notice that an additional folder has been created called Newman and it contains an HTML report here that you can open by double clicking on it. What you'll see here is absolutely like an overview of what happened in terms of requests and responses, with how many requests were sent. You can go to the requests. You can investigate what happened with each request. for example, the order book, you can open it, you can see that it has been a post request, you can see the address, you can see what request headers have been sent, for example, if you have any problem with authorization, you will see it here . if the proper token was sent, if you see here, for example, a postman variable that hasn't been resolved, that's probably one of the reasons why something failed, so it really gives you a lot of information in a very nice format and easy to read for both newman and reporter html there are tons of settings you need to know or especially if you want to get started with this you really need to familiarize yourself with the documentation, try to understand what flags are available, what you can configure, you can specify the report names and a lot of other things we're coming to the end of the course and I wanted to give you an overview in terms of automation and why Newman is so important and where everything you've learned fits in.
Here you have a pretty realistic project that This is an API and essentially this API has a pipeline built into it. This is a piece of software that goes through a compilation process, so this is where the code is compiled. It has some internal tests that run as unit tests and also some code quality. then this API is being deployed to a server and then I have a stage here to do API testing, so once I have deployed this API somewhere, I will use a postman collection in humans to run some tests and make sure that the API is working correctly. and in case something doesn't work properly, I rely on the postman test and the human being to notify me and tell me within this channel.
Hey, the last change you made caused some problems, there were some tests that failed and this is where it all falls into place. together, so for example, if I go to this API testing stage here and I'm looking inside the job, well, what I'll see here is the Newman execution. I have Newman Run here. I am running a collection. I'm also specifying some environments. So here I am using an environment. I'm also specifying reporters like cli reporter html extra junit and specifying where I should save a specific reporter etc., in addition to getting all this information here, you can go here to navigate and I'll see here inside the Newman folder, I'll have the html reporter and here I'll be able to debug if something went wrong to understand what happened etc, that's essentially how everything falls into place. an API that we want to use and test and make sure it works correctly, we have gone through the manual testing process, but once we are satisfied that the API works and we have understood how it works, we have documented that functionality by writing API tests. and we've taken this test run through different stages, first of all within postman just to make sure everything works correctly, but then we've used that collection and using Newman we could basically automate this run and integrate these postman collections with many others. tools we are showing here in the example we get labci, you can do the same thing with jenkins with teamcity circleci or any other continuous integration continuous deployment server you may be using.
We have achieved many things in a very short time. I know. It was a lot to take in, but I hope it was helpful and that this whetted your appetite to learn more. If the scripting part was difficult and you are still confused about JavaScript object arrays and variables, you may benefit from taking a basic JavaScript programming course. If you want to learn more about API and postman testing, in that case you can explore topics related to data-driven testing where you use an external csv or json file to fit different data sets in your request or schema validation, where It essentially tests the structure of the answer. at once instead of going to property byproperty or you can dig deeper into authentication and learn about oauth2.
You'll find links to more advanced tutorials showing different things you can do with Postman in the course notes. I hope you enjoyed this course and I will be very happy to see you again. See you later

If you have any copyright issue, please Contact