QA Testing

Mastering API Testing with Postman

Updated: May 2026 25 Min Read By Ram Technical Help Editorial
The Backbone of Modern Apps

Modern applications rely heavily on APIs (Application Programming Interfaces). If the API fails, the entire application fails. Postman is the industry standard for testing these critical junctions.

1. What is an API?

Imagine a waiter in a restaurant. You (the client) give your order to the waiter. The waiter takes the order to the kitchen (the server), gets the food, and brings it back to you. An API is the waiter. It is the messenger that takes requests and tells a system what you want to do, and then returns the response back to you.

2. The Core HTTP Methods

When testing REST APIs in Postman, you will primarily use four HTTP methods (also known as CRUD operations):

  • GET (Read): Retrieve data from the server. (e.g., Get a user's profile).
  • POST (Create): Send new data to the server. (e.g., Create a new user account).
  • PUT (Update): Update existing data completely. (e.g., Update an entire user profile).
  • DELETE (Delete): Remove data from the server.

3. Understanding HTTP Status Codes

A massive part of API testing is verifying the status code returned by the server. The first digit defines the class of response:

  • 2xx (Success): 200 OK, 201 Created, 204 No Content.
  • 3xx (Redirection): 301 Moved Permanently, 304 Not Modified.
  • 4xx (Client Error): 400 Bad Request, 401 Unauthorized, 404 Not Found.
  • 5xx (Server Error): 500 Internal Server Error, 502 Bad Gateway.

4. Writing Assertions in Postman

Manual API testing involves sending a request and reading the response. Automation involves writing JavaScript assertions in Postman's "Tests" tab to let the computer verify the response for you.

// 1. Verify Status Code is 200
pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

// 2. Parse the JSON Response
var jsonData = pm.response.json();

// 3. Verify specific data in the payload
pm.test("Verify user name is John", function () {
    pm.expect(jsonData.name).to.eql("John Doe");
});

// 4. Verify response time is acceptable
pm.test("Response time is less than 500ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

5. Postman Collections & Environments

To scale your testing, you should group your API requests into Collections. You can then run the entire collection sequentially using the Collection Runner.

Furthermore, never hardcode URLs (like http://localhost:8080/api). Instead, use Environment Variables like {{base_url}}/api. This allows you to instantly switch your entire test suite from a Development environment to a QA or Production environment without rewriting a single script.