book

API Testing and Development with Postman - Second Edition

Name: API Testing and Development with Postman - Second Edition
Author: Dave Westerveld
ISBN: 9781804617908

by Dave Westerveld

June 2024

Beginner to intermediate

358 pages

9h 1m

English

Packt Publishing

Read now

Unlock full access

Preface
Who this book is forWhat this book coversTo get the most out of this bookGet in touch
API Terminology and Types
What is an API?Types of API callsInstalling PostmanStarting PostmanSetting up a request in PostmanSaving a requestThe structure of an API requestAPI endpointsAPI actionsAPI parametersRequest parametersQuery parametersAPI headersAPI bodyAPI responseLearning by doing – making API callsSetting up the test applicationMaking a call to the test applicationA challengeConsiderations for API testingBeginning with explorationExploratory testing case studyLooking for business problemsTrying weird thingsDifferent types of APIsREST APIsSOAP APIsSOAP API exampleGraphQL APIsGraphQL API exampleSummary
API Documentation and Design
Technical requirementsStart with the purposeFiguring out the purpose of an APIPersonasThe whyTry it outCreating usable APIsUsable API structureGood error messagesDocumenting your APIDocumenting with PostmanGood practices for API documentationRESTful API Modeling LanguageAPI design exampleCase study – Designing an e-commerce APIDefining the endpointsDefining the actionsAdding query parametersUsing the RAML specification in PostmanModeling an existing API designSummary
OpenAPI and API Specifications
Technical requirementsWhat are API specifications?API specification terminologyDefining API schemaTypes of API specificationsRAMLAPI BlueprintOpenAPI/Swagger (OAS)Creating an OASParts of an OASPetstore OAS schemasCreating your own OASStarting the fileUnderstanding the API schemaDefining parametersDescribing request bodiesUsing examplesUsing API specifications in PostmanCreating a mock serverValidating requestsSummary
Considerations for Good API Test Automation
Technical requirementsExploratory and automated testingExercise – considerations for good API test automationWriting good automationTypes of API testsOrganizing and structuring testsCreating the test structureOrganizing the testsEnvironmentsCollection variablesChoosing a variable scopeExercise – using variablesCreating maintainable testsUsing loggingTest reportsCreating repeatable testsSummary
Understanding Authorization Options
Understanding API securityAuthorization in APIsAuthentication in APIsAPI security in PostmanGetting started with authorization in PostmanUsing Basic AuthUsing bearer tokensUsing API keysUsing AWS SignatureUsing OAuthSetting up OAuth 2.0 in PostmanOAuth 1.0Digest authenticationHawk authenticationUsing NTLM authenticationUsing Akamai EdgeGridHandling credentials in Postman safelySummary
Creating Test Validation Scripts
Technical requirementsChecking API responsesChecking the status code in a responseUsing the pm.test methodUsing Chai assertions in PostmanTry it outChecking the body of a responseChecking whether the response contains a given stringChecking JSON properties in the responseTry it outChecking headersCustom assertion objects in PostmanCreating your own testsTry it outCreating folder and collection testsCleaning up after testsSetting up pre-request scriptsUsing variables in pre-request scriptsPassing data between testsBuilding request workflowsLooping over the current requestRunning requests in the collection runnerUsing environments in PostmanManaging environment variablesSummary
Data-Driven Testing
Technical requirementsDefining data-driven testingSetting up data-driven inputsThinking about the outputs for data-driven testsCreating a data-driven test in PostmanCreating the data inputAdding a testComparing responses to data from a fileChallenge – data-driven testing with multiple APIsChallenge setupChallenge hintsSummary
Workflow Testing
Different types of workflow testsLinear workflowsBusiness workflowWorkflow testing with the Flows feature in PostmanConfiguring a Send Request blockBuilding a Flow in PostmanAdvice for creating workflow testsChecking complex thingsChecking things outside of PostmanSummary
Running API Tests in CI with Newman
Technical requirementsGetting Newman set upInstalling NewmanInstalling Node.jsUsing npm to install NewmanRunning NewmanUnderstanding Newman run optionsUsing environments in NewmanRunning data-driven tests in NewmanOther Newman optionsReporting on tests in NewmanUsing Newman’s built-in reportersUsing external reportersGenerating reports with htmlextraCreating your own reporterIntegrating newman into CI/CD buildsGeneral principles for using Newman in CI/CD buildsExample – using GitHub ActionsSummary

Monitoring APIs with Postman
Setting up a monitor in PostmanCreating a monitorUsing additional monitor settingsReceive email notifications for run failures and errorsRetry if run failsSet request timeoutSet delay between requestsFollow redirectsEnable SSL validationAdding tests to a monitorViewing monitor resultsCleaning up the monitorsSummary
Testing an Existing API
Finding bugs in an APISetting up an API for testingTesting the APIFinding bugs in the APIResetting the serviceExample bugAutomating API testsReviewing API automation ideasSetting up a collection in PostmanCreating the testsAn example of automated API testsSetting up a collection in PostmanCreating the testsUpdating the environmentAdding tests to the first requestAdding tests to the second requestAdding tests to the POST requestCleaning up testsAdding tests to the PUT requestAdding tests to the DELETE requestSharing your workSharing a collection in PostmanSummary
Creating and Using Mock Servers in Postman
Getting started with mock serversWhat is a mock server?When to use a mock serverThings to be careful of with mock serversSetting up mock servers in PostmanModifying mock server valuesCreating more mock valuesMocking route parametersMocking dynamic dataUsing mock serversUsing private serversMocking a third-party APISummary
Using Contract Testing to Verify an API
Understanding contract testingWhat is contract testing?How to use contract testingWho creates the contracts?Consumer-driven contractsProvider-driven contractsSetting up contract tests in PostmanCreating a contract testing collectionAdding tests to a contract test collectionRunning contract testsUsing Postman InterceptorRunning and fixing contract testsFixing contract test failuresSharing contract testsSummary
API Security Testing
OWASP API Security listAuthorization and authenticationBroken object-level authorizationBroken property-level authorizationUnrestricted resource consumptionUnrestricted access to business workflowsUnsafe consumption of APIsFuzzingFuzz testing with PostmanCleaning up the testsFuzzing with built-in methods in PostmanSummary
Performance Testing an API
Different types of performance loadProcessing loadMemory loadConnection loadUsing load profiles in PostmanFixed load profileSpike load profileRamp load profileEndurance load profileRunning performance tests in postmanRunning multiple requestsPerformance testing considerationsWhen to do performance testingBenchmarkingRepeatabilityCollaboration and communicationSummary
Other Books You May Enjoy
Index

Content preview from API Testing and Development with Postman - Second Edition

14 API Security Testing

Security testing is its own area of specialization. It is probably worth an entire book all on its own. I’m not a security testing expert, but I think that every tester should at least have a basic understanding of this important topic. If possible, you should engage with security experts, since security breaches present one of the biggest risks to an API, but even if you do have access to them, there are some things you can do to at least establish a minimum bar for security in your application.

Perhaps you just want to do a sanity check before you have the security testing team look at your API. Perhaps you don’t have access to security testing professionals. Whatever the case may be, in this chapter, I will help you ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

API Testing and Development with Postman

Publisher Resources

ISBN: 9781804617908

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

API Testing and Development with Postman - Second Edition

by Dave Westerveld

14

API Security Testing

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.