Using Postman | Bondar Academy
Course: Cypress UI Testing with JavaScript
Module: Working with APIs
Instructor: Artem Bondar
Lesson Summary
In this lesson, we explore how to use Postman to interact with APIs, specifically focusing on the Conduit application . Postman is a powerful tool that allows users to easily understand and test API requests and responses. Getting Started with Postman Visit postman.com to create a free account. Download and install Postman for your operating system (Windows, Mac, Linux). Sign in to your account to access the Postman interface. Making API Requests Once in Postman, you can create API requests by following these steps: Select the request type (GET, POST, etc.) from the dropdown menu. Enter the API URL in the designated field. For GET requests, you can add query parameters under the Params tab. For POST requests, specify the request body in JSON format under the Body tab. Click Send to execute the request and view the response. Authorization To access secured endpoints, you must include an authorization header with your requests. This typically includes a token obtained from a successful login request. Common API Operations GET: Retrieve data (e.g., articles, tags). POST: Create new resources (e.g., articles). DELETE: Remove resources (e.g., delete an article). Postman allows you to experiment with different requests, helping you understand how your API behaves under various conditions. This foundational knowledge can then be transitioned to Cypress for automation. In summary, Postman is an essential tool for API testing, enabling users to easily make requests, handle responses, and manage authorization.
Video Transcript
Hey guys, so before we jump into the actual interaction with APIs and API automation using Cypress, I want to show you how to use Postman to interact with API. So what is Postman? Postman is a nice little software that you can install on your computer to interact with the APIs. Why is it useful? Because in Postman, it is very easy and convenient to understand how your API works. So what your API request should consist of, what type of variables and components do you need, what data dependency do you need for successful API request and that kind of stuff. When you figure out how to make API call in Postman, it is very easy to transition this API request to code in Cypress. So that's why today we explore our API for conduit application using Postman and then in the next lectures we will transition that into Cypress. So let's jump into it. So first of all, navigate to the postman.com and this is the website. For the Postman, you will need to create a free account. So click over here and sign up for free and just create account. Postman is a free tool to use for the individuals. For companies, they will have to pay money, but for you, for individual usage is completely free. After that, you will need to download and install it. So here are three icons. So either for Windows, for Mac, or for Linux, download the package that you need. For example, if I click on Mac, I can download for Apple chip or Intel chip. So download whatever requirements for your system. After you download the installer, you just run it, you run the installation, install and sign in with the account that you have created on this website. After that, you should see the screen something like this. So this is the actual Postman view and quick overview. So you may have several tabs for your API request. This is a dropdown. You can select what type of the request you want to send. This is the place where you put API URL. Params are for the query parameters of your URLs. Header, request body, and when you click Send button, below you will see the response body if your API have a response body. So let's try Postman with our Conduit app. So going back, this is our Conduit application, and right-click Inspect, Networking tab, and I click the Refresh. So, so far it's showing us three endpoints, user, articles, and tags. So let's try with this one, with tags. I take this URL and I simply transition everything to the Postman. So I put the URL right here. This is a GET request, so I select GET from here. And we don't need anything else for this simple request. And I click Send, and here we go, we have the response object. So 200 status code shown over here, and this is response body. Some cookies, headers, this is response headers. If you need those, we will not look into this. What we are looking for is this type of the request, request body. So let's try the second API call. To create a second API call, I click the plus tab, and the second API call can be created. For example, let's call the articles endpoint, the same thing. I copy this thing and paste the URL right here. And by the way, make sure that you are not pasting any special characters or something. So right now, I pasted the URL, but look, I have a couple of spaces and a little enter sign over here. And it can be an issue for the postman. You may have 404 error or something like this, bad request. And look, when I pasted this URL, postman automatically extracted the query parameters under the params tab. So we have a limit 10 and offset 0. It's automatically taken from the parameters of the URL. And by putting this checkbox right here, you can define, okay, do I want to put the query parameters as part of my request or not? For example, if I click Send, and we have a response with all the articles. If I change, for example, to just one and send the request, and look. And currently, our response have just a single article in their response, because we specified on the API level that the limit for this request have to be one, and only one article is returned. So put it back, and so on. So how can we create a new article? So to create a new article, there will be a post request. But what's important here that this request will be secured and authorized. Look, we currently authorized as a user. So how can we authorize our API as well? So let's look into the networking tab. I will log out from this account. Click here to log out. All right, I am now logged out. Clean it, and I will sign in one more time. si-user at qqq.com and welcome12345. And I click Sign In. Was my password wrong again? Welcome12345. Sign in. Yeah, it was now successfully. And look, we are looking for this successful response for 200 status code. And this was a post request to the login endpoint, 200 response. And the payload is this one. This is the object that we sent, and the response is the access token. So let's recreate the same thing in the postman. I copy this URL, I create a new request. It will be a login endpoint, it will be a post request. Then I'm going back, taking my payload, click on View Source, and just copy this JSON object, going back. And here I choose the body tab in the postman. Then I choose raw over here, and then I post my request object right here. And then I can click on button Beautify, so it will format automatically the JSON object, so it will be easier to read. And look, when we request authorization, our application literally sending username and password to the API. And as a return, it should come back the access token. So let me send this request, sending the request, and here we go. We have successful response with the token. And this token is used for all future requests for the secure connection. For example, if I click on the tags and scroll a little bit down into the request headers, this is how it looks like. So this is authorization header and the token with the token value. This is how it works. So now let's create the new article, and let's reproduce the process of creation of the article using API as well. So I create the new article, for example, test title, some description, and this is a body, something like this. And I click Publish the article. So the article post request was created, so making it a little bit bigger. This is the request, post request with a payload. This is the exactly details we provided in the application and response with all the articles. So let's reproduce this thing. So I'm going back to Postman, creating a new tab. This will be related to creation of the new article. Then I need to use the payload, copied right here. Going back, body raw, paste it right here, and beautify. So this is the request object. And if I try to make this request without authorization, look what's gonna happen. So I'm sending the request, and I have 401 error. If you remember, 400 status code means that this is a client error. 401, it's unauthorized. And we see a message in the response. Status error, missing authorization credentials. So we need to provide those authorization credentials. I'm going to headers right here and adding this header, authorization header. And the value have to be token, space. And I'm taking the token from this response here and pasting it right here, all right. So how do I know that token, space, and then value? I'm just looking into my actual application, how it works. So if I scroll a little bit down to the headers, look, my actual application is calling token, space, and then the value. This is how I know what I should provide in the Postman. So I literally recreating exactly what my application is doing and creating the same sequence of API calls, but in Postman. Making sure that it is working. All right, so I did this. Let's make a send request one more time, send a request. And now we have another 422 error. What it means? That error title must be unique. The thing is that our application does not allow creation of duplicated articles with the same title. So we either need to provide unique title for the article or we can just delete the existing article. So let me delete the existing article. I click the Delete, okay, article was deleted. And then if I try to send this request one more time, sending the request, and now it was successfully created. So going back, going back to application, refresh, and here we go. Article is created over API. So I click on this, delete, you see article does not exist. Then I make send request one more time, 200 status code, going back to the app. Refresh, and here we go, article is created. So we are now, by controlling API independently, can create articles for our test application. So that way we can create a test data. Let me show you one important thing. So remember we had before this get articles in point. But look, when I make a send request, this article's still not available. So we still see Discover Bonder Academy. But in our application, we clearly see that new article is created. Why we don't see it from the API? And the reason is because we did not provide authorization token. So API does not return us the articles that are not authorized to be returned for the user. So this current setup is only for getting the public articles. If I want to get the articles that were created by the user with that token, I need to provide this authorization token also for this API request. So I'm going to the headers, and I just copy this token value into here. So headers, token, it will be authorization header. And now when I send the same get request one more time, look what happens. Here we go. Now we see this article is created. If I remove authorization header, make a get request one more time, this article is not visible. So this is how authorization works. And this is how providing the header you can drive the output, what information is visible to you or not. Our current API have only two public endpoints that can be accessed without authorization header at all. This is articles endpoint and tags endpoint. But to review private articles, you have to provide authorization header. And the last thing, so we have get endpoint, we have post endpoint, we did this. So let's try to delete the article using API as well. So currently we have this article, right? So making right-click, Inspect, and Networking tab, let me delete this article. So I click on Delete Article button. What we are seeing here, so this is a delete request. Look, the delete request consists of this URL. And this is the ID for the article or slug ID that we want to delete. It should be a delete request. And it also have to be, of course, authorized request with authorization token. So let's reproduce this. I'm copying this URL, creating a new API request. It will be a delete request, pasting it right here. Then into the headers, I will need authorization, of course. Authorization, it will be my token. And if I make this request right now, nothing gonna happen because this article does not exist, right? So if I make a refresh, yeah, you see this article does not exist. So if I try to delete it, it's gonna be an error because, yeah, 404, not found. We are requesting this slug ID for the article that is not available. So we need to create the article, get the valid slug ID for this article, and then using this valid ID, we can request deletion of this article. And we can do everything from the API perspective now. So look, this is our post request to create a new article. For example, I will use test title, I don't know, Cypress. Let's do it like this. So I make a send, a new article is created, and this is a slug ID for this article, okay? And if I go back here and put this slug ID in the URL, send the request, and now we have successful 204. It means that request was successful and article was deleted. If I go back to the application just for visibility, refresh, you see this article does not exist. So through the API, we were able to successfully get the articles, get the tags, create new article, and delete the new article. And I think you see the data flow right now, right? For us, in order to do the API sequence from scratch, we need first to make a post request to get authorization token. Then this token have to be passed as a header to the post API request. And after we make this post request, we need to process the response and extract the slug ID, take this slug ID, and paste it as a URL for the delete request to delete this article. And this is how the data flow over the API is happening. And you can understand such minor details only if they are visually visible to you. And this is why Postman is so useful. When you can play around with the data, play around with the URL, with authorization token, without authorization token, and see how your API behaves and reacts to your action. And after you have a clear picture how your API works, then you can take all this work and transition this to Cypress and to any other code. All right, so let's quickly summarize what we did in this lesson. To make experiments with API, Postman is a very convenient tool for that. To make a request, you need to provide a URL, type of your request. Under the headers, you can put authorization credentials if your API is secured. Under the Body tab, you provide the request body for your request if it is a POST or PUT request. For the GET request, you don't need that. You can use Beautify button to beautify your request body for the convenience. And in the bottom section, you will see the response from your API and the information from this response you can use in your subsequent requests that you can pass either as authorization token or maybe slug ID for your request and so on. All right, that's it, guys, and I'll see you in the next lesson.