Exploring API using Postman | Bondar Academy
Course: Playwright API Testing with TypeScript
Module: API Testing Basics
Instructor: Artem Bondar
Lesson Summary
In this lesson, we explore the API of the Conduit application using Postman to understand its functionality and structure. The process begins with exploratory testing to familiarize ourselves with the API's operations and components. Exploring API Requests To start, we log in as the PWAPI user and create a simple API request: Open the networking tab in the browser and refresh to view API requests. Identify the tags API endpoint and copy its URL. In Postman, select the GET method, paste the URL, and click Send . Receive a 200 status code with a list of tags in the response. Making Additional Requests Next, we perform another GET request for articles: Copy the articles URL and create a new request in Postman. Notice the response structure, which includes an array of article objects. Explore URL parameters such as limit and offset to control the number of returned articles. Creating and Deleting Articles We then move on to creating a new article: Use a POST request with a JSON body containing the article's title and description. Add the Authorization header with the token for secured requests. Receive a 201 status code indicating the article was created successfully. To delete an article: Use a DELETE request with the article's unique identifier (slug ID). Receive a 204 status code confirming the deletion. In summary, we learned how to: Perform GET , POST , and DELETE requests. Utilize URL parameters for GET requests. Handle authorization for secure API interactions. With this foundational understanding, we are ready to proceed with automation using Playwright in the next lesson.
Video Transcript
Before we begin writing tests for the API, first, we need to make some exploratory testing of our API under test just to get understanding how API work, what operation it can perform, and what components the API request consists of. The best way to do that is using Postman. This is what we're going to do in this lesson. We will explore the API of Conduit application performing operations in the Postman. This is our test application, and currently, I'm logged in as PWAPI user, and you have to use your own account that we created before. Let's try to create just simple API request in the Postman. I click on Inspect to open my networking tab just to explore the API requests and hit the Refresh button in the browser. We can see several API requests are triggered. Let's look in this one, tags API endpoint. Let me make it a little bit bigger. I open the headers tab, and then I get this URL. This is the URL that application requested to the API to get the list of tags. Let me copy this URL, go back to Postman, and paste this URL over here. Also, we need to match the request type. Request method is get, so we need to select in Postman get method as well. Get is selected in this menu. For this simple get call, we don't need anything else, so just click Send button, and here is what we have at the response. We have 200 status code, request was successful, and the response body is coming back as the list of tags right here. Everything worked together. Let's make another request that we see in the networking tab right here, so the articles. Let's copy this URL. This is also a get request, and I go in back and create a new request in the Postman, putting it right here. Some extra spaces were added, removing those, and click Send. Now, we have the list of articles, those articles that are represented here on the homepage over here. They are presented as the response object over here. So look, this is the article number 1, this log. Then this is the article number 2, and this is the array of objects. This is object number 1, that's object number 2, object number 3, and so on. So in Postman, in this response object section, it's very convenient to explore, what our response looks like, how the object structured, and so on. Also, for this particular request, I want to point out these parameters over here. So you see after the question mark, we have two parameters, limits 10 and offset zero. In Postman, you have a separate section over here, params, and Postman immediately recognized that this URL has parameters, and extracted those parameters separately as the values. And you can mark which parameters you want to use or not. And for example, right now we have parameters 10 for the limit of the articles we want to return, and offset zero. Offset is the, from which article do we want to start returning our response? If let's say we have 30 articles. Let's say if you want to return articles starting from article 11, then you put offset 10, and then article 11 to 20 will be returned. So let's play around a little bit with those parameters. So currently, it's returning 10 articles. But if I say, let's say, 2, and send the request one more time, sending it back, and now our response object right now consists of only two articles. So if I collapse those, here we go. So this key is still returning article count 10, I don't know why. Maybe it's just hard-coded by default, but the actual response body consists only of two articles. If I put one over here and send a request, now we have, you see, just one article was returned. So this is how you can configure the parameters. And if your API URL has parameters, by defining those parameters as part of the URL and in Postman as a separate params tab, you can configure your API request, all right? So let's move on. Let's create something more complicated request. So let's create a new article. So I clear over here, and let's create a new article. For example, title will be test description, and this will be test body. And I click button, publish the article. All right, article is created. Let's see what happened here in the API request. So to create a new article, now we have a post request, all right? And let's recreate the same request in the Postman. So I copy this thing, going back to Postman, create a new request. This is my URL, request type will be post. What else? For the post request, we also need a payload known as a body. So I copy this, let me copy this, so click View Source, then take this body. This is what was sent, going back to Postman and navigate to Body tab right here. By default, it's set as None, because requests such as Get and Delete, they don't have a body, and there are different types of the request. So we will select Raw Request and paste it right here. And then there is a little button Beautify, just to make your request looks nicer in formatted JSON format right here. So this is the article that we sent, test description and test body with a text list. And to perform the API request, our request also have to be authorized. To authorize the request, we need to pass authorization header. So where to get this? Authorization header, go back to Headers right here. Let me make it a little bit bigger. Scrolling it a little bit down to Request Headers section. Scrolling down, here we go. This is authorization header, this is the name of the header. And this is the value of the header, which is token, space, and then this long, weird value of the token. So we need to move this value to Postman as well. So I copy the authorization header name. Going back to Postman, Headers, Key, Authorization. Okay, authorization and copy value from browser as well. This entire value token plus all those values, token and value, all right. Make sure that you do not paste some spaces or maybe special characters or enter some time when you copy paste from the browser. You may see special characters added to the value and your request because of that might not be successful. Okay, token is added. And then inside of the body, let's create a different title for the article. For example, Test 2, something like this, and I click Send. 201 was created, article was created, we see a successful response. Now let's go back to application and see what happened right here. So can't do it, going here, and look, we have two articles created. Article number one that we created initially using UI, and the second article that we created using API call. And look what happened if, let's say, I try to make a second call to create the article one more time with the same exact request. So I click the Send button. And now we have a different error, 422 unprocessable entry. And in the response, we see the error. Error, title must be unique. So our API is configured to not allow creating a duplicated articles with the same title and the error message telling us what is the problem. But if I, let's say, remove this article, delete article, let me remove this article as well, okay? And going back and now sending this request one more time. And now article was successfully created. Going back to application, refresh, here we go, you see article is created. So just a quick summary, for the POST request, usually you need to have a body. For GET request and DELETE request, you don't need those. For the POST request, you need a body, body usually in the form of JSON object. And for secured requests, you need to pass also headers. For headers, the token-based authorization is the most popular and the most typical one. And for example, if I remove the authorization, let's see what happened. If I try to make a request without authorization, send, and here we go. We have error 401, unauthorized. And the error, missing authorization credentials, all right? So this is how you can explore the APIs, what your APIs are doing. And by the way, another example, so the GET request with the articles. So if I put 10 articles back, send. And look, we have the first article is this one, Discover Bonder Academy, right? This is a default article. But if we go to application, we have first article sts2, why is that? It's because this API, GET API call is not authorized. It's missing authorization header. But if we take authorization header from here, take authorization, paste it right here, then copy this value from here and add it to this GET request, now this request will be authorized for this user. I send GET request, and here we go. Now we see the article is displayed. If I remove authorization, send, and this article published by this user is not visible, only public articles are visible. All right, so we made GET request, authorized GET request. We made a POST request to create a new article. And now let's create a DELETE request, deleting the article using the API, okay? So I sent a request, title must be unique, okay, because the article already created, okay, good. And now let's delete this article and see what API request will happen. So I click on this article and click DELETE ARTICLE button in the application. When I click DELETE ARTICLE button, this API call is executed by application. This is the URL, the DELETE request, and the response status is 204. So let me copy this guy, first of all, to Postman. Over here, removing the spaces, the request type will be DELETE. We will need headers. I copy the header authorization, authorization and value for the authorization token right here, okay. And look at the URL for the DELETE request. So we have something like test 2, 15 something, and some ID. So this is the unique identifier, how API knows which article have to be deleted. And this identifier is created when article is created. So let me show you that one more time. So this article is deleted, right, so we don't have the article right now. So if I go back here and create the article, send request, article is created. And here we have the identifier created in the response, which is a slug ID. And if I take this slug ID, copy, and then I can move it right here and paste. And then I can delete the article, and article is deleted. If I try to make this request one more time, article is deleted. This article with this ID does not exist anymore. We should see some kind of error, send 404 error, see, not found. Not found means that this URL that we were trying to request from the API does not exist. But if we create an article one more time, let's say to test. Let's say article to test, send, new slug ID was created. We go back to application, refresh. We see, here we go, article is created, going back to the API. I copy this slug ID, Ctrl C, add this slug ID to API URL. Paste it, send, delete request. The response status 204 means request was successful. Going back, refresh, and here we go. Article does not exist in the application anymore. All right, so we have performed all core functionality for our API. So now you know that you can get the list of tags, you can get the list of articles. By providing different parameters, you can define how many articles do you want to return. If you provide the authorization header, you can get the list of the articles belonging to a particular user. You can create articles using POST request. And to delete the articles, we need to use a slug ID, okay? So now, knowing how our API works, we can start doing automation in Playwright. And we're gonna do this in next lesson. So, see you in the next lesson.