When building an information system, the choice of API has become the default choice. However, to ensure its proper functioning throughout its life, it is crucial to perform API testing regularly.
API testing during development is mainly done through unit testing and functional testing in the codebase. For a NodeJS API, the most used test libraries are Mocha / Chai and Jest. However, these tests often have a scope limited to the internal functioning of our API.
The API Test via Postman allows you to test the functioning of your API both internally and with third-party APIs. Postman is a collaborative API development platform. It allows:
- send REST, SOAP, or GraphQL requests to request your APIs
- simulate endpoints (mocking)
- Generate and publish your API documentation
- Monitor the performance of your APIs
- Work collaboratively with workspaces
- Automate your API tests
It is this exciting aspect that interests us more particularly. Postman organizes a test suite in what they call a collection. A collection is a series of queries (REST, SOAP, or GraphQL) linked together, sharing the same context. Context is shared throughout the run. For example, it includes cookies placed by a previous request and variables created on the fly. This is particularly useful for setting up web sessions and testing query chains that have dependencies.
For each request, Postman offers to run prerequisites and a test script. In this last script, we will add checks on the response obtained (assertion): This is the testing part of the tool.
The following two diagrams are taken from the postman documentation and illustrate the flow between prerequisites, request, response, and test script.
Postman offers a thick client and a web client to manage and run its collections. It is also possible to run them continuously with the Newman tool. The proposal facilitates this to retrieve its collections with an API and facilitate integration into a CI.
In the interface, Postman offers the "Tests" tab. It can be used to define Postman variables at the end of a query and to make assertions on them.
Automated test example for an API test via postman
In this tab, you will be able to write your API test code. On the right, Postman provides you with ready-to-use test snippets, such as evaluating the Status Code, checking the value of the JSON response, or evaluating the response time of the request.
Postman is based on the Chai assertion library. You are also free to write your test suite as needed using the Chai assertion syntax.
As your API grows, the number of API tests to run becomes larger and larger. Running each API test manually becomes time-consuming and error-prone. Postman offers several ways to automate the automatic launch of API tests.
The first option to run your API tests sequentially is to use Postman's Collection Runner. This functionality allows you to launch the queries of a collection one after the other. Postman will run the tests in the corresponding tab for each request.
Postman Monitor functionality is available with the PRO version of Postman. However, you can make up to 1000 API calls per month with the free version. Postman Monitor is a feature that allows a collection to be run at regular intervals to ensure that it remains functional and always passes tests.
Adding a postman monitor to launch its API test
Postman provides you with a record of all calls with the results of the tests and the response time.
Example of Postman Monitor report for its API tests
Strengths and areas for improvement
Its strengths are:
- make it easier to learn with tutorials that guide you step by step at start-up
- make it easier to build checks with ready-to-use snippets but also the ChaiJS BDD syntax
- an execution system in the thick client provides a good logging level to identify a failed assertion or a problem in the test script.
- configuration management with several levels to better manage the variables.
- an API to directly retrieve collections and facilitate continuous integration.
- use of the sets given by import csv or json facilitating the implementation of an execution combination
In future versions, I hope they will improve the following:
- The sharing of requests between collections is a real obstacle when you want to do end-to-end testing with only APIs.
- the management of cookies
- Native integration with configuration management tools like GitLab.
- native reporting. However, it is possible to use the third-party htmlextrareport tool for more comprehensive reports.
Postman is an excellent tool to initiate audits of your APIs quickly. However, it must be compelling in the full development of an API. For example, suppose we limit ourselves to the mechanical part to do end-to-end API testing. In that case, we will quickly reach limits for maintainability, storage, sharing of collections, and ultimately execution in a continuous integration context.