# Postman for Testing ## Why Use Postman for API Testing? 1. **User-Friendly Interface**: * Postman provides an intuitive and easy-to-use graphical user interface (GUI) for creating, testing, and managing API requests. This makes it accessible even for those who are not deeply technical. 2. **Comprehensive Testing Capabilities**: * Postman supports various types of API testing, including functional, integration, and regression testing. It allows you to create and run automated tests, ensuring your APIs work as expected. 3. **Environment Management**: * You can create different environments (e.g., development, staging, production) and manage environment-specific variables. This helps in testing APIs under different conditions without changing the code. 4. **Collaboration Features**: * Postman enables team collaboration by allowing you to share collections, environments, and test results with team members. This fosters better communication and coordination among development and testing teams. 5. **Integration with CI/CD Pipelines**: * Postman can be integrated into Continuous Integration/Continuous Deployment (CI/CD) pipelines, enabling automated testing as part of the development workflow. This helps in catching issues early and ensures the reliability of APIs. 6. **Detailed Documentation**: * Postman automatically generates API documentation, which can be shared with stakeholders. This documentation is interactive and helps in understanding the API endpoints and their usage. ## Is Postman Secure? 1. **Data Encryption**: * Postman uses modern Transport Layer Security (TLS) encryption algorithms to protect data in transit. All communications and data in transit over the internet are encrypted. 2. **Data Storage Security**: * Customer data is stored securely with high redundancy. Postman uses cryptographic methods and industry standards to protect data at rest, including AES-256-GCM encryption. 3. **Access Control**: * Postman provides features like role-based access control, API key management, and audit logs to ensure secure access to your data and API keys. 4. **Postman Vault**: * Sensitive data such as API keys, access tokens, and passwords can be stored securely in the Postman Vault. These vault secrets are only accessible to you and are not synced to the Postman cloud. 5. **Compliance and Best Practices**: * Postman's security program and processes are consistent with best practices and industry standards. They also provide guidelines for users to follow safe practices with their data and credentials. Using Postman for API testing not only enhances your testing capabilities but also ensures that your data and API interactions are secure. If you have any more questions or need further details, feel free to ask! ### Postman Links The links below are provided for your convenience. They are external Links and as such, Alemba maintains no care or control over these links. [Postman Trust Center - Security](https://www.postman.com/trust/security/) [Postman Trust Center - Shared Responsibility](https://www.postman.com/trust/shared-responsibility/) [Postman API Testing Guide](https://www.postman.com/api-platform/api-testing/) [Postman API Testing Tool - Javatpoint](https://www.javatpoint.com/postman) ## **Setup Postman** 1. Download and install Postman. [www.postman.com](https://www.postman.com)

2. Create a new environment in Postman with variables such as `UsernameTest`, `PasswordTest`, `SystemURLTest`, `Login_Token`, `CallRef`, `RequestRef`, and `TaskRef`.


Variable Name	Purpose	Example
UsernameTest	ASM Username	User1
PasswordTest	Password for ASM User	Password@1!
SystemURLTest	The base URL for your system	https://servername/systemname
Login_Token	Variable which stores auth token	23498t9h9h398hn4f4f3wjm4f300
CallRef	Call Number you want to query	23402708
RequestRef	Request Number you want to query	34590353
TaskRef	Task Number you want to query	720843024

{% hint style="info" %} These variables can be used both in the URL of your HTTP requests but also in the body of the request being sent. {% endhint %} ### **Create a Collection** Group your HTTP requests in a collection for better organization.

### **Create HTTP Requests** Use the environment variables in the URL and body of your requests for consistency and ease of use.

Click on New in the top left hand corner and select HTTP

Give your Request a name and make sure you select the environment for the request to be your New Test Environment and click Save

On the Save request screen, select your New Test Collection and click Save at the bottom of the screen

## Working with ASM and Postman ### Creating Your Authorization Token 1. Create a new HTTP request in Postman with the following details: * **Method**: POST * **URL**: `{{SystemURLTest}}/alemba.web/oauth/login` * **Headers**: `Content-Type: application/x-www-form-urlencoded` * **Body**: Include parameters such as `grant_type`, `scope`, `client_id`, `username`, and `password`. 2. On the Authorization tab, select Inherit from parent.

3. On the Headers tab, add the following Header row:


Key	Value
Content-Type	application/x-www-form-urlencoded

4. On the Body tab, select the x-www-form-urlencoded radio button

5. Add the following parameters


Key	Value	Description
Grant_type	Password
Scope	Session-type:Analyst
Client_id	<replace this with Client ID obtained from API Explorer Admin Page e.g. 5157e300-0000-0000-0000-00000000001d >
Username	<Here you can use the {{UsernameTest}} variable OR the actual username for your API account>
Password	<Here you can use the {{PasswordTest}} variable OR the actual password for your API account>

Once you’ve added the params, your body should look like this

6. Send the request to receive the authentication token, making sure that New Test Environment is selected.

7. You should receive a response at the bottom of your request window {% hint style="info" %} **The line of code next to the “access\_token” is the authentication token itself.** {% endhint %}

### Passing the Token to your *Login\_Token* Variable {% hint style="info" %} This step ensures you can re-use your Token easily across all HTTP requests. {% endhint %} 1. On the same HTTP request screen, go to the Tests tab 2. In the window underneath, enter this code: `var jsondata = JSON.parse(responseBody)` `pm.environment.set("Login_Token", jsondata.access_token);` 1. Where Login\_Token is the name of the environment variable you created in your New Test Environment, to hold your token value. 3. Click **Send** again at the top of the page and now your access\_token value will be written to your your Login\_Token variable.