Postman for Testing
Postman is an API development environment that allows you to design, test, document, and manage your APIs through its user-friendly interface and automation features.
Why Use Postman for API Testing?
User-Friendly Interface:
Postman provides an intuitive and easy-to-use graphical user interface (GUI) for creating, testing, and managing API requests. This makes it accessible even for those who are not deeply technical.
Comprehensive Testing Capabilities:
Postman supports various types of API testing, including functional, integration, and regression testing. It allows you to create and run automated tests, ensuring your APIs work as expected.
Environment Management:
You can create different environments (e.g., development, staging, production) and manage environment-specific variables. This helps in testing APIs under different conditions without changing the code.
Collaboration Features:
Postman enables team collaboration by allowing you to share collections, environments, and test results with team members. This fosters better communication and coordination among development and testing teams.
Integration with CI/CD Pipelines:
Postman can be integrated into Continuous Integration/Continuous Deployment (CI/CD) pipelines, enabling automated testing as part of the development workflow. This helps in catching issues early and ensures the reliability of APIs.
Detailed Documentation:
Postman automatically generates API documentation, which can be shared with stakeholders. This documentation is interactive and helps in understanding the API endpoints and their usage.
Is Postman Secure?
Data Encryption:
Postman uses modern Transport Layer Security (TLS) encryption algorithms to protect data in transit. All communications and data in transit over the internet are encrypted.
Data Storage Security:
Customer data is stored securely with high redundancy. Postman uses cryptographic methods and industry standards to protect data at rest, including AES-256-GCM encryption.
Access Control:
Postman provides features like role-based access control, API key management, and audit logs to ensure secure access to your data and API keys.
Postman Vault:
Sensitive data such as API keys, access tokens, and passwords can be stored securely in the Postman Vault. These vault secrets are only accessible to you and are not synced to the Postman cloud.
Compliance and Best Practices:
Postman's security program and processes are consistent with best practices and industry standards. They also provide guidelines for users to follow safe practices with their data and credentials.
Using Postman for API testing not only enhances your testing capabilities but also ensures that your data and API interactions are secure. If you have any more questions or need further details, feel free to ask!
Postman Links
The links below are provided for your convenience. They are external Links and as such, Alemba maintains no care or control over these links.
Postman Trust Center - Security
Postman Trust Center - Shared Responsibility
Postman API Testing Tool - Javatpoint
Setup Postman
Download and install Postman. www.postman.com
Create a new environment in Postman with variables such as
UsernameTest,PasswordTest,SystemURLTest,Login_Token,CallRef,RequestRef, andTaskRef.
Variable Name
Purpose
Example
UsernameTest
ASM Username
User1
PasswordTest
Password for ASM User
Password@1!
SystemURLTest
The base URL for your system
https://servername/systemname
Login_Token
Variable which stores auth token
23498t9h9h398hn4f4f3wjm4f300
CallRef
Call Number you want to query
23402708
RequestRef
Request Number you want to query
34590353
TaskRef
Task Number you want to query
720843024
These variables can be used both in the URL of your HTTP requests but also in the body of the request being sent.
Create a Collection
Group your HTTP requests in a collection for better organization.
Create HTTP Requests
Use the environment variables in the URL and body of your requests for consistency and ease of use.
Working with ASM and Postman
Creating Your Authorization Token
Create a new HTTP request in Postman with the following details:
Method: POST
URL:
{{SystemURLTest}}/alemba.web/oauth/loginHeaders:
Content-Type: application/x-www-form-urlencodedBody: Include parameters such as
grant_type,scope,client_id,username, andpassword.
On the Authorization tab, select Inherit from parent.
On the Headers tab, add the following Header row:
Key
Value
Content-Type
application/x-www-form-urlencoded
On the Body tab, select the x-www-form-urlencoded radio button
Add the following parameters
Key
Value
Description
Grant_type
Password
Scope
Session-type:Analyst
Client_id
<replace this with Client ID obtained from API Explorer Admin Page e.g. 5157e300-0000-0000-0000-00000000001d >
Username
<Here you can use the {{UsernameTest}} variable OR the actual username for your API account>
Password
<Here you can use the {{PasswordTest}} variable OR the actual password for your API account>
Send the request to receive the authentication token, making sure that New Test Environment is selected.
You should receive a response at the bottom of your request window
The line of code next to the “access_token” is the authentication token itself.
Passing the Token to your Login_Token Variable
This step ensures you can re-use your Token easily across all HTTP requests.
On the same HTTP request screen, go to the Tests tab
In the window underneath, enter this code:
var jsondata = JSON.parse(responseBody)pm.environment.set("Login_Token", jsondata.access_token);Where Login_Token is the name of the environment variable you created in your New Test Environment, to hold your token value.
Click Send again at the top of the page and now your access_token value will be written to your your Login_Token variable.
m
Last updated
Was this helpful?
