API Testing with Postman
Learn how to test REST APIs manually using Postman. Understand HTTP methods, status codes, and how to verify response bodies.
What you'll learn
- Understand what an API is and why to test it
- Send GET, POST, PUT, and DELETE requests in Postman
- Read HTTP status codes and response bodies
- Assert on response structure and values
Manual QAlessonsJump to another lesson
API Testing with Postman
The app you see on screen is only the tip of the iceberg. Underneath, it is talking to a server all day, every day. API testing lets you check that conversation directly.
What is an API?
Why Test the API Separately?
UI Testing
- Tests what the user sees
- Slow — loads pages, clicks buttons
- Breaks when designs change
- Hard to isolate bugs
- Finds bugs late
API Testing
- Tests the data directly
- Fast — just requests and responses
- Stable even when UI changes
- Bugs point straight at the server
- Finds bugs early, before the UI is built
VerdictAPI testing is faster, more stable, and catches bugs earlier. UI testing still matters, but API tests do more for less.
HTTP Methods
Every API request uses a “method” that describes what you want to do.
| Method | What it does | Everyday analogy |
|---|---|---|
| GET | Read data | ”Show me the menu” |
| POST | Create something new | ”Add this dish to my order” |
| PUT | Update something | ”Change my order to medium rare” |
| DELETE | Remove something | ”Cancel my order” |
Status Codes
When the server answers, it always includes a 3-digit code telling you how it went.
- 2xx — Success:It worked!
- 3xx — Redirect:Look somewhere else for it.
- 4xx — Your mistake:The request was wrong.
- 5xx — Server mistake:The server broke.
Common Status Codes
| Code | Name | Meaning |
|---|---|---|
| 200 | OK | Request succeeded, here is the data |
| 201 | Created | New thing was made successfully |
| 400 | Bad Request | Your request was malformed |
| 401 | Unauthorized | You are not logged in |
| 403 | Forbidden | You are logged in, but not allowed |
| 404 | Not Found | That thing does not exist |
| 500 | Server Error | The server crashed or broke |
Quick check
You send a request and get a 500 response. Whose fault is it most likely to be?
Anatomy of a Request
Request
4 fieldsAnatomy of a Response
Response
3 fieldsA Real Request in Postman
Here is what a simple GET request looks like.
$ GET https://api.example.com/users/1# Headers: Authorization: Bearer abc123HTTP/1.1 200 OKContent-Type: application/json { "id": 1, "name": "Alice", "email": "alice@example.com"}Try it in your terminal!
And here is a POST request that creates a new user.
$ POST https://api.example.com/users# Body: { "name": "Bob", "email": "bob@example.com" }HTTP/1.1 201 Created { "id": 42, "name": "Bob", "email": "bob@example.com"}Try it in your terminal!
What to Assert on a Response
Common Bugs You Will Find
Practice: Match Status Codes to Meanings
Drag each status code to its correct meaning.