Skip to content

Postman

Jump to bottom
Nikolina Djekic edited this page Feb 9, 2025 · 1 revision

Postman

Postman is a popular API client that makes it easy for developers to create, share, test, and document APIs. It simplifies each step of building an API and streamlines collaboration so you can create better APIs faster.

Query Parameters and Path Variables

Query Parameters

Query parameters are a way to pass additional information to the server in the URL. They are appended to the URL after a question mark (?) and are typically used to filter or sort data. They can be optional or required - specified in documentation

Usage:

  • Query parameters are key-value pairs separated by an equals sign (=).
  • Multiple query parameters are separated by an ampersand (&).

Example:

GET /users?name=JohnDoe&age=30

In this example, name and age are query parameters with values JohnDoe and 30, respectively.

Path Variables

Path variables are a way to pass dynamic values in the URL path. They are typically used to identify specific resources.

Usage:

  • Path variables are enclosed in curly braces ({}) in the URL template.
  • The actual values are substituted in the URL when making the request.
  • In Postman, path variables are displayed with a colon (:) in front of them.

Example:

GET /users/{userId}

In this example, {userId} is a path variable. When making the request, you would replace {userId} with an actual user ID, such as 1:

GET /users/1

In Postman, this would be displayed as:

GET /users/:userId

Combining Query Parameters and Path Variables

You can use both query parameters and path variables in the same URL to pass additional information and identify specific resources.

Example:

GET /users/{userId}/posts?sort=date&limit=10

In this example, {userId} is a path variable, and sort and limit are query parameters. When making the request, you would replace {userId} with an actual user ID and provide values for the query parameters:

GET /users/1/posts?sort=date&limit=10

Using query parameters and path variables helps you create more flexible and dynamic APIs, allowing clients to request specific data and resources efficiently.

JSON

What is JSON?

JSON (JavaScript Object Notation) is a lightweight data interchange format that is easy for humans to read and write, and easy for machines to parse and generate. It is a text format that is completely language-independent.

JSON Format

JSON is built on two structures:

  • A collection of name/value pairs: In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
  • An ordered list of values: In most languages, this is realized as an array, vector, list, or sequence.

A JSON object is an unordered set of name/value pairs. An object begins with { (left brace) and ends with } (right brace). Each name is followed by : (colon) and the name/value pairs are separated by , (comma).

Example:

{
  "name": "John Doe",
  "age": 30,
  "email": "john.doe@example.com",
  "isStudent": false,
  "courses": ["Math", "Science", "History"]
}

Why is JSON Used?

JSON is widely used for data interchange because of its simplicity and ease of use. Here are some reasons why JSON is popular:

  • Human-readable: JSON is easy to read and write for humans, making it a good choice for configuration files and data exchange.
  • Language-independent: JSON is language-agnostic, meaning it can be used with almost any programming language.
  • Lightweight: JSON is a lightweight format, making it efficient for data transmission over networks.
  • Easy to parse: JSON can be easily parsed and generated by machines, making it a good choice for APIs and web services.
  • Widely supported: JSON is supported by most modern programming languages and frameworks, making it a versatile choice for data interchange.

Using JSON helps ensure that data can be easily exchanged between different systems and applications, making it a key component of modern web development and API design.

Authorization

Authorization is the process of verifying that a user has permission to access a resource. Postman provides several methods to handle authorization for your API requests.

Authorization Methods in Postman

  1. No Auth: No authentication is required to access the resource.

  2. API Key: An API key is a token that a client provides when making API calls. It is typically included in the request header or as a query parameter.

    • Usage: Add the API key to the request header or as a query parameter.

    • Example:

      GET /users?api_key=your_api_key

  3. Bearer Token: A bearer token is a security token that is included in the request header. It is used to authenticate API requests.

    • Usage: Add the token to the Authorization header with the prefix Bearer.

    • Example:

      GET /users
Authorization: Bearer your_token

  4. Basic Auth: Basic authentication uses a username and password to authenticate the client. The credentials are encoded in Base64 and included in the request header.

    • Usage: Add the encoded credentials to the Authorization header with the prefix Basic.

    • Example:

      GET /users
Authorization: Basic base64encodedcredentials

  5. Digest Auth: Digest authentication is a more secure method than Basic Auth. It uses a challenge-response mechanism to authenticate the client.

    • Usage: Configure the Digest Auth settings in Postman.

    • Example:

      GET /users
Authorization: Digest username="user", realm="example.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/users", response="6629fae49393a05397450978507c4ef1"

  6. OAuth 1.0: OAuth 1.0 is an authorization protocol that allows third-party applications to access a user's resources without exposing their credentials.

    • Usage: Configure the OAuth 1.0 settings in Postman.

    • Example:

      GET /users
Authorization: OAuth oauth_consumer_key="key", oauth_token="token", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318622958", oauth_nonce="kllo9940pd9333jh", oauth_version="1.0", oauth_signature="wPkvxykrw+BTdCcGqKr+3I+PsiM="

  7. OAuth 2.0: OAuth 2.0 is an authorization framework that allows third-party applications to obtain limited access to a user's resources.

    • Usage: Configure the OAuth 2.0 settings in Postman.

    • Example:

      GET /users
Authorization: Bearer your_access_token

  8. Hawk Authentication: Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification.

    • Usage: Configure the Hawk Auth settings in Postman.
    • Example:
     GET /users
 Authorization: Hawk id="dh37fgj492je", ts="1353832234", nonce="Ygvqdz", mac="qbf1ZPG/r/e06F4ht+T77LXi5vw="

  9. AWS Signature: AWS Signature is used to authenticate requests to AWS services. It uses a combination of access key, secret key, and region to sign the request.

    • Usage: Configure the AWS Signature settings in Postman.

    • Example:

      GET /users
Authorization: AWS4-HMAC-SHA256 Credential=your_access_key/20210323/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=your_signature

  10. NTLM Authentication: NTLM (Windows Challenge/Response) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

    • Usage: Configure the NTLM Auth settings in Postman.

    • Example:

      GET /users
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==

Using the appropriate authorization method ensures that your API requests are secure and that only authorized users can access the resources.

HTTP Headers

HTTP headers are key-value pairs sent between the client and the server with each HTTP request and response. They provide additional information about the request or response, such as content type, content length, and authentication details.

Common HTTP Headers

  1. Content-Type: Indicates the media type of the resource.

    • Example: Content-Type: application/json

  2. Authorization: Contains the credentials to authenticate a user agent with a server.

    • Example: Authorization: Bearer your_token

  3. Accept: Informs the server about the types of data that can be sent back.

    • Example: Accept: application/json

  4. User-Agent: Contains information about the user agent (client) making the request.

    • Example: User-Agent: Mozilla/5.0

  5. Host: Specifies the domain name of the server and the TCP port number on which the server is listening.

    • Example: Host: example.com

  6. Cache-Control: Directives for caching mechanisms in both requests and responses.

    • Example: Cache-Control: no-cache

  7. Content-Length: The size of the request or response body in bytes.

    • Example: Content-Length: 348

  8. Cookie: Contains stored HTTP cookies previously sent by the server with the Set-Cookie header.

    • Example: Cookie: sessionId=abc123

  9. Set-Cookie: Sends cookies from the server to the client.

    • Example: Set-Cookie: sessionId=abc123; Path=/; HttpOnly

  10. Referer: The address of the previous web page from which a link to the currently requested page was followed.

    • Example: Referer: https://example.com/previous-page

  11. Connection: Controls whether the network connection stays open after the current transaction finishes.

    • Example: Connection: keep-alive

Custom Headers

You can also create custom headers to pass additional information specific to your application. Custom headers should use the X- prefix to avoid conflicts with standard headers.

Example:

X-Custom-Header: customValue

Example of HTTP Headers in a Request

GET /users HTTP/1.1
Host: example.com
Authorization: Bearer your_token
Accept: application/json
User-Agent: Mozilla/5.0

Example of HTTP Headers in a Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 348
Cache-Control: no-cache
Set-Cookie: sessionId=abc123; Path=/; HttpOnly

Understanding and using HTTP headers effectively helps you manage and control the behavior of your HTTP requests and responses, ensuring secure and efficient communication between the client and server.

Random Values in Postman

Postman allows you to use random values in your requests to simulate real-world scenarios and test your APIs more effectively. You can use built-in random variables to generate random data for your requests.

Using Random Data in Requests

Random variables in Postman are enclosed in double curly braces {{}} and prefixed with random. Here are some commonly used random variables:

  • {{$randomInt}}: Generates a random integer.
  • {{$randomUUID}}: Generates a random UUID.
  • {{$randomEmail}}: Generates a random email address.
  • {{$randomPhoneNumber}}: Generates a random phone number.
  • {{$randomFirstName}}: Generates a random first name.
  • {{$randomLastName}}: Generates a random last name.
  • {{$randomFullName}}: Generates a random full name.
  • {{$randomStreetAddress}}: Generates a random street address.
  • {{$randomCity}}: Generates a random city name.
  • {{$randomCountry}}: Generates a random country name.

Example

Here is an example of using random variables in a POST request to create a new user:

POST /users
Content-Type: application/json

{
  "name": "{{$randomFullName}}",
  "email": "{{$randomEmail}}",
  "phone": "{{$randomPhoneNumber}}",
  "address": {
    "street": "{{$randomStreetAddress}}",
    "city": "{{$randomCity}}",
    "country": "{{$randomCountry}}"
  }
}

In this example, Postman will replace the random variables with actual random values when the request is sent. This allows you to test your API with different data each time you send the request.

Using random values in Postman helps you ensure that your API can handle a variety of inputs and improves the robustness of your tests.

Written by Ninna94

Clone this wiki locally