Postman: Developing and Testing APIs Without a Client

Aug 17, 2020 | By Ashton Hsu

This article will walk through example HTTP requests in a back-end development environment using some useful Postman features. Postman is a developer tool that allows users to make API requests.

The Backend Development Dilemma

During product development, we often have to create backend API endpoints but don't have an easy way to test the work. For example what if the newest frontend features are still being developed, but the backend developer needs a way to test their new API endpoints?
One way is to make cURL requests in the terminal which would involve painfully parsing a wall of text to make edits.

Keeping track and modifying HTTP requests can quickly become unwieldy. Postman addresses these issues by organizing and managing HTTP requests. I'll go through a few of the ways it can help.

Using Postman to Authenticate a User

The endpoint I am developing requires a JSON web token (JWT) for authentication before I can execute my new code. I will be using Postman to authenticate a user, store, and send a JWT in future API requests

Environments and variables

Postman variables allow you to store and reuse values in your requests and scripts. Instead of copy and pasting the same email or ObjectId across requests, variables allow you to store and update them in one place to be reusable. Sets of related variables are grouped together in environments such as local, staging, production, etc.

To setup a new local environment and variables:

  1. Click the grey gear icon in the upper right corner
  2. Click "Add"
  3. Name your environment "local"
  4. Add a new variable named "email" and set the value to testuser@floqast.com
  5. Add another variable named "password"and set the value to password123
  6. Add another variable named "host"and set the value to http://localhost:3000
  7. Save your environment by clicking "Add"
Make A Login Request

You can use your new environment variables by wrapping the variable names in double curly braces in your requests. Putting it together:

  1. Make a new POST request to the URL  {{host}}/api/login
  2. Under the body tab paste this json payload that includes your email + password
    {
        "email":"{{email}}",
        "password":"{{password}}",
    }
  3. Hitting "Send" should give back a 200 response with a JWT in the body
    {
        "jwt":"my_jwt_token"
    }

The next step would be to store the JWT as an environment variable to use in future requests. Instead of manually adding my JWT as a variable, Postman provides an alternative method through scripting.

Scripting

Postman contains a JavaScript execution environment that allows you to run JavaScript before and after requests. Scripting allows you to modify payloads, parse and store variables from responses, and more. The Postman execution order for scripts looks like:

I will be hooking into the post request script to save my JWT as a variable. Under the Login request click "Tests" and paste the snippet

var response  = JSON.parse(responseBody);
// assign environment variable
pm.environment.set("JWT", response.jwt);

Because I stored my JWT as an environment variable, I can reuse my JWT in all my requests that require authentication. My JWT is required in my "Authorization" Header for requests which I can easily set.

At this point I can make authenticated HTTP requests to new API routes that I am developing.

Final Thoughts

In this post I went over some useful Postman features that simplifies API development without a front end. Furthermore, Postman’s full feature set makes it a flexible and essential tool for API development, reducing developer pain, and speeding up the development process.

Further Reading

Avatar
Ashton Hsu
Software Engineer at FloQast. In his free time you can catch him climbing rocks or baking bread

Check out research, videos, case studies, and more!

Learn more about working at FloQast!