Book Image

API Testing and Development with Postman

By : Dave Westerveld
1 (1)
Book Image

API Testing and Development with Postman

1 (1)
By: Dave Westerveld

Overview of this book

Postman enables the exploration and testing of web APIs, helping testers and developers figure out how an API works. With Postman, you can create effective test automation for any APIs. If you want to put your knowledge of APIs to work quickly, this practical guide to using Postman will help you get started. The book provides a hands-on approach to learning the implementation and associated methodologies that will have you up and running with Postman in no time. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book begins by taking you through the principles of effective API testing. A combination of theory coupled with real-world examples will help you learn how to use Postman to create well-designed, documented, and tested APIs. You'll then be able to try some hands-on projects that will teach you how to add test automation to an already existing API with Postman, and guide you in using Postman to create a well-designed API from scratch. By the end of this book, you'll be able to use Postman to set up and run API tests for any API that you are working with.
Table of Contents (19 chapters)
1
Section 1: API Testing Theory and Terminology
6
Section 2: Using Postman When Working with an Existing API
13
Section 3: Using Postman to Develop an API

Understanding API security

API security is an important topic. This section will introduce some of the basic concepts and terminology used in API security. Later sections in this chapter will walk you through the various ways to authorize an API. However, before I show you how to use those, I want to talk a bit about what authorization even is. I have been using the term authorization, but the reality is, securing an API (or a website) involves two things. It involves authorization and authentication. These are important topics that underpin all security testing. Although they are often used interchangeably, understanding the distinction between them will help you to effectively test APIs with these options. In this section, we will explore what these two concepts are and how they relate to each other.

Authorization in APIs

Authorization is how we determine what things a given user is allowed to do. So, for example, if you imagine an online learning platform, you might have...