Loading ...
Testing and Validating API with Postman
Thomas Jan Solgaard
Thomas Jan Solgaard

18 Jan 2023 · 7 min read

Testing and Validating API with Postman

In this guide, we will provide a detailed overview of how to use Postman to test API requests before they go into production. Postman is a user-friendly tool that makes it easy to setup and test requests. We will show step-by-step how to get started with using Postman, so you can begin testing your APIs right away. With this guide, you will be able to optimize your time and effort, and ensure that your APIs are working as expected before they are put to use in your business.


Postman is a valuable tool when it comes to data handling and managing parameters that need to be sent and received. It provides an easy way to get started with setting up and testing API requests before they are put into production. By using Postman, you can organize and manage your API implementations, allowing you to quickly and easily access them as needed. This can help to optimize the process and make the most of your time and effort. With its user-friendly interface and powerful features, Postman can streamline your workflow and help you to develop and test your APIs with ease. It's a great tool to have in your toolbox when working with APIs.

1. Create Workspace

Creating a workspace is the first fundamental step in any project planning and organization. A workspace is a virtual space, specifically designed to enhance the management of projects. It serves as the primary hub for managing all aspects of a project, from team collaboration to task assignments and progress tracking.

In summary, a workspace is a virtual work area that is designed to assist in coordination, while Collections are the individual components.

2. Create Collection

Once you have established your workspace in Postman, it is important to take the next step and create a collection. This is done by clicking on the "collections" tab and then pressing the "Create Collection" button. Give your collection a descriptive name before clicking on "Create". This is where your requests will be saved, and you can also create folders for further organization. A best practice is to use folders to describe the process and annotate which requests are intended for client-side and server-side HTTP requests, as these typically require different credentials in their requests.

In this way, you can keep track of your requests and ensure that they are easy to find and use for yourself or your team. Organizing your requests in collections and folders can save time and increase efficiency, especially when working on larger projects with multiple team members. This way you can easily access the desired requests, avoiding confusion, and wasting time in searching for them.

3. Authentication

Once your collection is created in Postman, you can easily and quickly insert an authorization header for all your requests. There are several different types of authorization, but in most cases, it is a token-based authorization with an API token from the provider that is the most commonly used. It is beneficial to have an understanding of the different types of authorization, so you can choose the right one for your situation. As a reference, Basic Authentication, Token-Based Authentication, and OAuth2 are the most common types you will encounter in your use of APIs.

By inserting an authorization header, you can ensure that your requests are secure and only accessible by authorized parties. This is especially important when working with sensitive information or when your requests require a high level of security. With the wide range of authorization options available, you can easily find the one that best fits your needs and implement it in your collection. With the help of Postman, you can keep your requests secure and easily accessible.

  • Basic Authentication: The fundamental form of authentication, where you need to provide a valid username and password to access the API. It is a simple and straightforward method, but not necessarily the most secure solution, as the username and password can be easily guessed or compromised. Therefore, it may be a good idea to consider implementing more advanced authentication methods to ensure a higher level of security.
  • Token-Based Authentication: A secure method of providing access to the API, as it requires a valid token. This makes it difficult for unauthorized users to gain access to the system, thereby protecting the data behind the API. It is an effective method of ensuring that only authorized users have access to the system and its data.
  • OAuth2: A commonly used method for providing secure authorization to APIs. This standard allows applications to access an API on behalf of a user without having to share the user's credentials. OAuth2 is a secure and widely accepted method that is easy to implement and manage. It provides a good balance between security and user-friendliness and is therefore one of the most widely used methods of authorization today.

4. Add request

Now that your collection is established, it's time to begin adding requests to it. To do this, you'll need to click the 'Create Request' button and give your request a descriptive name. This name will help to identify the request and make it easier to find later.

Once you've given your request a name, you can begin entering the URL, selecting the HTTP method, and adding any necessary header and body information. It's important to make sure that all information is accurate and relevant to the specific request.

When you've created your request, click the 'Save' button to save it. Your new request will now be added to your collection, where it will be easy to find and use later.

  • It is important to make sure the end point is set correctly. Before you send a request, it is crucial to check that your request has the correct destination, also known as an endpoint. An endpoint is a unique URL endpoint that points to specific databases and is necessary to ensure that your request reaches the right recipient. Ensuring that the endpoint is set correctly can save time and avoid unnecessary mistakes, so it is important to check it thoroughly before you send your request. A correctly set endpoint ensures that your request reaches the right recipient and allows for the data to be understood and worked with in the correct manner.
  • Check HTTP Request Method. It is also important to be aware of the HTTP request method to be used. To the left of the URL, you will find a drop-down menu with the various request methods available. It may initially seem daunting to go through the list, but it is important to note that the methods you are most likely to come across in practice are the GET, POST, and DELETE methods.

5. Set up the header and body

Once you have configured the URL and selected the correct HTTP method, it is important to set up the headers and body for your request. Headers and body are important elements in a request, as they provide information on how the request should be handled and what data should be sent.

Depending on the API and the purpose of the request, it may be necessary to set up specific headers, such as authorization token or accept header. It is important to make sure that all relevant headers are set up correctly, as it can affect the result of the request.

The body is also an important part of the request, as it is where the data is sent. Depending on the request and the method, it may be necessary to send specific data in the body. It is important to make sure that the data in the body is correct and relevant for.

6. Reading the response

After setting up the URL, HTTP method, header and body, it is time to send your request by clicking the 'Send' button. Once you have sent the request, the resulting response will be displayed in the section with the given parameters. This allows you to investigate the response and determine whether the request has been completed correctly.

Typically the response will be in the form of a response body, which is often in JSON format. This allows you to receive information and use it in your integration. If there is a problem with the request, there will instead be a JSON response with an error message describing the issue.

Once you have received the response, it is important to investigate which part of the integration is the problem and fix it. This ensures that everything is set up correctly when you integrate it into your site.

7. You are good to go!

Now that you have received the responses you expected from your API requests, it is time to integrate the code into your website. This should be a relatively straightforward process, as in the top right corner of the window you will find a '</>' menu which provides you with examples of how to implement the current request into your website. This enables you to pick the best method for your setup.

It is important to be thorough and to take your time to investigate and test your code before implementing it into your website, so you can be sure that everything works correctly.

I wish you luck with the integration, and hope this guide has helped you to understand the process better.

Thomas Jan Solgaard
Thomas Jan Solgaard LinkedInthomas-solgaard

Passionate data enthusiast and number cruncher | CDO - Co-founder at UniCode™

Thomas Jan Solgaard
Thomas Jan Solgaard

Passionate data enthusiast and number cruncher | CDO - Co-founder at UniCode™

Back to Blog
Thomas Jan Solgaard
Partner and Data Protection Officer

Let's work together to make your business visually impressive, enhance its functionality, and provide you with a great experience all at the same time.

Enter your phone number and we will call you to discuss how we can help elevate your business digitally.