Skip to main content
Postman Testing
CHAPTER 02 Beginner

Understanding APIs and API Testing

Updated: May 13, 2026
15 min read

# CHAPTER 2

Understanding APIs and API Testing

1. Introduction

Postman is a tool built specifically to interact with APIs. Therefore, to master Postman, you must first understand the fundamental concepts of Application Programming Interfaces (APIs). In this chapter, we will briefly review what an API is, explore the mechanics of the Request-Response cycle, define REST architecture, and discuss exactly what we look for when we "test" an API.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define what an API is in simple terms.
  • Explain the Client-Server architecture and the Request-Response model.
  • Understand the basics of REST APIs.
  • Identify the core components of an HTTP Request and HTTP Response.
  • List the specific criteria used to validate (test) an API's functionality.

3. Beginner-Friendly Explanation

Imagine you are at a restaurant. You (the Client) are sitting at a table with a menu. The kitchen (the Server/Database) has all the ingredients and cooking logic. You cannot go into the kitchen yourself. You need a messenger. The waiter is the API. You give the waiter your order (the Request). The waiter takes it to the kitchen, waits for the food to be prepared, and brings your meal back to you (the Response).

API Testing is the act of acting like a "Secret Shopper" at this restaurant. You are intentionally sending specific orders to the waiter to see if the kitchen behaves correctly. If you order a steak, do they bring a steak? If you order something not on the menu, do they politely tell you it's unavailable, or does the kitchen catch on fire?

4. Real-World Examples

  • Weather App: A mobile app (Client) sends a request to a meteorological service API (Server) asking for the weather in "London". The API responds with a JSON payload containing the temperature and forecast.
  • Flight Booking: A travel website aggregates data by making API requests to Delta, United, and American Airlines simultaneously to gather ticket prices.

5. Step-by-Step Tutorials (The Anatomy of a Request)

When you use Postman, you are building an HTTP Request. A request has four main parts:
  1. 1. URL (Endpoint): The exact address of the resource (e.g., https://api.example.com/users).
  1. 2. Method: The action you want to take (e.g., GET to read, POST to create).
  1. 3. Headers: Meta-information about the request (e.g., "I am sending JSON data" or "Here is my secret password").
  1. 4. Body: The actual data you are sending (usually required for POST/PUT methods, like a new user's email and password).

6. API Request Examples

Here is what a complete HTTP request looks like under the hood. This is exactly what Postman generates and sends for you.
http
123456789 
POST /api/login HTTP/1.1
Host: mysite.com
Content-Type: application/json
Authorization: Bearer my-secret-token

{
  "username": "johndoe",
  "password": "secure123"
}

7. Response Examples

When the server finishes processing, it sends a Response. A response has three main parts:
  1. 1. Status Code: A three-digit number indicating success or failure (e.g., 200 OK, 404 Not Found).
  1. 2. Headers: Meta-information from the server.
  1. 3. Body: The requested data or error message.
http
1234567 
HTTP/1.1 200 OK
Content-Type: application/json

{
  "success": true,
  "token": "abcdef123456"
}

8. JSON Examples

In modern REST APIs, the standard language for the Request and Response body is JSON (JavaScript Object Notation). It is essentially a list of key-value pairs.
json
1234567 
{
  "company": "Tech Corp",
  "employees": [
    {"name": "Alice", "role": "Developer"},
    {"name": "Bob", "role": "Designer"}
  ]
}

9. Testing Examples (What are we testing?)

When we talk about "API Testing", we are verifying four specific things:
  1. 1. Status Code: Did the server return the correct code? (e.g., If I create a user, did it return 201 Created?)
  1. 2. Response Time: Did the server respond fast enough? (e.g., Under 500ms).
  1. 3. Payload Structure: Did the server return JSON in the expected format?
  1. 4. Data Accuracy: Did the server return the *correct* data? (e.g., If I asked for User #5, did I actually get User #5?)

10. Best Practices

  • Test the "Happy Path" first: Always verify that the API works perfectly under normal, expected conditions before trying to break it.
  • Test the "Negative Paths": The most critical part of testing is seeing how the API handles bad data. What happens if you leave the email field blank? What if you send a string instead of a number? A good API will return a graceful error, not a server crash.
  • Understand REST: A basic understanding of RESTful principles (using HTTP methods properly, stateless communication) is essential for effective testing.

11. Common Mistakes

  • Ignoring Headers: Beginners often focus only on the URL and the Body, forgetting that APIs often require specific Headers (like Accept: application/json) to function correctly.
  • Assuming 200 OK means everything is fine: Sometimes badly written APIs return a 200 OK status code, but the JSON body contains an error message like {"error": "Database failed"}. True testing requires checking the body content, not just the status code.

12. Mini Exercises

  1. 1. In the restaurant analogy, what does the menu represent?
  1. 2. List the four main parts of an HTTP Request.
  1. 3. If an API test checks how fast the server responds, which testing criteria are you evaluating?

13. Coding/Testing Challenges

Challenge 1: Look at the following JSON response. Identify the data type of the isActive key and the age key.
json
12345 
{
  "username": "coder99",
  "age": 25,
  "isActive": true
}

14. MCQs with Answers

Question 1

In the Client-Server model, which entity initiates the Request?

Question 2

Which data format is the undisputed standard for modern REST APIs?

Question 3

When testing an API, what is the "Happy Path"?

15. Interview Questions

  • Q: Explain the Request-Response cycle in the context of web APIs.
  • Q: What are the three primary components of an HTTP Response?
  • Q: Why is "Negative Testing" (testing with invalid data) just as important as testing the "Happy Path"?

16. FAQs

Q: Do I need to know how to build an API to test one? A: No! This is the beauty of API testing. As long as you have the API Documentation (which tells you what URLs exist and what data they expect), you can test it completely independently of the backend code.

17. Summary

In this chapter, we laid the theoretical foundation for our Postman journey. We reviewed the Client-Server architecture and the Request-Response cycle. We broke down the anatomy of HTTP Requests (URL, Method, Headers, Body) and Responses (Status Code, Headers, Body). Most importantly, we defined exactly what "API Testing" entails: verifying the status code, response time, payload structure, and data accuracy of an API endpoint.

18. Next Chapter Recommendation

With the theory out of the way, it's time to get our hands dirty. Proceed to Chapter 3: Installing and Setting Up Postman to download the software, create your account, and set up your very first workspace.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Introduction to Postman
Next Chapter Installing and Setting Up Postman

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

Related Quizzes 5