Using Environment Variables

# CHAPTER 10

Using Environment Variables #

1. Introduction #

If you are testing a professional API, you never test directly on the live production database. You test on a local server (localhost), then a staging server (staging.api.com), and finally the production server (api.com). If you hardcode URLs into your Postman requests, you will have to manually edit 50 different URLs every time you switch testing environments. In this chapter, we will solve this massive headache by introducing Environment Variables. We will learn how to abstract URLs and secrets into variables, allowing us to switch server environments with a single click.

2. Learning Objectives #

By the end of this chapter, you will be able to:

• Understand the concept and benefits of variables in Postman.

• Create and manage Postman Environments (e.g., Local, Staging, Production).

• Use the double-curly-brace {{variable_name}} syntax in requests.

• Differentiate between Environment Variables and Global Variables.

• Use variables to securely manage API tokens and credentials.

3. Beginner-Friendly Explanation #

Imagine a form letter you receive in the mail. It starts with "Dear [First Name], you have been pre-approved for a loan in [City]!" The company didn't write a unique letter for you. They wrote a template and used Variables ([First Name]) to automatically inject your data before printing.

In Postman, instead of writing https://localhost:8000/api/users in your URL bar, you write {{base_url}}/api/users. Then, you create a "Local" environment where base_url equals https://localhost:8000. You can also create a "Production" environment where base_url equals https://api.mycompany.com. By simply switching a dropdown menu in the top right corner, Postman magically updates the URL for *every single request* you have saved.

4. Real-World Examples #

• Base URLs: The most common use case. Abstracting the domain name so you can test across Dev, QA, and Production servers instantly.

• Authentication Tokens: When you log in, the API gives you a token. Instead of copy-pasting that token into the Headers of 20 different requests, you save it to a variable {{token}}. If the token expires, you only have to update it in one place.

• Dynamic IDs: You create a user and are given ID 42. You save 42 to a variable {{userId}}. Your subsequent tests use GET /users/{{userId}}.

5. Step-by-Step Tutorial (Creating Environments) #

Let's create an environment to manage our JSONPlaceholder URL.

Step 1: Create an Environment

1. 1. Look at the top right of the Postman interface. You will see a dropdown that likely says "No Environment". Next to it is an "Eye" icon and a button that looks like a box or a gear (Environment Quick Look / Manage Environments).

1. 2. Click Environments in the left Sidebar (under Collections).

1. 3. Click the + button to create a new environment.

1. 4. Name the environment JSONPlaceholder Prod.

1. 5. Under "Variable", type base_url.

1. 6. Under "Initial Value" and "Current Value", type https://jsonplaceholder.typicode.com.

1. 7. Click Save (Ctrl+S or Cmd+S).

Step 2: Select the Environment

1. 1. Go back to the top right dropdown menu.

1. 2. Click "No Environment" and select JSONPlaceholder Prod.

Step 3: Use the Variable

1. 1. Open a new Request tab.

1. 2. In the URL bar, type: {{base_url}}/users/1

1. 3. Hover your mouse over {{base_url}}. Postman will pop up a tooltip showing you the evaluated value.

1. 4. Hit Send. It works perfectly!

6. Variable Scopes #

Postman evaluates variables based on "Scope" (from most specific to least specific):

1. 1. Local Variables: Created inside a test script, temporary.

1. 2. Data Variables: Used when running automated tests from a CSV file.

1. 3. Environment Variables: Tied to the currently selected environment dropdown (Most Common).

1. 4. Collection Variables: Tied specifically to a group of requests.

1. 5. Global Variables: Always available, regardless of which environment is selected.

7. Initial Value vs Current Value #

When creating a variable, you see two columns:

• Initial Value: Syncs to your Postman Cloud account. If you share a workspace with a team, everyone sees this.

• Current Value: ONLY exists on your local computer. It does *not* sync to the cloud.

*Security Rule:* NEVER put personal passwords or live API keys in the "Initial Value" column if you are in a team workspace. Put them in the "Current Value" so only you have access to them.

8. Best Practices #

• Standardize Naming: Agree with your team on variable names. Common standards are {{baseUrl}}, {{token}}, {{username}}.

• Use Secret Types: When defining a variable for a password or API key, change the "Type" dropdown in the environment manager from default to secret. This masks the value with asterisks (*) on your screen so people walking behind your desk can't read it.

• Environment Parity: If your "Staging" environment has 5 variables (baseUrl, dbPort, apiKey, etc.), ensure your "Production" environment has those exact same 5 variables.

9. Common Mistakes #

• Forgetting to select the environment: The #1 reason variables fail is typing {{baseUrl}} but leaving the top-right dropdown on "No Environment". Postman will literally try to send an HTTP request to the text string {{baseUrl}} and fail with an unresolved host error.

• Typos in Braces: It must be exactly two curly braces with no spaces: {{url}}. {url} or {{ url }} might break.

10. Mini Exercises #

1. 1. What is the keyboard syntax used to invoke a variable in Postman?

1. 2. If you want a variable to change based on whether you are testing locally or in production, which Scope should you use? (Global or Environment?)

11. Coding/Testing Challenges #

Challenge 1:

1. 1. Create a variable in your environment called postId and set its current value to 5.

1. 2. Construct a URL using two variables: {{base_url}}/posts/{{postId}}.

1. 3. Hit Send. Verify that the response returns the data for post number 5.

12. MCQs with Answers #

Question 1

What is the correct syntax for using an environment variable named "apiUrl" in a Postman request?

A [apiUrl] B ${apiUrl} C {{apiUrl}} D $apiUrl

Check Answer

Question 2

Which column in the Postman Environment manager syncs to the Postman Cloud and is visible to your team members?

A Current Value B Initial Value C Global Value D Export Value

Check Answer

Question 3

If you want to mask an API key variable so it displays as asterisks (

A Change the variable Type from 'default' to 'secret' B Write a JavaScript script to encrypt it C Check the "Mask" checkbox D You cannot mask variables in Postman

Check Answer

13. Interview Questions #

• Q: Explain the difference between "Initial Value" and "Current Value" when defining an Environment Variable.

• Q: Why is it considered an industry standard to use a {{baseUrl}} variable instead of hardcoding URLs into API requests?

• Q: Explain the hierarchy of variable scope in Postman. If a Global variable and an Environment variable have the same name, which one wins? *(Answer: The Environment variable wins because it is a narrower/closer scope).*

14. FAQs #

Q: Can I use variables in the Body JSON or in Headers? A: Yes! You can use {{variable_name}} anywhere: in the URL, inside Params, inside Header values, and directly inside raw JSON bodies.

15. Summary #

In this chapter, we drastically upgraded our API testing workflow by introducing Environment Variables. We learned how to replace hardcoded strings with {{variable}} syntax. We created an Environment, populated it with variables, and learned how to switch contexts effortlessly using the environment dropdown. Most importantly, we discussed the security implications of Initial vs. Current values to keep our API secrets safe.

16. Next Chapter Recommendation #

Now that our URLs are dynamic, we need a better way to organize our requests than having 20 unsaved tabs open. Proceed to Chapter 11: Working with Collections** to learn how to save, organize, and document your API requests like a professional.