Postman is one of the greatest API automation and documentation tools available today. Postman began as a simple Chrome browser plugin and has now grown to be a full API testing solution used by 5 million developers and over 100,000 enterprises all over the world. With a $2 billion value, it\'s a unicorn in its own right, and it\'s become the go-to platform for creating enterprise APIs.
As the API economy continues to growing, more challenges are created for developers. The old methods of manually creating and testing APIs no longtime scale as today’s software and services can interface with hundreds of APIs within a single application. Development, testing, and delivery teams must work together to make sure that applications work barrier with APIs to provide a business advantage, rather than cause a business obstacle.
Collaboration and operational efficiency are the keys to sharing modern API- powered applications. And this is the space that Postman plays in. In one of our GlobalLogic projects related to a Banking as well as Financial Services Customer Communications Management platform that is CCMP, we need to use Postman and its CI/CD add-on Newman to create, customize and automate Web API tests. This white paper and technical report narrate our passage direct this automation and showcases some learnings and best practices realized along the way. This is our view from the trenches on the capacity and possibilities of the Postman platform for API testing.
Introduction
I. INTRODUCTION
API is a Application Programming Interface. They are connection Between two Application. In API There are two types one types is use for without internet connection and another type is used for with internet connection. Those types one is used with internet connection is call ‘Web Services’.
Let see What is web services?
For Example: You took a Flipkart of application, Flipkart is a mobile app and as well a web app. You can use Flipkart whenever your internet you can’t turn on Flipkart. The data you will using the Flipkart application the data will be connected to your server. web application you use to connect to the data server is also called API. API is divide inti many types but there are two main method currently used First is SOAP Method and Another is REST Method. The SOAP Method is doesn’t use much because Longform of SOAP is Simple Object Access Protocol. If you want to connect through SOAP API then you can use xml body and SOAP API is only use only POST API Method. They are in return xml body, because they are heavy, they consuming a more bandwidth and it is a Slow. In REST API we can use xml, plan-text format. Every format gives different method like POST,GET, PUT, DELETE different method are available for each operation. They are lightweight and they are fast comparatively SOAP API. Because of all this reasons most people use REST API service.
II. NEED OF WEB SCRAPING
Postman is an API client for developers that makes it simple to create, distribute, test, and document APIs. Users may construct and save basic and sophisticated HTTP/s queries, as well as view their answers, to do this. As a result, work is more efficient and less tiresome.
III. PROPERTIES OF REST API
REST API follows the client -Server Architecture.
Stateless
Cache
Uniform Interface
REST API is used for connection between Client and Server. User used is client and your coding and logic is save is server. So the REST API is establish the relat=-09on between Client and Server.
In above diagram Flipkart is a client. You can open Flipkart.com website if you send the request to server and display the server response.
REST- Representational State Transfer. REST API connection between client and server. They follow client server relationship. They can Follow client-server architecture.
Stateless- In above diagram, client is connected to server first time and server give a response to client request. Then client send request to server second time they are totally unknown about first request and response. Server never save any data to him. No any data save about request to server. Because they called stateless. Stateless means server does not store any session data. Server do not store any session related data with it.
Cache- The cache is present in API Application for storing a system and retrieve a request network and their response .the memory of cache is important because they are improve data retrieval. In
CPU cache is you found primary cache memory. secondary memory is found in a separate clip close to the CPU.
Uniform Interface-In uniform Interface, Server is connect browser through or server is connected to mobile through 890- 0987/Two application are connected but the layer or interface used to connect service through browser or mobile application is common. If you fire the request through mobile or through browser in backend create the REST API are uniform means Common API’s are created So, that is the Uniform Interface.
IV. REST REQUEST
A. Method Type
When a client is communicate with the server it needs to indicate what kind of action that it experts that particular request is from of HTTP request method. We will see the different method type. In Method types includes GET, PUT, POST, DELETE etc.
Actual work of this method let see one example we take a user. User can create, edit, read, or delete the data. This Create, Edit, Read and Delete are known as the CRUD Operations. We can perform CRUD operation on data. In CRUD Operation, C for Create, R for Read, U for Update, and D for Delete. In Method Type suppose you can send the request for server, you need to say the which request you can send and what perform this request. There are so many method types are their but the four important method.
Create-POST Read- GET Update-PUT Delete- DELETE
In short, Method type means which operations perform going on REST API is understand in method type.
B. Endpoint
Suppose, You have a four environment, You can understand these In four request where your request is goes. If you execute your query on development server then the endpoint of URL is Development server. Same as you can execute same query on QA server then endpoint of URL is QA server.
Example: www.googledev.co.in/complete . if you execute this request first time you can find first request is goes through which server. It is depend on endpoint or path parameter.
???????C. Path Parameter/Query Parameter
In path parameter is a Additional information is sent to the server via request parameters. These parameters are contained in a URL.
Query parameters are appended to the end of the request URL, following '?' and listed in key-value pairs, separated by '&' Syntax: Query parameters are appended to the end of the request URL, following '?' and listed in key-value pairs, separated by '&' Syntax: Query parameters are appended to the end of the request URL, following '?' and listed in key-value pairs, separated by '&' Syntax:
?id=1&type=new
Path parameters are part of the request URL and are accessible using placeholders followed by ':'. Example: /customer/:id
???????D. Headers
HTTP request or response. The headers are shown in Postman's Headers tab.
When you click on the header, you'll get a variety of information, such as the one below. Despite the fact that every element on the Headers tab is a header item, we'll just look at the most significant ones.
Content-Type
Date
Server
Cookie expire time
Conclusion
Hence Postman is a sophisticated, powerful, and versatile API testing software. Having a fully flexible continuous testing infrastructure for APIs is very real with Newman as an add-on. Based on what we learned in our project, we believe that using the Postman toolchain for continuous API testing will help most development projects.
This study looked at how to verify the security of an Application Programming Interface (API)
In a nutshell, the Postman and Swagger tools are silent. These days, it\'s all the rage in the industry. The majority of the Apps connect with other applications in order to accomplish their goals. Use an API to share and obtain data feeds, whether it\'s from Google, Facebook, or Twitter. Facebook, smartphone apps, and online apps are all options. We concentrated on RESTful APIs
Specifically, the security of RESTful APIs.
References
[1] Dheeraj Chhillar, \"A Proposed T- Model to Cover 4S Quality Metrics Based on Empirical Study of Software Failures,\" International Journal of Electrical and Computer Engineering (IJECE), Vol. 9, No. 2, April 2019.
[2] \"SofTReL Software Testing Guide Book Part1,\" by Ajitha and Amrit Shah.
[3] S. L. Bangare, A. R. Khare, and P. S. Bangare, \"Quality measurement of modularized object-oriented software using metrics,\" ACM International Conference ICWET-2011 at Mumbai, ISBN: 978-1-4503-0449-8.
[4] \"Web Services Protocol: SOAP versus REST,\" by Vibha. Volume 4 Issue 5 of the International Journal of Advanced Research in Computer Engineering and Technology (IJARCET) was published in May 2015.
[5] Authorization (https://learning.getpostman.com/docs/po stman/send ingapi requests/authorization/), Postman Learning Centre
[6] P.P. Ray (n.d.) (n.d.) (n.d.) Computer and Information Sciences Journal of King Saud University (2018) 30, 291–319