Mockpreps
π§βπΌ
πͺ΄
Login now and master your exams with Mockprepsβ mock tests!
Top Interview Questions
Postman is a powerful and widely used tool for API development, testing, and management. Originally created as a Chrome extension in 2012, Postman has evolved into a full-fledged desktop and web application, supporting Windows, Mac, and Linux platforms. It provides developers and testers with a user-friendly interface to interact with APIs without writing complex code, thereby simplifying the entire API lifecycle. Postman enables the sending of HTTP requests, receiving responses, debugging, testing, and automating APIs effectively.
APIs (Application Programming Interfaces) are the backbone of modern web and mobile applications. They allow different software systems to communicate, share data, and perform operations. Testing APIs is critical to ensure functionality, security, and performance. Postman bridges the gap between backend developers, frontend developers, QA testers, and business analysts by providing an intuitive platform to work with APIs efficiently.
Postman is rich in features, making it more than just an API testing tool. Some of the notable features include:
Request Building:
Postman allows users to create and send HTTP requests using various methods like GET, POST, PUT, DELETE, PATCH, and OPTIONS. It supports URL parameters, headers, authentication, and body payloads in different formats such as JSON, XML, or form-data.
Environment Management:
Postman lets users define environments to store variables like API keys, tokens, URLs, or other dynamic data. This helps in switching between development, testing, staging, and production environments effortlessly.
Collections:
Collections are a group of saved requests organized logically for a project. Collections can be shared among team members, enabling collaboration and standardization in testing.
Automated Testing with Scripts:
Postman supports pre-request scripts and test scripts written in JavaScript. Users can perform validations, assertions, or data transformations automatically before sending a request or after receiving a response.
Mock Servers:
Postman provides the ability to create mock servers, which simulate API responses even before the actual backend is ready. This is particularly useful for frontend developers to start working without waiting for backend completion.
API Documentation:
Postman can automatically generate API documentation based on the requests and collections. This documentation can be published and shared, helping developers and testers understand API functionality without needing separate documents.
Monitoring:
Postman monitors allow scheduled execution of API requests to check their performance and uptime. This ensures that APIs are functioning as expected over time and can alert teams if there are issues.
Collaboration Tools:
Postman supports teamwork through workspaces, version control, and collaboration features. Teams can work on the same collections, track changes, and maintain a single source of truth.
Integration with CI/CD:
Postman can be integrated into Continuous Integration/Continuous Deployment (CI/CD) pipelines using tools like Jenkins, GitHub Actions, GitLab CI, or Azure DevOps. This allows automated testing of APIs during the deployment process.
Postman provides several advantages, making it an essential tool in the software development lifecycle:
User-Friendly Interface:
With an intuitive GUI, Postman makes API interaction easy, even for beginners who are not very familiar with HTTP requests and backend systems.
Time-Saving:
By eliminating the need to write code for basic API testing and automating repetitive tasks with collections and scripts, Postman drastically reduces development and testing time.
Supports Multiple API Types:
Postman can work with REST, SOAP, GraphQL, and WebSocket APIs, making it versatile for different projects.
Enhanced Collaboration:
Team features allow multiple users to work together on API development and testing, enhancing communication and reducing errors.
Error Detection and Debugging:
Postman provides detailed information about responses, status codes, headers, and body content, helping developers quickly identify and fix issues.
Security Testing:
Postman supports various authentication methods like Basic Auth, OAuth 2.0, JWT, API keys, and custom headers, helping testers validate secure access to APIs.
Scalability:
Postman is suitable for individual developers working on small projects as well as large enterprises managing hundreds of APIs.
Postman serves multiple purposes across different roles:
For Developers:
Developers use Postman to test APIs during development, debug issues, validate endpoints, and simulate requests and responses.
For QA Testers:
Testers use Postman to automate functional testing, perform regression testing, and ensure that APIs meet expected behavior and performance standards.
For Business Analysts:
Analysts can explore APIs using Postman to understand data flow and endpoints without diving into backend code, helping in requirement analysis and project planning.
For DevOps Teams:
Postman’s integration with CI/CD pipelines allows DevOps teams to perform automated API tests during builds and deployments, ensuring high-quality releases.
For Learning and Training:
Postman provides a great platform for learning API concepts and experimenting with requests, making it popular in educational settings and training programs.
Postman has become an indispensable part of modern software development. With the rise of microservices architecture, cloud-based APIs, and mobile-first applications, the need for efficient API testing and management has increased. Postman fits perfectly into agile development methodologies by enabling continuous testing, rapid prototyping, and seamless collaboration.
For instance, during an agile sprint, a backend developer can create new API endpoints and immediately test them using Postman. Meanwhile, frontend developers can use mock servers to simulate responses and continue their development without waiting for backend readiness. QA testers can write automated scripts in Postman to validate these APIs across multiple environments. The team can then share collections and environments within Postman workspaces, ensuring everyone stays on the same page.
While there are other tools available for API testing, such as SoapUI, Swagger, Insomnia, and JMeter, Postman stands out due to its ease of use, rich feature set, and active community. SoapUI is more focused on SOAP APIs and enterprise-level testing, while Postman is versatile for both REST and SOAP. Swagger is primarily used for API documentation and design, whereas Postman combines testing, automation, and documentation in one platform. Insomnia is lightweight and visually appealing but lacks some advanced collaboration and monitoring features that Postman offers. JMeter is excellent for load testing, but Postman provides a more accessible interface for functional testing and automation.
For freshers entering IT or software testing, learning Postman is highly recommended. Knowledge of Postman not only helps in testing APIs but also demonstrates familiarity with modern development tools and workflows, making candidates more attractive to potential employers. Understanding Postman’s features like collections, environments, scripting, and monitors provides a solid foundation for working on backend testing, DevOps practices, and API-driven projects.
Freshers can start by learning the basics:
Understanding HTTP methods and status codes.
Creating requests and analyzing responses.
Using environments and variables for dynamic testing.
Writing simple test scripts for response validation.
Creating and sharing collections for collaborative work.
As they progress, they can explore advanced features like mock servers, monitors, and CI/CD integration, which are valuable skills in real-world projects.
Answer:
Postman is a popular API (Application Programming Interface) testing tool that allows developers to design, test, and document APIs. It provides a user-friendly interface to send HTTP requests (GET, POST, PUT, DELETE, etc.) and view responses. It is widely used for manual API testing, automation, and collaboration among teams.
Key Points:
Supports REST, SOAP, and GraphQL APIs.
Allows environment management and scripting.
Provides automated testing through Postman Collections.
Answer:
User-friendly interface – easy to create and send requests.
Supports all HTTP methods – GET, POST, PUT, DELETE, PATCH, OPTIONS, etc.
Environment and variable support – for storing dynamic values.
Collections – group requests for testing workflows.
Automated Testing – using scripts written in JavaScript.
Mock Servers – simulate API responses.
Monitoring – check APIs performance over time.
Collaboration – share collections and documentation with teams.
Answer:
| Method | Description | Usage |
|---|---|---|
| GET | Requests data from a server | Fetch user data, read info |
| POST | Sends data to the server to create/update | Add new user, create record |
Example in Postman:
GET: https://api.example.com/users/1 – retrieves user details.
POST: https://api.example.com/users – sends JSON data to create a new user.
Answer:
A Collection is a group of saved API requests in Postman. It helps organize requests by project or functionality. Collections can also include tests, pre-request scripts, and variables.
Use Case:
Automating API testing.
Sharing APIs with team members.
Running requests sequentially using Collection Runner.
Answer:
An Environment in Postman is a set of key-value pairs that can be used to store variables such as API URLs, authentication tokens, or user IDs. It allows you to switch between different setups (like dev, staging, production) without changing the request manually.
Example:
Environment variable: {{baseUrl}} = https://api.example.com
Request URL: {{baseUrl}}/users
Switching environments changes the base URL automatically.
Answer:
Pre-request Script: Code (JavaScript) executed before the request is sent. Used for generating tokens, timestamps, or modifying request headers dynamically.
Example: Generate a timestamp:
pm.environment.set("timestamp", new Date().toISOString());
Test Script: Code executed after the request is completed. Used for validating responses, status codes, or extracting data.
Example: Check status code is 200:
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
Answer:
Variables store dynamic values and can be used across requests. Types of variables:
Global Variables: Available in all collections and environments.
Environment Variables: Specific to an environment (dev, staging, prod).
Collection Variables: Available within a specific collection.
Local Variables: Available only in the current request.
Data Variables: Used in data-driven tests (from CSV/JSON files).
Example:
{{userId}} – dynamically replaced during request execution.
Answer:
Automation is done using Collections and Collection Runner:
Save all requests in a collection.
Write test scripts to validate responses.
Use Collection Runner to run multiple requests in sequence.
Optionally, use data files (CSV/JSON) for data-driven tests.
Use Postman Monitors to schedule automated runs.
Example Test Script:
pm.test("Response time is less than 200ms", function () {
pm.expect(pm.response.responseTime).to.be.below(200);
});
Answer:
A Mock Server simulates an API response without the real backend. Useful for front-end developers to continue work when the backend is not ready.
Steps to create:
Save request and response in a collection.
Click “Mock Server” in Postman.
Use the mock URL in your application to test API calls.
Answer:
Easy to use for both beginners and experienced developers.
Supports automated testing and monitoring.
Centralized API documentation.
Collaboration via Workspaces and shared collections.
Reduces dependency on the backend with mock servers.
Integrates with CI/CD tools for DevOps.
| Method | Description | Use Case |
|---|---|---|
| PUT | Updates the entire resource | Update user info completely |
| PATCH | Updates specific fields of a resource | Update user email only |
Answer:
Postman supports multiple authorization types:
No Auth
API Key – pass key in headers or query parameters.
Bearer Token – usually JWT.
Basic Auth – username and password.
OAuth 1.0/2.0 – for secured APIs.
Example (Bearer Token):
Go to Authorization → Bearer Token → Enter token value → Send request.
| Feature | Postman | Swagger |
|---|---|---|
| Purpose | API testing, automation, collaboration | API documentation and design |
| UI | Rich interactive interface | Documentation-focused |
| Testing | Supports automated tests | Limited testing |
| Collaboration | Yes, team workspaces | Mostly documentation |
Answer:
Collection Runner allows you to run multiple requests from a collection in a sequence automatically.
Steps:
Open Postman → Collections → Select collection → Click “Run”.
Choose environment and iteration count.
Optionally, upload a data file (CSV/JSON) for data-driven testing.
Click Run and view results.
Answer:
Dynamic data can be handled using:
Variables – environment, global, collection, or local.
Pre-request scripts – generate timestamps, tokens, random values.
Data files – use CSV or JSON to feed multiple sets of input values.
Example: Random email:
pm.environment.set("randomEmail", `user${Math.floor(Math.random()*1000)}@example.com`);
Answer:
Status code: pm.response.to.have.status(200);
Response time: pm.expect(pm.response.responseTime).to.be.below(500);
Response body: pm.expect(pm.response.text()).to.include("success");
JSON value:
let jsonData = pm.response.json();
pm.expect(jsonData.name).to.eql("John");
Answer:
Yes. Postman collections can be exported and run using Newman CLI (command-line tool). Newman can be integrated with CI/CD pipelines like Jenkins, GitHub Actions, or GitLab CI to automate API testing.
Command example:
newman run collection.json -e environment.json
Answer:
Organize requests using collections and folders.
Use environment variables for dynamic values.
Write reusable scripts for tests and pre-request tasks.
Use descriptive names for requests and variables.
Regularly update and maintain collections.
Share collections for collaboration.
Use mock servers for frontend-backend independence.
Answer:
Newman is a command-line tool used to run Postman collections outside the Postman GUI. It allows integration with CI/CD pipelines (like Jenkins, GitHub Actions) for automated API testing.
Usage Example:
newman run collection.json -e environment.json
collection.json → exported Postman collection
environment.json → exported environment file
Advantages:
Automates testing in CI/CD pipelines.
Supports reporting in HTML, JSON, or CLI.
Enables scheduled API testing using scripts.
| Feature | Postman Sandbox | Pre-request Script |
|---|---|---|
| Definition | JavaScript execution environment in Postman | Script executed before sending a request |
| Use | Used for all scripts (tests, pre-request) | Generate tokens, timestamps, or manipulate variables before request |
| Scope | All scripts | Only for a particular request or collection |
Example (Sandbox):
pm.environment.set("currentDate", new Date().toISOString());
Answer:
Postman Monitors automatically run collections at scheduled intervals. It helps in checking API performance, uptime, and response validity.
Steps to create:
Go to your collection → Click “Monitor” → Create a monitor.
Set schedule (daily, hourly, etc.).
Select environment, and receive notifications for failures.
Use Case:
Monitor a payment API to ensure it is returning valid responses.
Detect API downtime automatically.
Answer:
Tokens can be dynamically handled using pre-request scripts and environment variables.
Example:
pm.sendRequest({
url: 'https://api.example.com/get-token',
method: 'POST',
header: { 'Content-Type': 'application/json' },
body: {
mode: 'raw',
raw: JSON.stringify({ username: 'user', password: 'pass' })
}
}, function (err, res) {
pm.environment.set('authToken', res.json().token);
});
Then, in the Authorization header of your main request:
Bearer {{authToken}}
Answer:
You can parse the response JSON and validate values using pm.response.json().
Example:
let jsonData = pm.response.json();
pm.test("Check user name", function () {
pm.expect(jsonData.name).to.eql("John");
});
pm.test("Check status is active", function () {
pm.expect(jsonData.status).to.eql("active");
});
Answer:
Workspaces allow collaboration and separation of projects in Postman.
Types of Workspaces:
Personal Workspace – Private workspace for individual use.
Team Workspace – Shared workspace for collaboration with team members.
Use Case:
Developers can work on APIs individually in personal workspace.
QA team can share collections and environments in a team workspace.
Answer:
Status code check – pm.response.to.have.status(200);
Response time check – pm.expect(pm.response.responseTime).to.be.below(500);
Response body content – pm.expect(pm.response.text()).to.include("success");
JSON schema validation – ensures response structure is correct.
Header validation – verify content-type or other headers.
Chaining requests – passing data from one request to another.
Answer:
Data-driven testing allows running the same request with multiple data sets using CSV or JSON files.
Steps:
Prepare CSV or JSON with test data:
username,password
user1,pass1
user2,pass2
Open Collection Runner → Select data file → Run collection.
Postman iterates through each row and executes requests.
Answer:
JSON Schema Validation ensures the API response structure matches expected design.
Example:
const schema = {
type: "object",
properties: {
id: { type: "number" },
name: { type: "string" },
email: { type: "string" }
},
required: ["id", "name", "email"]
};
pm.test('Schema is valid', function() {
pm.response.to.have.jsonSchema(schema);
});
Answer:
You can pass data between requests using environment variables or global variables.
Example:
First request: Get user ID → save in environment variable.
let jsonData = pm.response.json();
pm.environment.set("userId", jsonData.id);
Second request: Use {{userId}} in URL or body.
Answer:
Check the console (View → Show Postman Console).
Log response or variables using:
console.log(pm.response.text());
console.log(pm.environment.get("userId"));
Validate test scripts carefully for syntax errors.
Verify request URL, headers, and body are correct.
| Feature | Postman | SoapUI |
|---|---|---|
| Best For | REST APIs, manual testing, automation | SOAP APIs, enterprise-level testing |
| Interface | User-friendly, GUI | More technical, GUI-based |
| Scripting | JavaScript (Pre-request & Tests) | Groovy scripting |
| Mocking | Supported | Supported |
| Team Collaboration | Easy | Limited (Pro version needed) |
| Feature | Collection Variables | Environment Variables |
|---|---|---|
| Scope | Only available within the collection | Available in the selected environment |
| Use Case | Specific to collection workflow | Can be reused across multiple collections |
| Example | {{apiKey}} for one collection |
{{baseUrl}} for dev/staging/prod |
Answer:
Handling dynamic data across multiple requests.
Keeping environment variables updated for multiple stages.
Managing large collections efficiently.
Debugging complex test scripts.
Ensuring team collaboration without version conflicts.
| Status Code | Meaning |
|---|---|
| 200 OK | Request successful, data returned |
| 201 Created | Resource successfully created on the server |
Answer:
Use environment variables instead of hard-coded values.
Write reusable functions in scripts.
Keep test scripts simple and modular.
Use JSON schema for response validation.
Document scripts and collections clearly.
Answer:
| Feature | REST | SOAP |
|---|---|---|
| Protocol | HTTP | XML-based protocol |
| Data format | JSON, XML, Text | XML |
| Performance | Lightweight, faster | Heavy, slower |
| Flexibility | High, can use multiple data formats | Strict, standards-based |
| Caching | Supported | Not supported |
| Security | OAuth, JWT | WS-Security |
Use Case in Postman:
REST APIs are easier to test and automate in Postman.
SOAP requests require XML body and SoapAction headers.
Answer:
Set method to POST.
Add the SOAP endpoint URL.
Set Content-Type header to text/xml.
Add SOAP XML body in the request.
Send request and validate response using test scripts.
Example Test Script:
pm.test("Check SOAP response contains success", function() {
pm.response.to.have.body("Success");
});
Answer:
| Feature | Environment Variable | Global Variable |
|---|---|---|
| Scope | Limited to selected environment | Available in all environments |
| Example | {{baseUrl}} for dev/staging/prod |
{{authToken}} shared across collections |
| Use Case | Switching environments easily | Reusing common values like tokens or IDs |
Example:
Environment: {{baseUrl}} = https://dev.api.com
Global: {{authToken}} = abc123xyz
Answer:
Use Postman test scripts to check headers.
Example:
pm.test("Content-Type is JSON", function () {
pm.response.to.have.header("Content-Type", "application/json; charset=utf-8");
});
Answer:
Use path variables or environment variables.
Example:
Endpoint: https://api.example.com/users/:userId
Path variable: userId = 123
Or use environment variable: https://api.example.com/users/{{userId}}
| Type | Description | Use Case |
|---|---|---|
| Raw | Send data in JSON, text, or XML format | Sending JSON payload in POST/PUT |
| form-data | Send key-value pairs for multipart data | File upload or form submission |
| x-www-form-urlencoded | Key-value pairs URL-encoded | Standard web forms |
Answer:
Go to Authorization tab → Select OAuth 2.0.
Click Get New Access Token.
Enter Client ID, Client Secret, Auth URL, Token URL.
Click Request Token → Use token in request header automatically.
Answer:
Postman automatically stores cookies for responses.
View cookies → Click “Cookies” button.
You can add, delete, or modify cookies for a request.
Example Test Script:
pm.test("Check session cookie exists", function() {
let cookies = pm.cookies.get("session_id");
pm.expect(cookies).to.not.be.undefined;
});
Answer:
Asynchronous APIs return responses after some delay.
You can test using setTimeout in pre-request or check status code in repeated requests.
Optionally, use Postman monitors to retry until expected response arrives.
Answer:
Open Postman Console (View → Show Postman Console).
Log variables and response:
console.log(pm.response.text());
console.log(pm.environment.get("userId"));
Check request URL, headers, and body.
Validate authentication and environment settings.
Answer:
Many APIs limit requests per minute/hour.
Use setTimeout in pre-request scripts for delay.
Use Collection Runner with delay option:
Specify delay between requests in milliseconds.
Check response headers like X-RateLimit-Remaining to avoid hitting limits.
Answer:
Save requests in a collection.
Set environment variables in first request:
let jsonData = pm.response.json();
pm.environment.set("userId", jsonData.id);
Use {{userId}} in the next request URL or body.
Collection Runner executes requests in sequence with dynamic data.
Answer:
Use form-data in body.
Key: parameter name, Type: File, Value: select file.
Example:
Key: profile_pic → Choose file
POST request → Upload image or CSV file to API.
Answer:
Install Newman on Jenkins server:
npm install -g newman
Export Postman collection and environment JSON.
Create a Jenkins pipeline or freestyle job:
newman run collection.json -e environment.json -r cli,html
Schedule the job or trigger via webhook.
View test reports (CLI or HTML).
Answer:
Create a mock server from a collection.
Postman generates a URL for the mock server.
Frontend can use mock URL before backend is ready.
Responses can be static or dynamic using scripts.
Answer:
Postman is not a full-fledged performance tool like JMeter, but can simulate some load:
Use Collection Runner with iterations.
Add delay between requests.
Measure response time using pm.response.responseTime.
Use Newman CLI to run multiple iterations.
Example:
pm.test("Response time is less than 200ms", function () {
pm.expect(pm.response.responseTime).to.be.below(200);
});
| Feature | Free | Pro/Enterprise |
|---|---|---|
| Team Collaboration | Limited | Full access to shared workspaces |
| Monitors | Limited | Unlimited monitoring |
| API Documentation | Basic | Customizable with publishing options |
| Version Control | No | Full version control and rollback |
| Mock Servers | Limited | Unlimited |
Example:
let jsonData = pm.response.json();
pm.test("Check number of users", function () {
pm.expect(jsonData.length).to.be.above(0);
});
pm.test("Check first user name", function () {
pm.expect(jsonData[0].name).to.eql("John");
});
Answer:
Send invalid data or missing fields.
Validate error response code and message:
pm.test("Should return 400 Bad Request", function () {
pm.response.to.have.status(400);
});
pm.test("Check error message", function () {
pm.expect(pm.response.text()).to.include("Invalid email");
});
Answer:
Select POST method.
Enter GraphQL endpoint.
Set body type to GraphQL.
Enter query or mutation.
Send request → Validate response.
Example Query:
{
user(id: "1") {
name
email
}
}
Answer:
Use environment variables and pre-request scripts.
Example:
pm.environment.set("authHeader", "Bearer " + pm.environment.get("authToken"));
Use {{authHeader}} in headers for dynamic authorization.
Answer:
Beginner level: Manual API testing, sending GET/POST requests, using simple variables, saving collections.
Advanced level:
Writing complex pre-request and test scripts using JavaScript.
Chaining multiple requests using environment and collection variables.
Using Newman for CI/CD integration and automated regression testing.
Creating data-driven tests using CSV/JSON.
Performance checks and monitoring APIs with Postman Monitors.
Answer:
Collection Runner allows you to execute multiple requests in sequence.
Data files (CSV/JSON) allow running the same collection with multiple test data sets (data-driven testing).
Use Case:
Testing user login with multiple username/password combinations.
Validating CRUD operations for multiple records.
Example:
Prepare CSV:
username,password
user1,pass1
user2,pass2
Run collection → select data file → results are generated for each row.
Answer:
Export Postman collection and environment JSON files.
Install Newman CLI on Jenkins, GitLab CI, GitHub Actions, or any CI server.
npm install -g newman
newman run collection.json -e environment.json -r cli,html
Add Newman command in pipeline scripts to automate testing.
Generate reports (HTML, JSON) for CI/CD dashboards.
Schedule periodic automated API testing using monitors or cron jobs.
Answer:
Chaining requests: Using data from one request in subsequent requests.
Example:
First request: Create a user → store user ID:
let jsonData = pm.response.json();
pm.environment.set("userId", jsonData.id);
Second request: Use {{userId}} in URL to update user.
Dynamic variables: Automatically generate timestamps, random values, or tokens using pre-request scripts:
pm.environment.set("randomEmail", `user${Math.floor(Math.random()*1000)}@mail.com`);
Answer:
Use environment variables for base URLs and tokens.
Store tokens dynamically in pre-request scripts:
pm.sendRequest({
url: pm.environment.get("authUrl"),
method: 'POST',
header: { 'Content-Type': 'application/json' },
body: { mode: 'raw', raw: JSON.stringify({ username: 'user', password: 'pass' }) }
}, function(err, res) {
pm.environment.set("authToken", res.json().token);
});
Use {{authToken}} in headers across all environments (dev, staging, prod).
Answer:
Steps:
Create a collection with test requests.
Prepare CSV or JSON with test data.
Run collection in Newman:
newman run collection.json -e environment.json --iteration-data data.csv -r cli,html
Use Case: Validate API with multiple test inputs, like user registration with different email IDs.
Generates detailed reports showing pass/fail for each data set.
Answer:
Use JSON schema validation in test scripts:
const schema = {
type: "object",
properties: {
id: { type: "number" },
name: { type: "string" },
email: { type: "string" }
},
required: ["id", "name", "email"]
};
pm.test("Schema is valid", function () {
pm.response.to.have.jsonSchema(schema);
});
Ensures API response structure is consistent and correct.
Crucial for automated regression testing in CI/CD pipelines.
Answer:
Some APIs (webhooks, delayed processing) respond asynchronously.
Techniques:
Poll API repeatedly until the expected status is received.
Use setTimeout in pre-request scripts to add delays.
Validate status codes and response content dynamically.
Example:
pm.test("Check status is completed", function() {
let status = pm.response.json().status;
pm.expect(status).to.eql("completed");
});
Answer:
Use Postman Console (View → Show Postman Console).
Log request/response data:
console.log(pm.response.text());
console.log(pm.environment.get("userId"));
Validate:
Request URL, headers, body
Environment variables and token values
Status codes and response structure
Advanced debugging: Use Newman logs with --reporters cli,json to track failures in CI/CD pipelines.
Answer:
Monitors automatically run collections on a schedule.
Use Cases:
Monitor API uptime and response time.
Execute regression tests daily or hourly.
Generate reports and alerts on failures.
Steps:
Select collection → Create monitor → Set schedule → Choose environment.
Receive notifications via email or webhook.
Answer:
Export collections and environments → Save in a Git repository.
Use Postman API or CLI tools to push updates automatically.
Maintain version control for collections and scripts.
Enables team collaboration with rollback options.
Answer:
Set POST method and endpoint URL.
Select GraphQL body type.
Enter query or mutation:
{
user(id: "1") {
id
name
email
}
}
Add variables if required.
Send request and validate response using test scripts.
Answer:
Use folders to group related requests.
Use collection variables for shared data within the folder.
Maintain modular pre-request and test scripts to reduce redundancy.
Use tags and naming conventions to identify requests quickly.
Answer:
Maintain separate collections for different API versions (v1, v2, v3).
Use environment variables to switch between base URLs.
Example:
{{baseUrl}}/v1/users
{{baseUrl}}/v2/users
Helps regression testing and backward compatibility validation.
Answer:
Use pre-request scripts to dynamically generate tokens or headers.
Example: HMAC token generation:
const crypto = require('crypto');
let timestamp = new Date().toISOString();
let secret = pm.environment.get("secretKey");
let token = crypto.createHmac('sha256', secret).update(timestamp).digest('hex');
pm.environment.set("authToken", token);
Then use {{authToken}} in request headers.
Answer:
Use Collection Runner with iteration delay.
Example: Run 100 requests with 500ms delay to check API throttling.
Validate response codes for rate-limit errors (e.g., 429 Too Many Requests).
Check response headers like X-RateLimit-Remaining or Retry-After.
Answer:
Send invalid or missing data to validate error handling.
Example: Missing required field in POST request:
pm.test("Return 400 Bad Request", function () {
pm.response.to.have.status(400);
});
pm.test("Error message is correct", function () {
pm.expect(pm.response.text()).to.include("email is required");
});
Ensures API handles invalid input gracefully.
Answer:
Use POST method with XML body.
Use variables for dynamic values in XML:
<soapenv:Envelope>
<soapenv:Body>
<GetUser>
<id>{{userId}}</id>
</GetUser>
</soapenv:Body>
</soapenv:Envelope>
Validate response using xml2Json or XPath in test scripts.
Answer:
Use Newman CLI to run collections without GUI.
Generate reports in JSON, HTML, or JUnit format:
newman run collection.json -e environment.json -r cli,html,junit
Integrate into CI/CD for scheduled regression testing.
Answer:
Workspaces allow team members to collaborate on collections, environments, and APIs.
Types:
Personal Workspace: Private, for individual testing.
Team Workspace: Shared with multiple users for collaboration.
Use Case:
Developers create and test APIs.
QA validates the same collection.
Shared environments ensure consistent testing data.
Advanced Tip: Use role-based access control in enterprise workspaces to manage permissions.
Answer:
Environment variables: Specific to a project environment (dev, staging, prod).
Global variables: Can be accessed across multiple collections.
Dynamic updates:
let jsonData = pm.response.json();
pm.environment.set("userId", jsonData.id);
pm.globals.set("authToken", jsonData.token);
Use Case: Run multiple collections that share a token or common URL.
Answer:
Maintain a master collection for all API endpoints.
Write robust test scripts for status codes, response body, headers, and schema.
Run the collection via Newman:
newman run master_collection.json -e environment.json -r cli,html
Schedule regression tests in CI/CD pipelines using Jenkins, GitLab, or GitHub Actions.
Validate results using HTML/JSON reports.
Answer:
Store values from one request in environment or collection variables.
Example scenario: Create a user → Get user ID → Update user → Delete user.
let jsonData = pm.response.json();
pm.environment.set("userId", jsonData.id);
Subsequent requests use {{userId}} in URL or body.
Advanced Tip: Use pre-request scripts to compute dynamic data before chained requests.
Answer:
Validate headers:
pm.test("Content-Type is JSON", function() {
pm.response.to.have.header("Content-Type", "application/json; charset=utf-8");
});
Validate cookies:
pm.test("Session cookie exists", function() {
let cookie = pm.cookies.get("session_id");
pm.expect(cookie).to.not.be.undefined;
});
Useful for authentication, caching, or security testing.
Answer:
Postman is limited but can simulate basic load tests:
Run collection using Collection Runner with multiple iterations.
Add delay between requests.
Measure response times in scripts:
pm.test("Response time < 500ms", function () {
pm.expect(pm.response.responseTime).to.be.below(500);
});
Use Newman for running multiple iterations in CI/CD.
Advanced Tip: For high-scale performance testing, integrate Postman with JMeter or k6.
Answer:
Use a pre-request script to fetch a token dynamically and store it in environment variables:
pm.sendRequest({
url: pm.environment.get("authUrl"),
method: "POST",
header: { "Content-Type": "application/json" },
body: { mode: "raw", raw: JSON.stringify({ username: "user", password: "pass" }) }
}, function(err, res) {
pm.environment.set("authToken", res.json().token);
});
Use {{authToken}} in Authorization headers of all requests.
Answer:
Use POST method → Select GraphQL body type.
Add query or mutation and variables:
query getUser($id: ID!) {
user(id: $id) {
name
email
}
}
Variables JSON:
{ "id": "1" }
Test responses dynamically:
pm.test("User name is John", function () {
let jsonData = pm.response.json();
pm.expect(jsonData.data.user.name).to.eql("John");
});
Answer:
Use POST method with Content-Type text/xml.
Insert dynamic variables in XML body:
<GetUserRequest>
<userId>{{userId}}</userId>
</GetUserRequest>
Parse response using xml2Json in test scripts:
let jsonObj = xml2Json(pm.response.text());
pm.expect(jsonObj.GetUserResponse.status).to.eql("success");
Answer:
Use CSV or JSON data files with Collection Runner or Newman:
CSV Example:
username,password,expectedStatus
user1,pass1,200
user2,pass2,200
Newman command:
newman run collection.json -e environment.json --iteration-data data.csv
Validates multiple combinations automatically and generates reports.
Answer:
Use Newman CLI logs with JSON or HTML reporter:
newman run collection.json -e env.json -r cli,json,html
Examine:
Request/response details
Environment variables
Authorization tokens
Response time and headers
Add console.log() in test scripts for deeper debugging.
Answer:
APIs may return 429 Too Many Requests.
Handle using:
Delays in Collection Runner (--delay-request 500).
Check response headers X-RateLimit-Remaining and Retry-After.
Retry logic in pre-request scripts.
Answer:
Organize requests into folders by module/functionality.
Use collection and environment variables for shared data.
Maintain modular pre-request and test scripts.
Use naming conventions and tags for easy navigation.
Answer:
Send invalid/missing data.
Validate API error codes and messages:
pm.test("Invalid email returns 400", function() {
pm.response.to.have.status(400);
pm.expect(pm.response.text()).to.include("Invalid email");
});
Ensures API handles errors gracefully and consistently.
Answer:
Monitors run collections at scheduled intervals.
Use Cases:
Monitor uptime and availability.
Validate response time and schema.
Send alerts for failures (email/webhook).
Steps:
Select collection → Create Monitor → Choose schedule.
Set environment → Monitor executes automatically.
Analyze logs and reports for performance issues.
Answer:
Use modular scripts for reusable code.
Maintain consistent naming conventions for requests, variables, and collections.
Use environment variables for dynamic data and different stages.
Use Newman for CI/CD automation and reporting.
Validate JSON/XML schemas for consistent responses.
Implement data-driven testing with CSV/JSON.
Organize large collections with folders, tags, and versioning.
Use Monitors for production health checks.
Document collections clearly for team collaboration..
Answer:
Maintain separate collections for each API version (v1, v2, v3).
Use environment variables to switch base URLs easily:
{{baseUrl}}/v1/users
{{baseUrl}}/v2/users
Benefits:
Easy regression testing for new versions.
Maintain backward compatibility checks.
Advanced Tip: Tag requests with version numbers for better organization.
Answer:
Postman allows pre-request and test scripts at collection level, which apply to all requests in that collection.
Use Case:
Automatically add authentication tokens to all requests.
Log start/end time for performance measurement.
Example (pre-request script at collection level):
pm.request.headers.add({ key: "Authorization", value: "Bearer " + pm.environment.get("authToken") });
Answer:
Authentication: Validate all endpoints require proper credentials.
Authorization: Ensure users cannot access restricted endpoints.
Token Expiry: Check that expired tokens return correct error codes.
Input Validation: Test SQL injection, XSS, and invalid data.
Headers: Validate secure headers like Content-Security-Policy.
Cookies: Ensure secure flags (HttpOnly, Secure) are set.
Example script to check authorization:
pm.test("Unauthorized request returns 401", function () {
pm.response.to.have.status(401);
});
Answer:
Enable Postman Console for logging requests and responses.
Add console.log() in pre-request and test scripts.
Validate environment variables and tokens are correct.
Check network latency, API rate limits, or server errors.
Use Newman reports in CI/CD pipelines for historical failures.
Consider mock servers to isolate issues.
Answer:
Combine multiple requests in a collection representing the workflow.
Example: User Registration → Login → Create Resource → Update Resource → Delete Resource.
Use environment variables to pass dynamic data between requests.
Validate each step using test scripts.
pm.environment.set("userId", pm.response.json().id);
Run using Collection Runner or Newman for automation.
Answer:
Parse JSON using pm.response.json().
Use JavaScript logic to validate dynamic data:
let jsonData = pm.response.json();
pm.test("Check age is greater than 18", function() {
pm.expect(jsonData.age).to.be.above(18);
});
pm.test("Name matches pattern", function() {
pm.expect(jsonData.name).to.match(/^[A-Za-z]+$/);
});
Answer:
Use Collection Runner with multiple iterations.
Use data files (CSV/JSON) to feed different payloads.
Example: Test 100 user registrations with different emails and passwords.
Combine with Newman for CLI execution in pipelines:
newman run users_collection.json -e env.json --iteration-data users.csv
Answer:
Use environment or collection variables in the URL:
https://api.example.com/users?status={{status}}&role={{role}}
Set variable values in environment or pre-request scripts:
pm.environment.set("status", "active");
pm.environment.set("role", "admin");
Dynamic parameters allow testing multiple query combinations without changing the request manually.
Answer:
Select POST method → GraphQL body.
Example mutation:
mutation createUser($input: UserInput!) {
createUser(input: $input) {
id
name
email
}
}
Variables JSON:
{
"input": {
"name": "John",
"email": "john@example.com"
}
}
Validate response using test scripts:
pm.test("User created successfully", function () {
let jsonData = pm.response.json();
pm.expect(jsonData.data.createUser.id).to.not.be.null;
});
Answer:
SOAP APIs require POST requests with XML body.
Use environment variables for dynamic fields:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:usr="http://user.example.com">
<soapenv:Body>
<usr:GetUser>
<usr:UserId>{{userId}}</usr:UserId>
</usr:GetUser>
</soapenv:Body>
</soapenv:Envelope>
Parse response using xml2Json or XPath in test scripts:
let jsonObj = xml2Json(pm.response.text());
pm.expect(jsonObj.GetUserResponse.status).to.eql("Success");
Answer:
Use pre-request scripts or Newman CLI options.
Example: Retry until status code 200 or max retries reached:
let retryCount = pm.environment.get("retryCount") || 0;
if (pm.response.code !== 200 && retryCount < 3) {
pm.environment.set("retryCount", retryCount + 1);
postman.setNextRequest(pm.info.requestName);
} else {
pm.environment.set("retryCount", 0);
}
Answer:
Run collection using Newman in CLI:
newman run collection.json -e env.json -r cli,html,json
Jenkins/GitHub Actions can:
Generate HTML/JSON reports.
Fail pipeline if tests fail.
Notify teams via Slack/email on failures.
Use environment variables for dynamic configuration in pipeline.
Answer:
Test invalid tokens, expired tokens, missing headers.
Validate correct response codes and messages:
pm.test("Unauthorized access returns 401", function() {
pm.response.to.have.status(401);
});
pm.test("Error message contains 'Invalid token'", function() {
pm.expect(pm.response.text()).to.include("Invalid token");
});
Ensures APIs are secure and handle unauthorized access properly.
Answer:
Use team workspaces for shared collections and environments.
Maintain version-controlled collections in Git.
Use environment variables to avoid hardcoding sensitive data.
Document all requests, scripts, and workflows.
Tag requests for modules or API versions.
Implement monitors to track production API health.
Automate testing with Newman and CI/CD.
Use modular pre-request and test scripts for reusability.
