Postman for API Testing: Complete Tutorial

Postman is the most popular API testing tool for developers. It simplifies API development with an intuitive interface, powerful collections, and automated testing. Whether you're building REST, GraphQL, or gRPC APIs, Postman has you covered.

This tutorial covers everything from basics to advanced features in Postman 2026.

Getting Started with Postman

Installation

• Desktop App: Download from postman.com (recommended for power users)
• Web App: app.postman.com (no installation required)
• VS Code Extension: Thunder Client (lightweight alternative)

Creating an Account

• Free Account: Limited but sufficient for individuals
• Basic Plan: $12/user/month (better collections, unlimited mock servers)
• Professional Plan: $29/user/month (team features, advanced monitoring)

First API Request

Creating a Request

1. Open Postman and click "New Request"
2. Enter the API URL: https://api.example.com/users
3. Select HTTP method: GET, POST, PUT, DELETE, etc.
4. Click "Send"
5. View response in the bottom panel

Common HTTP Methods

Method	Description	Example
GET	Retrieve data	GET /users
POST	Create data	POST /users
PUT	Update data	PUT /users/123
PATCH	Partial update	PATCH /users/123
DELETE	Remove data	DELETE /users/123

Postman Collections

What are Collections?

Collections organize API requests into logical groups. Perfect for APIs with many endpoints.

Creating a Collection

1. Create a few related requests
2. Select the requests (Cmd/Ctrl + click)
3. Click "Save to Collection"
4. Create a new collection or add to existing
5. Organize with folders inside collections

Collection Structure Example

My API Collection
├── Authentication
│   ├── Login
│   ├── Register
│   └── Refresh Token
├── Users
│   ├── Get All Users
│   ├── Get User by ID
│   ├── Create User
│   ├── Update User
│   └── Delete User
└── Posts
    ├── Get Posts
    ├── Create Post
    ├── Update Post
    └── Delete Post
        

Environments

Managing Multiple Environments

Environments let you manage variables for different stages (dev, staging, production).

Creating Environments

1. Click the environment selector (top right)
2. Click "Add"
3. Name it: "Development"
4. Add variables:
   • base_url: https://dev-api.example.com
   • api_key: dev-key-123
5. Create "Staging" and "Production" environments similarly

Using Environment Variables

In your requests, reference variables with {{variable_name}} syntax:

URL: {{base_url}}/users
Headers:
  Authorization: Bearer {{api_key}}
        

Authentication

Bearer Token (JWT)

1. Go to Headers tab in your request
2. Add header:
   • Key: Authorization
   • Value: Bearer {{jwt_token}}

API Key

1. Add header:
   • Key: X-API-Key
   • Value: {{api_key}}

OAuth 2.0

Postman supports OAuth 2.0 flows:

1. Click "Authorization" tab
2. Select "OAuth 2.0" from Type dropdown
3. Configure callback URL, auth URL, token URL
4. Click "Get New Access Token"
5. Use token automatically in requests

Automated Testing

Writing Tests

Add tests to requests using the "Tests" tab. Postman evaluates tests after receiving the response.

Example Tests

// Test status code
pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

// Test response time
pm.test("Response time is less than 200ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(200);
});

// Test response body has specific field
pm.test("Response has user ID", function () {
    const jsonData = pm.response.json();
    pm.expect(jsonData.id).to.exist;
});

// Save value from response for next request
const jsonData = pm.response.json();
pm.environment.set("user_id", jsonData.id);
        

Running Tests

• Run tests for a single request (Tests tab)
• Run tests for an entire collection (Collection Runner)
• Automate tests with Newman (CLI tool)

Pre-Request Scripts

Run JavaScript before requests for dynamic data, timestamps, or authentication.

Examples

// Generate timestamp
const timestamp = Date.now();
pm.environment.set("timestamp", timestamp);

// Generate random data
const userId = Math.floor(Math.random() * 1000);
pm.environment.set("random_user_id", userId);

// Hash data for authentication
const crypto = require('crypto-js');
const hashedPassword = crypto.SHA256(pm.environment.get("password")).toString();
pm.environment.set("hashed_password", hashedPassword);
        

Mock Servers

Postman lets you create mock servers that simulate API responses. Perfect for frontend development when the backend isn't ready.

Setting Up a Mock Server

1. Open a collection
2. Click "..." menu → "Mock collection"
3. Postman generates a mock URL: https://mockserver-id.mock.pstmn.io
4. Add examples to each request with different responses

Adding Examples

• Open a request → "Examples" tab
• Add example with:
  • Status code (200, 404, etc.)
  • Response body
  • Headers

GraphQL Support

Creating GraphQL Requests

1. Create new request
2. Change type from "GET" to "GraphQL"
3. Enter query or mutation
4. Click "Send"

Example GraphQL Request

query GetUser($id: ID!) {
  user(id: $id) {
    id
    name
    email
  }
}

Variables:
{
  "id": 123
}
        

Monitors (Paid Plans)

Monitors run your API requests on a schedule and alert you if they fail. Essential for production monitoring.

Setting Up a Monitor

1. Open collection → "Monitors" tab
2. Click "Create Monitor"
3. Configure:
   • Name: "User API Health Check"
   • Request: Select from collection
   • Frequency: Every 5 minutes
   • Region: US-East
   • Alerts: Email, Slack, PagerDuty

Team Collaboration

Sharing Collections

1. Open collection → "Share"
2. Generate share link (for anyone)
3. Or invite team members (for private access)
4. Team can fork collections and make changes

Workspaces

Workspaces let teams collaborate in real-time:

• ✅ Real-time collaboration
• ✅ Shared collections and environments
• ✅ Team comments and discussions
• ✅ Version control for collections

Advanced Features

API Documentation

Generate API documentation from collections:

1. Open collection → "..." menu
2. Select "View in web"
3. Postman generates documentation automatically
4. Share documentation link

API Design

Design APIs before implementing:

1. Create "New API Definition"
2. Design endpoints with OpenAPI/Swagger spec
3. Generate mock servers automatically
4. Generate code stubs

Import/Export

• Import: Import from OpenAPI/Swagger, RAML, WSDL, or cURL
• Export: Export collections as JSON for version control or sharing

2026 Updates

Postman 11.0

• 🆕 Improved GraphQL editor with autocomplete
• 🆕 Better gRPC support
• 🆕 Enhanced test runner with parallel execution
• 🆕 AI-powered test suggestions
• 🆕 Better workspace performance
• 🆕 New API design templates

Best Practices

1. Organize Collections

• Use folders to group related endpoints
• Use descriptive names (not just "Request 1")
• Document endpoints with descriptions

2. Use Environment Variables

• Never hardcode URLs, tokens, or IDs
• Use variables for environment-specific values
• Keep sensitive data in variables (not in requests)

3. Write Tests

• Test status codes for every endpoint
• Test response structure and required fields
• Test edge cases (missing data, invalid data)

4. Use Pre-Request Scripts

• Generate timestamps and random IDs
• Handle authentication tokens
• Generate test data

Getting Started Checklist

Day 1

• ☐ Install Postman Desktop
• ☐ Create account and sign in
• ☐ Create first GET request
• ☐ Create first POST request with body

Week 1

• ☐ Create a collection for your API
• ☐ Set up environments (dev, staging, prod)
• ☐ Write tests for critical endpoints
• ☐ Explore authentication options

Week 2+

• ☐ Set up mock servers for frontend
• ☐ Configure monitors for production APIs
• ☐ Share collections with team
• ☐ Automate tests with Newman

Conclusion

Postman is an essential tool for API development. Start with basic requests and collections, then explore environments, tests, and mock servers as your needs grow.

For individuals, the free account is sufficient. For teams, consider the Basic or Professional plans for better collaboration and monitoring features.