Postman – API Development and Testing Platform

What is Postman?

Postman is a comprehensive API development platform that simplifies every stage of the API lifecycle—from design and testing to documentation and monitoring. Originally created as a Chrome extension for testing REST APIs, Postman has evolved into a full-featured platform used by millions of developers worldwide to build, test, and collaborate on API development.

The platform provides an intuitive interface for constructing HTTP requests, examining responses, and automating test workflows. Developers can create collections of API requests, write test scripts, mock servers, generate documentation, and monitor API performance—all within a unified environment that supports individual developers and large teams alike.

Postman has become an essential tool in modern software development, where APIs form the backbone of application architecture. Whether you’re developing RESTful services, GraphQL endpoints, WebSocket connections, or SOAP services, Postman provides the tools needed to ensure API quality and reliability.

Key Features and Capabilities

Request Builder

Postman’s request builder provides a visual interface for constructing API requests of any complexity. Support for all HTTP methods (GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD), custom headers, query parameters, request body types, and authentication schemes makes it easy to interact with any API.

The interface displays response data in formatted views including Pretty, Raw, and Preview modes, with support for JSON, XML, HTML, and other content types. Response headers, cookies, and timing information provide comprehensive insight into API behavior.

Collections

Collections organize related API requests into logical groups, enabling developers to structure their work by project, feature, or workflow. Collections support folder hierarchies, shared variables, pre-request scripts, and tests that apply to all contained requests.

Collection runners execute multiple requests in sequence, enabling automated testing workflows. Variables can be passed between requests, simulating real-world usage patterns and multi-step processes.

Environment Variables

Environments store variables that customize request behavior across different contexts—development, staging, production, or different API versions. Switching environments instantly updates all variable references throughout collections, eliminating manual URL and credential changes.

Testing and Automation

Postman’s built-in testing framework uses JavaScript to validate API responses. Tests can verify status codes, response times, data structure, and content. Test results aggregate across collection runs, providing quality metrics and regression detection.

Mock Servers

Mock servers simulate API endpoints based on saved examples, enabling frontend development before backend completion. Teams can define expected responses and share mock servers, allowing parallel development without waiting for actual API implementation.

API Documentation

Postman automatically generates interactive documentation from collections. Published documentation includes request details, example responses, and a “Run in Postman” button that imports the collection directly. Documentation stays synchronized with collection changes.

Monitors

API monitors schedule collection runs at regular intervals, continuously verifying API health and performance. Alerts notify teams of failures or performance degradation, enabling proactive incident response.

System Requirements

Desktop Application

Postman desktop runs on Windows 10 or later (64-bit), macOS 10.13 or later, and Linux distributions with libgconf support. The application requires approximately 300 MB of disk space and 4 GB RAM minimum, with 8 GB recommended for large collections.

Web Application

The Postman web interface works in modern browsers and provides most desktop features. Some advanced features like intercepting browser requests require the desktop application.

Installation Guide

Installing on Windows

Install Postman on Windows using the official installer or package managers:

# Download from official website
# https://www.postman.com/downloads/

# Install using Chocolatey
choco install postman

# Install using Winget
winget install Postman.Postman

# Install using Scoop
scoop bucket add extras
scoop install postman

Installing on macOS

Install Postman on macOS:

# Install using Homebrew
brew install --cask postman

# Download from official website
# https://www.postman.com/downloads/

# Or download from Mac App Store

Installing on Linux

Install Postman on Linux distributions:

# Install using Snap (recommended)
sudo snap install postman

# Manual installation
wget https://dl.pstmn.io/download/latest/linux64 -O postman-linux-x64.tar.gz
sudo tar -xzf postman-linux-x64.tar.gz -C /opt
sudo ln -s /opt/Postman/Postman /usr/local/bin/postman

# Create desktop entry
cat > ~/.local/share/applications/postman.desktop << EOF
[Desktop Entry]
Type=Application
Name=Postman
Icon=/opt/Postman/app/resources/app/assets/icon.png
Exec=/opt/Postman/Postman
Categories=Development;
EOF

# Arch Linux (AUR)
yay -S postman-bin

Getting Started with Postman

Creating Your First Request

Launch Postman and click "New" to create a request. Select the HTTP method, enter the URL, and click "Send" to execute the request:

Example GET Request:
Method: GET
URL: https://jsonplaceholder.typicode.com/posts/1

Example POST Request:
Method: POST
URL: https://jsonplaceholder.typicode.com/posts
Headers:
  Content-Type: application/json
Body (raw JSON):
{
  "title": "Test Post",
  "body": "This is test content",
  "userId": 1
}

Understanding the Interface

Request Panel:
- Method selector (GET, POST, PUT, etc.)
- URL bar with variable support
- Params tab (query parameters)
- Authorization tab
- Headers tab
- Body tab (form-data, x-www-form-urlencoded, raw, binary, GraphQL)
- Pre-request Script tab
- Tests tab
- Settings tab

Response Panel:
- Body (Pretty, Raw, Preview)
- Cookies
- Headers
- Test Results
- Response time and size

Essential Keyboard Shortcuts

General Navigation

Ctrl/Cmd + N          - New tab
Ctrl/Cmd + T          - New tab
Ctrl/Cmd + W          - Close tab
Ctrl/Cmd + S          - Save request
Ctrl/Cmd + Shift + S  - Save request as
Ctrl/Cmd + Enter      - Send request
Ctrl/Cmd + Alt + C    - Open console
Ctrl/Cmd + ,          - Open settings
Ctrl/Cmd + /          - Show keyboard shortcuts

Request Building

Ctrl/Cmd + L          - Focus URL bar
Ctrl/Cmd + B          - Toggle sidebar
Ctrl/Cmd + Shift + P  - Find and replace
Ctrl/Cmd + O          - Open request
Ctrl/Cmd + E          - Select environment
Ctrl/Cmd + Alt + E    - Open environment quick look

Collection Operations

Ctrl/Cmd + Shift + N  - New collection
Ctrl/Cmd + Shift + F  - New folder
Ctrl/Cmd + D          - Duplicate request
Alt + Click           - Select multiple items

Working with Variables

Variable Types

Global Variables:
- Available across all workspaces
- Set: pm.globals.set("varName", "value")
- Get: pm.globals.get("varName")
- Use: {{varName}}

Environment Variables:
- Scoped to selected environment
- Set: pm.environment.set("varName", "value")
- Get: pm.environment.get("varName")
- Use: {{varName}}

Collection Variables:
- Scoped to collection
- Set: pm.collectionVariables.set("varName", "value")
- Get: pm.collectionVariables.get("varName")

Local Variables:
- Scoped to single request execution
- Set: pm.variables.set("varName", "value")
- Get: pm.variables.get("varName")

Data Variables:
- From external data files (CSV, JSON)
- Use: {{varName}}

Variable Priority (highest to lowest)

1. Local variables
2. Data variables
3. Environment variables
4. Collection variables
5. Global variables

Dynamic Variables

{{$guid}}        - UUID v4 string
{{$timestamp}}   - Current Unix timestamp
{{$isoTimestamp}} - ISO 8601 timestamp
{{$randomInt}}   - Random integer 0-1000
{{$randomUUID}}  - Random UUID
{{$randomAlphaNumeric}} - Random alphanumeric character
{{$randomBoolean}} - Random boolean
{{$randomEmail}} - Random email address
{{$randomUserName}} - Random username
{{$randomFirstName}} - Random first name
{{$randomLastName}} - Random last name
{{$randomCity}}  - Random city name
{{$randomCountry}} - Random country name

Writing Tests

Basic Test Structure

// Test status code
pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

// Test response time
pm.test("Response time is less than 500ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

// Test headers
pm.test("Content-Type is JSON", function () {
    pm.response.to.have.header("Content-Type", "application/json");
});

// Test JSON response
pm.test("Response has required fields", function () {
    const jsonData = pm.response.json();
    pm.expect(jsonData).to.have.property("id");
    pm.expect(jsonData).to.have.property("title");
    pm.expect(jsonData.id).to.be.a("number");
});

Advanced Test Patterns

// Test array responses
pm.test("All items have required properties", function () {
    const jsonData = pm.response.json();
    jsonData.forEach(function(item) {
        pm.expect(item).to.have.property("id");
        pm.expect(item).to.have.property("name");
    });
});

// Test against JSON schema
const schema = {
    "type": "object",
    "properties": {
        "id": { "type": "integer" },
        "title": { "type": "string" },
        "completed": { "type": "boolean" }
    },
    "required": ["id", "title"]
};

pm.test("Schema is valid", function () {
    pm.response.to.have.jsonSchema(schema);
});

// Chain requests using variables
const jsonData = pm.response.json();
pm.environment.set("userId", jsonData.id);

// Conditional tests
if (pm.response.code === 200) {
    pm.test("Success response structure", function () {
        const jsonData = pm.response.json();
        pm.expect(jsonData.success).to.be.true;
    });
} else {
    pm.test("Error response structure", function () {
        const jsonData = pm.response.json();
        pm.expect(jsonData.error).to.exist;
    });
}

Pre-request Scripts

Common Use Cases

// Generate timestamp
pm.environment.set("timestamp", Date.now());

// Generate random data
pm.environment.set("randomEmail", 
    `test${Math.floor(Math.random() * 10000)}@example.com`);

// Calculate signature
const crypto = require('crypto-js');
const timestamp = Date.now().toString();
const signature = crypto.HmacSHA256(timestamp, pm.environment.get("apiSecret"));
pm.environment.set("signature", signature.toString());

// Get OAuth token (simplified)
pm.sendRequest({
    url: pm.environment.get("authUrl"),
    method: 'POST',
    header: {
        'Content-Type': 'application/json'
    },
    body: {
        mode: 'raw',
        raw: JSON.stringify({
            client_id: pm.environment.get("clientId"),
            client_secret: pm.environment.get("clientSecret"),
            grant_type: 'client_credentials'
        })
    }
}, function (err, res) {
    pm.environment.set("accessToken", res.json().access_token);
});

Authentication Methods

Supported Auth Types

API Key:
- Add to header or query parameter
- Key: X-API-Key, Value: your_api_key

Bearer Token:
- Header: Authorization: Bearer your_token

Basic Auth:
- Username and password encoded in Base64
- Header: Authorization: Basic base64(user:pass)

OAuth 2.0:
- Authorization Code
- Implicit
- Client Credentials
- Password Credentials
- Supports PKCE

OAuth 1.0:
- Consumer key/secret
- Token/Token secret
- Signature methods: HMAC-SHA1, RSA-SHA1, PLAINTEXT

AWS Signature:
- Access Key / Secret Key
- Region and Service

Digest Auth:
- Username/Password with digest authentication

NTLM Auth:
- Windows authentication

Hawk Auth:
- Hawk authentication scheme

Akamai EdgeGrid:
- Akamai API authentication

Collection Runner and Newman

Collection Runner

Collection Runner Options:
- Environment selection
- Iteration count
- Delay between requests
- Data file (CSV/JSON)
- Keep variable values
- Run order
- Save responses

Newman CLI

# Install Newman
npm install -g newman

# Run collection
newman run collection.json

# Run with environment
newman run collection.json -e environment.json

# Run with iterations
newman run collection.json -n 10

# Run with data file
newman run collection.json -d data.csv

# Generate HTML report
npm install -g newman-reporter-html
newman run collection.json -r html --reporter-html-export report.html

# Generate JUnit report for CI/CD
newman run collection.json -r junit --reporter-junit-export results.xml

# Combine reporters
newman run collection.json -r cli,html,junit

# Set environment variables
newman run collection.json --env-var "baseUrl=https://api.example.com"

# Bail on first failure
newman run collection.json --bail

Mock Servers

Creating Mock Servers

Setup Steps:
1. Create collection with requests
2. Add example responses to requests
3. Create mock server from collection
4. Use mock URL in requests

Example Configuration:
- Request: GET /users/1
- Example Response:
  Status: 200
  Body: {
    "id": 1,
    "name": "John Doe",
    "email": "john@example.com"
  }

Mock URL format:
https://{{mockId}}.mock.pstmn.io/users/1

API Documentation

Generating Documentation

Documentation Includes:
- Request descriptions
- Parameter details
- Example requests/responses
- Authentication requirements
- "Run in Postman" button

Markdown Support:
- Headers
- Code blocks
- Lists
- Links
- Images
- Tables

Postman Pricing

Free Plan

Includes unlimited collections, collaboration for up to 3 users, 1,000 API calls/month for mock servers and monitors, basic integrations, and public documentation.

Basic Plan

At $14/user/month, adds unlimited API calls, role-based access, external integrations, and audit logs.

Professional Plan

At $29/user/month, includes advanced roles, private API Network, 24/7 support, and custom domains for documentation.

Enterprise Plan

Custom pricing provides SSO/SAML, advanced audit logs, dedicated support, and custom integrations.

Best Practices

Organization

Collection Structure:
??? Project Name
?   ??? Authentication
?   ?   ??? Login
?   ?   ??? Refresh Token
?   ?   ??? Logout
?   ??? Users
?   ?   ??? Get All Users
?   ?   ??? Get User by ID
?   ?   ??? Create User
?   ?   ??? Update User
?   ?   ??? Delete User
?   ??? Products
?       ??? List Products
?       ??? Get Product

Testing Strategy

Test Categories:
1. Status code verification
2. Response time validation
3. Schema validation
4. Data integrity checks
5. Business logic validation
6. Error handling verification
7. Security tests

Conclusion

Postman has become indispensable for API development, providing comprehensive tools that span the entire API lifecycle. From simple request testing to complex automated workflows, its intuitive interface and powerful features serve developers at all skill levels.

The platform's collaboration features, documentation generation, and CI/CD integration through Newman make it equally valuable for individual developers and enterprise teams. Whether you're exploring a new API, developing robust test suites, or maintaining API documentation, Postman provides the tools to work efficiently and effectively.