Postman for QA Engineers: From First Request to API Test Suite

Postman's Tests tab runs JavaScript assertions against every response, and pm.environment.set() there is what chains requests together: a login request saves its token to the environment, and every subsequent request in the collection picks it up automatically. Without that pattern, you're copying tokens between requests by hand on every run. This article covers sending your first request, writing pm.test assertions, environment variables for switching between local and staging, request chaining, pre-request scripts for unique test data, and running collections in CI with Newman.

What Is Postman?

Postman is a GUI tool for making HTTP requests. Instead of writing curl commands or code, you fill in a URL, pick a method (GET, POST, etc.), and hit Send. You see the response immediately.

Beyond simple requests, Postman lets you:

Write test assertions in JavaScript
Chain requests (use the response from request A in request B)
Run collections of requests automatically
Share collections with teammates
Generate API documentation

Setting Up

1. Download from postman.com

2. Create a free account (needed for syncing and collaboration)

3. Open the app — you'll see a workspace with a request editor

Your First Request

GET request:

1. Click the + tab to open a new request

2. Keep method as GET

3. Enter URL: https://jsonplaceholder.typicode.com/users

4. Click Send

You get back a JSON array of 10 users. That's it — you just made an API request.

Parts of the response panel:

Body — the actual data returned
Status — HTTP status code (200 OK, 404 Not Found, etc.)
Time — how long the request took
Size — response size in bytes

Collections and Folders

Collections are how you organize requests. Think of them like folders for API calls.

Create a collection:

1. Click Collections in the left sidebar

2. Click + → New Collection

3. Name it (e.g., "BecomeQA API Tests")

Add a request to a collection:

1. Open a request tab

2. Click Save → choose your collection

3. Name the request (e.g., "Get all users")

Organize with folders:

Auth/ — login, logout, refresh token
Users/ — CRUD operations
Products/ — product management

Environment Variables

Hardcoding URLs and tokens makes collections brittle. Use environment variables instead.

Create an environment:

1. Click Environments in the left sidebar

2. Click + → New Environment

3. Name it "Local" or "Staging"

4. Add variables:

| Variable | Value |

|----------|-------|

| baseUrl | http://localhost:3000 |

| userEmail | admin@test.com |

| userPassword | AdminPass1 |

| authToken | (leave empty — filled by login request) |

Use variables in requests:

{{baseUrl}}/api/users

The {{variableName}} syntax substitutes the value at runtime.

Authentication

Most APIs require authentication. The common flow: login first, get a token, use it in subsequent requests.

Login request:

Method: POST
URL: {{baseUrl}}/api/auth/login
Body (JSON):

{
  "email": "{{userEmail}}",
  "password": "{{userPassword}}"
}

Save the token automatically:

In the login request's Tests tab (JavaScript):

const response = pm.response.json();
pm.environment.set('authToken', response.token);

Now whenever you run the login request, the token is saved to your environment.

Use the token in other requests:

In the request's Authorization tab:

Type: Bearer Token
Token: {{authToken}}

Or in the Headers tab:

Authorization: Bearer {{authToken}}

Writing Tests

The Tests tab in each request lets you write JavaScript assertions. Postman provides pm (Postman) object with everything you need.

Status code checks

pm.test('Status is 200', function() {
  pm.response.to.have.status(200);
});

pm.test('Status is 201 Created', function() {
  pm.response.to.have.status(201);
});

Response body checks

pm.test('Response has user object', function() {
  const body = pm.response.json();
  pm.expect(body).to.have.property('id');
  pm.expect(body).to.have.property('email');
  pm.expect(body.role).to.equal('member');
});

Array response

pm.test('Returns array of users', function() {
  const users = pm.response.json();
  pm.expect(users).to.be.an('array');
  pm.expect(users.length).to.be.greaterThan(0);
});

pm.test('Each user has required fields', function() {
  const users = pm.response.json();
  users.forEach(user => {
    pm.expect(user).to.have.property('id');
    pm.expect(user).to.have.property('email');
  });
});

Response time

pm.test('Response time under 500ms', function() {
  pm.expect(pm.response.responseTime).to.be.below(500);
});

Response headers

pm.test('Content-Type is JSON', function() {
  pm.response.to.have.header('Content-Type', 'application/json; charset=utf-8');
});

Pre-request Scripts

Pre-request scripts run BEFORE the request is sent. Useful for generating dynamic data.

// Generate unique email for each run
const email = `test_${Date.now()}@example.com`;
pm.environment.set('testEmail', email);
pm.environment.set('testPassword', 'ValidPass1');

Now your request body can use {{testEmail}}:

{
  "email": "{{testEmail}}",
  "password": "{{testPassword}}"
}

Request Chaining

Using the output of one request as input to the next.

Request 1: Create a user

Tests tab:

const user = pm.response.json();
pm.environment.set('createdUserId', user.id);

Request 2: Get that user

URL: {{baseUrl}}/api/users/{{createdUserId}}

Postman fills in the ID from the previous request automatically.

Request 3: Delete that user

URL: {{baseUrl}}/api/users/{{createdUserId}}

Method: DELETE

Running Collections

Collection Runner runs all requests in a collection automatically.

1. Click your collection → Run collection

2. Choose the environment (Local, Staging, etc.)

3. Set iterations (how many times to run)

4. Click Run [Collection Name]

You see results: pass/fail for each test in each request.

Newman — Postman CLI

Newman runs Postman collections from the command line. Needed for CI pipelines.

Install:

npm install -g newman

Export your collection:

Collection → three dots → Export → save as api-tests.json

Export your environment:

Environments → three dots → Export → save as local-env.json

Run:

newman run api-tests.json -e local-env.json

With HTML report:

newman run api-tests.json -e local-env.json --reporters html --reporter-html-export results.html

A Realistic Test Workflow

Here's how a QA engineer uses Postman on a real project:

1. Explore the API first

Send requests manually, read the responses
Figure out authentication flow
Understand what data each endpoint returns

2. Build a collection

Auth folder: Login, Logout, Refresh
Users folder: Create, Get, Update, Delete
Negative cases: invalid login, unauthorized access

3. Add tests to each request

Status code assertions
Required fields in response
Business logic (role is correct, timestamps are present)

4. Set up environments

Local: http://localhost:3000
Staging: https://staging.myapp.com
Production: https://myapp.com (read-only tests only)

5. Run in CI with Newman

Export collection + environment
Add newman run to your pipeline
Parse JUnit output for test results

Postman vs Playwright API Testing

| | Postman | Playwright API Testing |

|---|---------|----------------------|

| Learning curve | Lower | Higher (code) |

| CI integration | Newman CLI | Native |

| Code reuse | Limited | Full TypeScript |

| UI + API combined | No | Yes |

| Team sharing | Postman cloud | Git |

For simple API exploration and manual testing: Postman.

For automated regression suites that share code with UI tests: Playwright.

Many teams use both — Postman for exploration and documentation, Playwright for automated regression.

Summary

Collections organize related requests into a test suite
Environments let you switch between local/staging/production
Pre-request scripts generate dynamic test data
Tests tab runs JavaScript assertions against responses
Request chaining passes data between requests
Newman CLI runs collections in CI pipelines

Start with manual exploration in Postman, then add tests to each request. Within an afternoon you can have a collection that covers your entire API — runnable manually or in CI.