API Testing using Postman: Understanding HTTP Methods and Authentication

In this video we are going to discuss about various HTTP methods which are used in Postman tool to perform API testing for client & server. Also, we will study different authentications.

Overview of Tutorial

From 00:33 he explains that what are HTTP methods, its status codes & authentication. What are basics of cookies and practical HTTP methods covered in Postman tool? How http works and what is HTTP, its status code and errors of HTTP.

HyperText Transfer Protocol(HTTP)

At 00:37 he explains HTTP is a transfer’s protocol for server and client. Further talking about certain HTTP methods where one can do certain request in postman especially using GET, PUT, and POST requests. He further talks about server and client that how the information is shared between two. As, per him HTTP is pull protocol which pulls information from the server.

It’s a stateless protocol as client after sending request it forgets what request was made once responding to the request. At 2:40 he explains URL (http://domain.com) consists of different type of entities, first one is HTTP as it’s a protocol and we are using it. While on the other hand its https which is the example of secure protocol. Second is host which is domain name or IP and third one is resource path.

Types of HTTP methods

At 04:05 he explains that there are various HTTP methods. To understand method one should have hands on experience. Various methods are GET, HEAD, PUT, POST, DELETE, TRACE, CONNECT and OPTIONS. Another important thing about hypertext protocol is that whenever we make request the serves responds by status code.

There are about 100 of informational messages, 300series redirection, 400 series are client errors. Most of the time you have encountered 404 errors these are certain status code of HTTP. At 6.40 he starts demo of HTTP traffic. He explains further; go to network tab and refresh than move to header section. It shows request URL and protocol we are using is HTTP.

Here GET method is used and it’s showing 301 errors which is redirection error. Basically when a request is send request header is used and response is received through server. At 10:24 he goes to test another URL of facebook and see different GET request & responses.

POST REQUEST Method

At11.15 he discusses about POST Request POST request is made when we want to create something most of the request is POST request. Now he gave the example of POST Request. We open postman dashboard and open any URL and send request we receive response in JSON which is actually key value Pair. There is syntax form POST response.

Then he explains to create collection and create request in collection. If make empty POST request postman will create empty id and shows error. If we insert any name in request we will receive response in 201 which means user ID created. At 17:21 he talks about creating new environment in Postman, can use URL as variable and initial value as same. Then click on the add tab to create environment. In this way this variable can be used as request.

Adding Parameters & Authorization

At 19:25 he talks about passing parameters. At sometimes server facilitate it, and most of the time we need to support server. This server we discuss here need authentication to create username. If we do not do authorization than there will be errors.

If we set username & password it will go to the headers and can be added. We can specify to accept JSON request or anyone. We can set Sign up form. For this we need to add key values pair with values and create resources. GraphQL are discussed before. That’s how parameters added and POST request.

PUT & other REQUEST Methods

At 21:25 he gave explanation how PUT request is made. Similar to POST request he duplicates the data from dashboard of postman. After that go to the URL and we can insert our response. He talks about PATCH request which is used to change name, can send request and it will change the name value only.

Further he explains that duplicate the request data and just mentioned delete the user. These are important functions and we can create HEAD request also. We can change GET request to HEAD request. Only header information can be utilized. At 25:03 he explains that there are some requests like Lock unlock and view which are rarely used. Almost HTTPS methods are covered as of now.

Authentication & its types

25:17 he explains about authentication that it is a process in which credentials are compared against the file in database of authorized users’ information on a local operating system or within authentication servers.

At 26:32 he explains different types of authentication that are HTTP digest and form based authentication. He explains further that digest type is the one in which password in an ENCRYPTED form which is more secure than the simple base64 encoding used in basic authentication. While the other type which is based form authentication login form should have fields to enter username and password.

At 28:12 he explains that sometime OAuthen1.0 or OAuthen2.0 is used by Twitter to authorize the user. Then he explains on the dashboard of postman for these authentications. At the end he suggests to visit scrolltest.com and watch how to handle authentication there. In this link he have discussed in complete detail of the authentication related to postman. Moving forward he talks about cookies which are used to identify clients. It can be used to authentication but it has incompatibility with https while on the other hand token can be used for authorization.

Learning Outcome: We have learned about various HTTP methods, different requests, authorizations and handling cookies.

Was this article helpful?
Dislike 0
Views: 14
Back to top button