Postman's been around forever and there's a reason. It's the fastest way to poke at an API and see what happens.
You could use curl. You could write test scripts. But Postman lets you build up a library of requests, save them, share them, and run them automatically. Once you've got it set up, testing takes seconds instead of minutes.
First Request
Open Postman. Create a new request. Enter this:
GET https://api.apiverve.com/v1/randomjoke
Add a header:
x-api-key: YOUR_API_KEY
Hit Send.
You just tested an API. Response shows up with syntax highlighting, timing info, headers — everything you'd want to know.
Collections
Random requests get lost. Collections keep them organized.
Create a collection called "My Project APIs." Every request you make goes in there. Group related requests into folders.
My Project APIs/
├── Auth/
│ └── Verify API Key
├── Users/
│ ├── List Users
│ ├── Get User
│ └── Create User
└── Email/
└── Validate Email
Now you can find that request you made three weeks ago.
Variables (Stop Hardcoding Things)
Hardcoded API keys and URLs get messy. Use variables instead.
Go to Environments → Create New. Add:
| Variable | Value |
|---|---|
| baseUrl | https://api.apiverve.com |
| apiKey | your_actual_key |
Now in your request:
GET {{baseUrl}}/v1/randomjoke
Header:
x-api-key: {{apiKey}}
Switch environments to switch between dev/staging/prod. Same requests, different targets.
Tests (Make Postman Do the Checking)
The Tests tab runs JavaScript after each request. Use it to verify responses automatically.
pm.test("Status is 200", () => {
pm.response.to.have.status(200);
});
pm.test("Response has data", () => {
const json = pm.response.json();
pm.expect(json).to.have.property('data');
});
pm.test("Response time OK", () => {
pm.expect(pm.response.responseTime).to.be.below(1000);
});
Green checkmarks mean it passed. Red means something's wrong. No manual checking needed.
Chaining Requests
Sometimes you need data from one request to use in another. Login returns a token, then you use that token for subsequent requests.
In the first request's Tests:
const token = pm.response.json().data.token;
pm.environment.set("authToken", token);
In subsequent requests, use {{authToken}} in headers.
Postman remembers variables between requests.
Pre-request Scripts
Code that runs before the request sends.
// Generate a unique email for testing
const email = `test_${Date.now()}@example.com`;
pm.environment.set("testEmail", email);
Now your request body can use {{testEmail}} and get a unique value every time.
Useful for: timestamps, random IDs, token refresh logic, generating test data.
Collection Runner
Right-click a collection or folder → Run Collection.
Postman executes every request in order, runs all tests, shows you what passed and failed.
Set iterations to run everything multiple times. Upload a CSV to run with different data each time.
Debugging When Things Break
Check the Console (View → Show Console). It shows the actual request that was sent, including resolved variables and full response.
Common issues:
401 Unauthorized → API key wrong or missing. Check the header.
400 Bad Request → Your JSON is malformed or missing required fields.
CORS error → You're running from the browser. Postman desktop doesn't have CORS restrictions.
Timeout → API is slow or down. Check if it works in a browser.
Pro tip: The Console shows you exactly what was sent. Compare it to what you thought you sent.
Importing and Exporting
Have a curl command? Click Import, paste it in. Postman converts it.
curl -X POST https://api.apiverve.com/v1/emailvalidator \
-H "x-api-key: xxx" \
-H "Content-Type: application/json" \
-d '{"email": "test@example.com"}'
Becomes a proper Postman request with headers and body already set.
Export collections as JSON to share with teammates or commit to your repo.
Keyboard Shortcuts Worth Learning
| Action | Shortcut |
|---|---|
| Send request | Cmd/Ctrl + Enter |
| New request | Cmd/Ctrl + N |
| Save | Cmd/Ctrl + S |
| Open console | Cmd/Ctrl + Alt + C |
The send shortcut alone saves hundreds of clicks.
API Testing Checklist
For each endpoint you're testing:
- [ ] Happy path works (valid input, expected response)
- [ ] Error handling works (invalid input returns proper error)
- [ ] Auth works (missing key returns 401)
- [ ] Rate limiting works (if applicable)
- [ ] Response time acceptable
Build a test for each. Run the collection before deploys.
That's Postman in practice. The free tier handles everything above. Once you're comfortable, look into Monitors (scheduled runs) and Newman (CLI runner for CI/CD).
Want APIs to practice with? Grab a free key and hit the email validator, IP lookup, or jokes API. Same auth pattern, different responses to inspect.
Originally published at APIVerve Blog
Top comments (0)