Postman: What is This API Testing Tool?

What is Postman?

Postman is an API development platform that started as a simple Chrome extension for testing HTTP requests and has become the reference tool for the entire API lifecycle. Available as a desktop application and a web version, Postman enables developers to send HTTP requests (GET, POST, PUT, DELETE, PATCH), inspect responses, manage variable environments, create organised request collections, and automate tests.

The tool is used by over 30 million developers worldwide and has established itself as a de facto standard in backend development. At KERN-IT, every developer uses Postman daily to test Django REST Framework endpoints, verify JSON payloads, and validate authentication workflows for the APIs they develop.

Beyond simple request testing, Postman offers advanced features: collections organise requests by project or feature, environments manage context-specific variables (development, staging, production), test scripts automate response validation, and monitors track API availability in production.

Why Postman Matters

In a modern software architecture where APIs are at the heart of inter-system communication, having a robust tool to develop and test them is crucial.

• Productivity gains: manually testing an API with curl or scripts is tedious and error-prone. Postman offers an intuitive interface for building and executing requests in a few clicks, with syntax highlighting and automatic JSON response formatting.
• Living documentation: Postman collections serve as interactive API documentation. Each request includes its description, parameters, and response examples, creating documentation that is always synchronised with the actual implementation.
• Team collaboration: shared workspaces allow team members to work on the same collections, share environments, and synchronise changes in real time.
• Automated testing: pre-request scripts and test scripts in JavaScript enable creating comprehensive test suites that validate return codes, response structures, and business rules.
• CI/CD integration: Newman, Postman's command-line companion, allows running test collections in a GitHub Actions pipeline, ensuring that each deployment does not break existing APIs.

How It Works

Postman is organised around several key concepts. Requests are the basic unit: each defines an HTTP method, a URL, headers, a body, and parameters. Collections group requests logically, by API or by feature. Environments store variables (base URL, authentication tokens, credentials) that can be switched from one context to another without modifying the requests.

When sending a request, Postman displays the complete response: HTTP code, headers, formatted body (JSON, XML, HTML), response time, and size. Cookies are automatically managed, and redirects are followed as a browser would.

Test scripts, written in JavaScript, execute after each request. They can verify the status code, validate JSON structure with schemas, extract values for injection into subsequent requests (chaining), and write complex assertions. The Collection Runner executes an entire collection sequentially, simulating a complete API usage workflow.

Mock Servers reproduce the behaviour of an API that does not yet exist, enabling the frontend to start development in parallel with the backend. Monitors periodically execute collections to track production API availability and performance.

Concrete Example

At KERN-IT, when a backend developer creates a new Django REST Framework API for a client project, the first step after implementation is creating a dedicated Postman collection. For an invoice management module, for example, the collection will contain requests to create an invoice (POST), list invoices (GET with pagination and filters), retrieve details (GET by ID), update (PUT/PATCH), and delete (DELETE).

Each request includes automated tests: verifying a 201 code after creation, validating the response JSON schema, verifying that filters return correct results, and checking permissions (an unauthorised user should receive a 403). The Postman environment manages JWT authentication tokens with a pre-request script that automatically renews them.

The collection is then shared in the team workspace and integrated into the CI/CD pipeline via Newman. On every push to GitHub, Postman tests run automatically, ensuring that modifications have not broken existing endpoints.

Implementation

1. Organise collections: create one collection per API or per functional module, with folders to group requests by resource (users, invoices, products).
2. Configure environments: define at minimum three environments (local, staging, production) with corresponding variables (base URL, credentials, tokens).
3. Write tests: for each request, add tests verifying status code, response structure, and business rules. Use JSON schemas for structural validation.
4. Automate authentication: use pre-request scripts to automatically manage authentication tokens (login, refresh, header injection).
5. Share with the team: set up a team workspace, invite members, and establish naming conventions for collections and requests.
6. Integrate with CI/CD: install Newman in the GitHub Actions pipeline to execute Postman tests on every push or pull request.

Associated Technologies and Tools

• Newman: command-line tool that runs Postman collections, ideal for CI/CD integration.
• Django REST Framework: Python framework for building the REST APIs tested with Postman in KERN-IT projects.
• Swagger / OpenAPI: API specifications importable into Postman to automatically generate collections.
• GitHub Actions: CI/CD pipeline that runs Newman tests on every code change.
• cURL: command-line alternative for one-off requests, often used alongside Postman.
• Insomnia: open-source alternative to Postman, with a similar interface but a different pricing model.

Conclusion

Postman is an essential tool for any developer working with APIs. By combining ease of use, advanced testing features, and collaboration capabilities, it accelerates development, improves quality, and creates living API documentation. At KERN-IT, Postman is an integral part of our daily workflow: every Django API we develop is accompanied by a complete Postman collection, tested and shared with the team. It is a minimal time investment that yields enormous returns in reliability and productivity over the long term.