1. Request

A request in Postman consists of a URL, method (GET, POST, PUT, PATCH, DELETE), headers, body, authentication, Scripts and parameters. This is what you send to an API to retrieve or modify data.

A) Request Method (HTTP methods) ✅

CyberHub

Send a request with the Postman API client | Postman Docs

B) Request URL 🌐

The Request URL is the full web address (Uniform Resource Locator) where the API server is hosted and where a particular resource can be accessed. It includes:

Base URL – the main address of the server.
Endpoint/Path – the specific API functionality/resource you want.
Optional Query Parameters – data you pass to filter or modify the request.

Example:

https://api.example.com/v1/users?role=admin

Part	Description
`https`	Protocol (secure HTTP)
`api.example.com`	Host/server address
`/v1/users`	API path/endpoint
`?role=admin`	Query parameter to filter users with role=admin

Structure of HTTP request in Postman | GeeksforGeeks

C) Authentication 🔐

Authentication proves who you are to the API. Without it, the server won't let you access or modify resources.

In Postman, you set authentication details in the Authorization tab or manually in the Headers tab.

1️⃣ API Key

A unique key provided by the API provider.
Sent in the header or as a query parameter.
Simple and widely used for basic access control.

Example (Header):
```
  x-api-key: your_api_key
```

2️⃣ Bearer Token

A secure token (usually from OAuth 2.0).
Sent in the Authorization header.
Common in modern APIs like GitHub, Firebase, etc.

Example:
```
  Authorization: Bearer your_token
```

3️⃣ Basic Authentication

Uses a username and password, base64 encoded.
Sent in the Authorization header.

Less secure unless used over HTTPS.

Example:

  Authorization: Basic base64(username:password)

4️⃣ OAuth 2.0

A token-based, secure method for user authorization.
Requires getting a token through an authorization server.
Used by Google, Facebook, GitHub for login and data access.

Types of Authentication for APIs. What are the types of Authentication… | by Pricilla Bilavendran | Medium

D) Headers 🔍

Headers are key-value pairs sent along with HTTP requests (and responses) that provide meta-information to the server and client.

They tell the server things like:

What type of data is being sent
What kind of response is expected
Authentication details
Caching, compression, and more

Configure headers for API requests in Postman | Postman Docs

E) Body 💯

The body is where you send data to the server, especially when you're:

Creating a new resource (POST)
Updating an existing one (PUT/PATCH)

Postman lets you format this body data in different ways, depending on the API requirements.

Send parameters and body data with API requests in Postman | Postman Docs

F) Params Tab 🎛️

Query parameters are key-value pairs added to the end of a URL to pass additional information to the server.

They are used mostly in GET requests, but sometimes in others as well.

🔗 Example URL with Query Parameters

https://api.example.com/users?role=admin&active=true

? starts the query parameters
role=admin is one parameter
&active=true is another

| KEY | VALUE | | --- | --- | | role | admin | | active | true |

⚠️ Important Notes:

Query parameters are part of the URL, not the body.
They are mostly used with GET requests.
Postman encodes values automatically (like spaces as %20).

G) Tests and Scripts ☑️

Tests (Post-request Scripts)

Used to validate the response after the request is sent.

🧾 Common uses:

Check response status codes
Validate JSON data or fields
Save values to environment variables
Automate test cases for CI/CD

Pre-request Scripts

Used to run code before the request is sent.

🧾 Common uses:

Generate dynamic tokens, timestamps, or UUIDs
Set environment or global variables
Modify headers or params dynamically

📌 Summary Table

Feature	Tests (Post-request Scripts)	Pre-request Scripts
Runs when?	After the request	Before the request
Purpose	Validate response	Generate/set data for request
Language	JavaScript	JavaScript
Common use	Check status code, response data	Create tokens, set variables dynamically
Location in Postman	Tests (Post-request) Script tab	Pre-request Script tab

H) Response Validation 🆗

1️⃣ Status Code Validation

When you make an API request, Postman lets you validate the response to ensure it's correct and expected. This includes checking:

✅ Status Code
📦 Response Body
📄 Response Headers

HTTP Status Codes With Explanations

2️⃣ Validate Response Body

You can validate:

Specific keys exist
Values are as expected
Arrays have items

🧪 Example:

let jsonData = pm.response.json();

// Check if key "name" exists
pm.test("Name field is present", function () {
    pm.expect(jsonData).to.have.property("name");
});

// Check if value is correct
pm.test("Name is Sakshi", function () {
    pm.expect(jsonData.name).to.eql("Sakshi");
});

3️⃣ Validate Response Headers

Headers contain info like content type, authorization, server name, etc.