Hello Raghav, I have followed your full tutorial on Postman and found all of the videos extremely helpful. I appreciate your time and effort in producing such excellent content!!
Hi Raghav, your entire Postman playlist is very clear, well presented and well structured. Thank you very much for all the effort you put into this. You are amazing!!
Dear Raghav, I have just completed your Postman Begginer Tutorial 2022. It was very good practice for me to update myself on Postman. All informations are extremely helpful. I appreciate your time. May God love you and make you happy My Man.
Hi Raghav, your Postman API testing tutorial is wonderful for a novice like me.Thank you so much. I believe it was for REST. I have a request. Can you please make a video on definitions and difference between SOAP and REST and when to use what with examples for a novice in simple layman terms ?
Big fan here, Sir your video on roadmap to DevOps is very good. Mickey & Minnie series is very good. Sir want to go in BigData & data science, please guide me on roadmap of big data. I have seen many videos but no one explain better than you. Please guide me on Bigdata and data science roadmap and tools. Thankyou for being such a great explainer. Sir i am waiting for your reply 😇 i know you will help me.
Hi raghav, first of all, thanks for your tutorials on Postman. I liked and learnt all session in this Playlist - till 14 videos. Where can I find next set of videos in this series? Thank you..
Hi Sir, Thanks for API tutorial it is very helpful for a beginner like me in this season, and I am still very curious about what kind of project to work on using Postman then I can post in my portfolio
Hello @RaghavPal, Thanks for the Tutorials. I became Ekalavya to your Tutorials 🙂... Can you please Add API performance testing using postman to the same series.. Also please add the latest options / features that are newly added eBPF-based API discovery and API monitoring capabilities to the Postman API Platform.
[18-Feb-2024 00:00 IST, Sunday] Hello @Raghav sir, I have been watching through all the videos of this series. You are undeniably an excellent trainer. Sometimes, I feel, won't it be more engaging if you show all this using some real examples of any site? Isn't is possible? Like if we talk about authorization, it can be performed on some (dummy) eCommerce site. That would be more engaging, interactive & relatable. What do you think, sir ? Thanks again !
Hi Raghav, thanks for your sessions. All are simple explained and understandable, in my postman recently downloaded i did not find test option along with body, what to do
Hi Sir, the playlist is really awesome. One small testing like take response and capture Some id as variable and store it and use and id to other request,if you add that as well,it will be beautiful.
Deva I will plan to create a video on this. For now let's break down the problem into smaller steps to help you run performance tests of your Postman collections through release pipelines. Step 1: Understand the Requirements * You have a Postman collection with API requests. * You want to run performance tests on this collection. * You want to integrate these performance tests into your release pipelines. Step 2: Choose a Performance Testing Tool * Postman has a built-in feature called "Postman Sandbox" that allows you to write and run JavaScript code to test API performance. However, it's limited in its capabilities. * Popular alternatives for performance testing include: + Newman (a command-line collection runner for Postman) + JMeter (a widely-used open-source performance testing tool) + Gatling (a commercial performance testing tool with a free trial) + Artillery (a modern, open-source performance testing tool) For this example, let's choose Newman as our performance testing tool. Step 3: Install Newman * Install Newman using npm (Node Package Manager) by running the following command: ``` npm install -g newman ``` This will install Newman globally on your system. Step 4: Create a Performance Test Script * Create a new JavaScript file (e.g., `performance-test.js`) that will contain your performance test script. * In this script, use Newman's API to run your Postman collection and measure performance metrics such as response times, throughput, and error rates. Here's an example script to get you started: ```javascript const newman = require('newman'); // Set the collection to run const collection = 'path/to/your/postman/collection.json'; // Set the environment to run against const environment = 'path/to/your/postman/environment.json'; // Run the collection and measure performance newman.run({ collection: collection, environment: environment, iterationCount: 10, // Run the collection 10 times delayBetweenIterations: 1000 // Wait 1 second between iterations }, (err, summary) => { if (err) { console.error(err); } else { console.log(`Summary: ${summary}`); } }); ``` Step 5: Integrate with Release Pipelines * You'll need to integrate your performance test script with your release pipelines. The exact steps will vary depending on your pipeline tool (e.g., Azure DevOps, Jenkins, CircleCI). --
@@RaghavPal Thank you for your reply. I've a doubt here... Where to specify the number of users, ramp-up and ramp-down time. Kindly let me know please.
Hi Raghav , i have one general query , I'm an tester with experience in both selenium automation and manual , which are the masters related to automation , do you have any suggestions that we can take for masters in field od testing .
Hi Raghav! I like the crisp and clear instructions in your structured videos. Very grateful if you can plan a session on Azure IoT hub and how to test them?
Navneet To set a common Bearer Token and Base URL for a single collection in Postman, you have a few options: 1. Collection Variables: - Create a collection variable for the Bearer Token and Base URL. - In your collection, go to the Variables tab. - Define the following variables: - `tokenBaseURL`: Set this to the base URL for your authentication service. - `authData`: If your auth service requires specific data, add it here as a JSON object. - Now, your requests within the collection can reference these variables. 2. Pre-request Script: - You can use a pre-request script at the collection level to set environment variables dynamically. - Here's an example of how to set the Bearer Token using a script: ```javascript pm.sendRequest({ url: 'YourURL', method: 'POST', header: { 'content-type': 'application/json' }, body: { mode: 'raw', raw: JSON.stringify({ // YOUR PARAM TO CREATE THE TOKEN IF NEEDED }) } }, (err, res) => { pm.collectionVariables.set('TOKEN', res.json().accessToken); }); ``` 3. Environment Variables: - Create a new environment or use an existing one. - Add environment variables for the Bearer Token and Base URL. - Set the values accordingly. Remember to choose the approach that best fits your project requirements and workflow -
To add a next page token for OAuth 2.0 in Postman, you can do the following: 1. Open the Postman request that you want to add the next page token to. 2. Click the **Authorization** tab. 3. Select **OAuth 2.0** from the **Type** dropdown list. 4. In the **Authorization Data** section, click the **Add** button. 5. In the **Type** dropdown list, select **Bearer Token**. 6. In the **Token** field, enter the next page token. 7. Click the **Save** button. Here is an example of how to add a next page token for OAuth 2.0 in Postman: ``` Request: api.example.com/users?page=1 Authorization: Type: OAuth 2.0 Authorization Data: Type: Bearer Token Token: YOUR_NEXT_PAGE_TOKEN ``` Once you have added the next page token to the request, you can send the request and Postman will automatically include the next page token in the request header. Here are some additional tips for using next page tokens in Postman: * You can get a next page token by sending a request to the API endpoint that you are using. The next page token will be returned in the response header. * You can save next page tokens to variables in Postman. This will allow you to easily reuse next page tokens in different requests. * You can use the `pm.response.headers.get('next-page-token')` Postman function to get the next page token from the response header. I hope this helps
Hi , you given the token at environment level and given the variable in the request . Here my question is if my token expire in 5 mins but my collection or testcase will be running more than 5 mins then my token will be invalid so how to get the token at run time from the response without copying it manually .
Shilpa There are two ways to get a token at runtime from the response without copying it manually in Postman: 1. **Use a pre-request script:** You can use a pre-request script to extract the token from the response and store it in a variable. This variable can then be used in subsequent requests in your collection. For example, the following pre-request script will extract the token from the response and store it in a variable called `token`: ```javascript // Get the token from the response var token = pm.response.json().access_token; // Store the token in a variable pm.environment.set("token", token); ``` Once you have stored the token in a variable, you can use it in subsequent requests in your collection by referencing the variable name. For example, the following request will use the `token` variable to authenticate the request: ``` Authorization: Bearer {{token}} ``` 2. **Use a test script:** You can also use a test script to extract the token from the response and store it in a variable. This variable can then be used in subsequent requests in your collection, or to validate the response. For example, the following test script will extract the token from the response and store it in a variable called `token`: ```javascript // Get the token from the response var token = pm.response.json().access_token; // Store the token in a variable pm.environment.set("token", token); // Validate that the token is not empty pm.test("Token is not empty", function() { pm.expect(token).to.not.be.empty; }); ``` Once you have stored the token in a variable, you can use it in subsequent requests in your collection, or to validate the response. Which method you use to get a token at runtime from the response will depend on your specific needs. If you need to use the token in subsequent requests in your collection, then you should use a pre-request script. If you need to validate the token, or if you only need to use the token in a single request, then you can use a test script. I hope this helps
Hi Raghav, thank you for your videos. I watched and learned a lot from your videos. I have two questions, and if you make videos about them, that would be wonderful. The first question is, since the bearer token expires within the given period, is there a way to automatically retrieve the new token from the URL without manually entering it every time? The second question is, what do we do when we have more than one bearer token in the platform? Is there a way to automate and use them with variables on the environment tab? I really appreciate any help you can provide. I have been looking for an answer but have not yet found one.
Hi Avni, For your first question, there are a few ways to automatically retrieve a new bearer token when it expires: Use a token refresh mechanism: Many APIs that use bearer tokens also provide a token refresh mechanism. This allows your application to automatically refresh the token before it expires, without the need for user intervention. You can usually find information about how to use this mechanism in the API documentation. Implement a custom solution: If the API you are using does not provide a token refresh mechanism, you can implement your own custom solution. This might involve creating a script or program that periodically checks if the token has expired, and then retrieves a new token if necessary. You can use a programming language of your choice to implement this solution. For your second question, if you have multiple bearer tokens in your platform, you can use environment variables to store and manage them. Here's how you can do it: Create environment variables: In the environment tab of your application, you can create environment variables to store your bearer tokens. For example, you could create an environment variable called "BEARER_TOKEN_1" to store your first token, and another variable called "BEARER_TOKEN_2" to store your second token. Retrieve the tokens in your code: In your code, you can retrieve the appropriate token by reading the value of the corresponding environment variable. This way, you can use the correct token depending on the context or use case. For example, in JavaScript, you can retrieve an environment variable like this: const token = process.env.BEARER_TOKEN_1; In Python, you can retrieve an environment variable like this: import os token = os.environ['BEARER_TOKEN_1'] By using environment variables to manage your bearer tokens, you can easily switch between tokens and keep them organized.
To use Hawk authorization in Postman, follow these steps: 1. Open Postman: 2. Create a New Request: 3. Authorization Tab: - In the request details, go to the Authorization tab. 4. Select Hawk Authentication: - From the Type dropdown list, choose Hawk Authentication. 5. Enter Details: - Fill in the following details: - Hawk Auth ID: Your API authentication ID value. - Hawk Auth Key: Your API authentication key value. - Algorithm: The hash algorithm used to create the message authentication code (MAC). 6. Advanced Parameters (Optional): - You can set additional parameters if needed: - User: The username. - Nonce: A random string generated by the client. - ext: Any application-specific information to be sent with the request. - app: The binding between credentials and the application to prevent an attacker using credentials issued to someone else. - dlg: The ID of the application the credentials were issued to. - Timestamp: Timestamp the server uses to prevent replay attacks outside the time window. 7. Headers: - Postman will automatically add the Hawk Authentication parameters to the request headers. Remember to replace the placeholders with your actual authentication ID and key. Once configured, you can send the request, and Postman will handle the Hawk authorization for you
Hello Raghav, I have set my oauth2 - bearer token at the collection level. While authorising I am passing the user number - 1234567 in the token field. How to set up/ pass that token user number to the env variable?
Rajarajeswari Let's break down the problem step by step.. Step 1: Understand the context You have set up an OAuth 2.0 Bearer token at the collection level in Postman. When authorizing, you are passing a user number `1234567` in the token field. Step 2: Identify the goal You want to set up and pass the token user number `1234567` to an environment variable. Step 3: Create an environment variable In Postman, go to the "No environment" dropdown menu in the top-right corner of the app and select "Manage environments". Then, click the "New" button to create a new environment. Give your environment a name, e.g., "MyOAuthEnv". Click "Add" to create the environment. Step 4: Add a variable to the environment In the "MyOAuthEnv" environment, click the "Add a new variable" button. Enter the following details: * `Key`: `token_user_number` (or any other name you prefer) * `Value`: `1234567` (the user number you want to pass) * `Type`: `string` Click "Add" to save the variable. Step 5: Update the OAuth 2.0 Bearer token Go back to your collection and edit the OAuth 2.0 Bearer token settings. In the "Token" field, enter `{{token_user_number}}`. This will reference the environment variable you just created. Step 6: Select the environment Make sure you have selected the "MyOAuthEnv" environment in the top-right corner of the app. This will enable Postman to use the environment variable you created. Now, when you send a request with the OAuth 2.0 Bearer token, Postman will replace `{{token_user_number}}` with the value `1234567` from the environment variable. --
Will the content of requested url gets affected based on authentication used ? I was able to see the contents without auth probably coz of caching. I’m not sure if I need to test entire content with using auth, When I tested without authentication the contents were displayed as expected
Prithvi Thats okay.. it will be as per the API design and implementation. In case you are using any demo api, can continue.. in case you are using your project or any real APIs.. can discuss with the dev team
@@RaghavPal if it’s in the project then what must the concern? Is it that the contents were still displayed without auth? Or discrepancy with the content ?
If auth is implemented for your APIs it should work.. and if its not working as per the implementation.. its a issue and should be reported.. You team can give more details on this
@@RaghavPal I see so whenever auth is implemented the only expected outcome is that it should produce error when we try to access it without authentication and the content will have no impact(with or without authentication), right?
Ideally yes.. unless you are using some demo.. test apis.. While authentication primarily focuses on security, it doesn’t directly impact the content served by the API.
Hi Raghav, I have followed your postman tutorial, it is very much useful. I have a query, I am trying to run the command. In runtime, I set the global variable. I am able to get a successful result in postman. But when I am trying to run in the command prompt with Newman Test is getting failed. Can you help me with this? newman run -r htmlextra
Hi, It is difficult to know why your test is failing without more information. Check logs and more details on Postman Console - ua-cam.com/video/Xmr33_1-wzs/v-deo.html
Hi Raghav, do we need to share the Env along with the collection? I think we have to. so if we share the environment with the other team member, the current value will be exposed to the shared team member. so how can we prevent this? please guide me if I am wrongly understood. thank you
Hi Hassan There are a few ways to know which authorization is required for an API: * Check the API documentation: The API documentation should specify which authorization methods are supported and what credentials are required * Try making a request without authorization: If you make a request to an API without providing any authorization, the API will typically return an error message indicating that authorization is required * Use a tool like Postman: Postman is a tool that allows you to test APIs. You can use Postman to make requests to an API and see what authorization is required Once you know which authorization is required, you can use the appropriate authorization method when making requests to the API
Keerthi While Postman doesn't have built-in MFA support, you can automate MFA flows using these techniques: *1. Environment Variables and Pre-Request Scripts:* - Store MFA codes in environment variables, retrieved from a secure source (e.g., text file, password manager). - Use pre-request scripts to fetch the current MFA code and dynamically set it in the request body or header. *2. Custom Code in Pre-Request Scripts:* - Write code to handle MFA challenges directly within pre-request scripts. - Interact with external services or devices (e.g., send SMS requests for codes, generate codes using authenticator apps). *3. Third-Party Libraries:* - Explore third-party libraries or extensions that provide MFA support within Postman. - Some options include: - Postman Interceptor extension for Chrome (can capture MFA tokens from browser sessions) - Custom libraries for specific MFA providers *4. Integration with External Tools:* - Use Postman in conjunction with external tools or libraries for MFA automation. - For example, integrate with Selenium WebDriver to automate browser-based MFA flows. *Key Considerations:* - *Security:* - Store MFA codes securely (avoid plain text storage). - Implement appropriate access controls and logging. - *Complexity:* - MFA automation can be complex, especially for multi-step flows. - Thoroughly test and validate your implementation. - *MFA Provider Support:* - Adapt methods based on the specific MFA provider and authentication methods used. *Example (Pre-Request Script):* ```javascript // Retrieve MFA code from a secure source const mfaCode = pm.environment.get("mfa_code"); // Set the MFA code in the request header pm.request.headers.add({ key: "X-MFA-Code", value: mfaCode }); ``` *Remember:* - MFA automation in Postman requires careful planning and security considerations. - Evaluate the complexity and risks involved before implementation. - Stay updated on the latest Postman features and third-party integrations for potential MFA support enhancements.
I'm trying to download a file from a website through HTTP request, but I don't know what type of authentication it uses. I'm running a GET request to find out the type of authentication by error log, but it turns out I get "200 OK" and I'm redirected to an HTML page where I must put the user and password. I tried every type of request on Postman, but all failed. What must I do in this case?
It seems like you're encountering a dynamic authentication mechanism on the website you're trying to download the file from. While the initial GET request returns a 200 OK response, the server redirects you to a login page instead of directly providing the requested file. This suggests a more complex authentication process than standard HTTP authentication types. Here are some steps you can try to identify and handle the authentication mechanism: *Analyze the HTML page:* 1. *Inspect the HTML code:* Open the login page in Postman's "Preview" tab and inspect the source code using the browser developer tools. Look for clues about the authentication type, such as form elements, input fields, action URLs, and JavaScript code. 2. *Identify form elements:* Pay close attention to the form elements, particularly the input fields for username and password. Note their names and values. 3. *Identify action URL:* Look for the form's action URL, which indicates where the login credentials are submitted. This URL might be important for constructing the authentication request. *Analyze the network traffic:* 1. *Enable network capture:* In Postman, enable network capture to monitor all network requests and responses while interacting with the login page. This can reveal additional details about the authentication process, including headers, cookies, and hidden data. 2. *Analyze request and response headers:* Look for specific headers related to authentication, such as `Authorization`, `WWW-Authenticate`, `Set-Cookie`, and `Location`. These headers often provide clues about the required authentication type and additional information needed for the login request. 3. *Identify cookies:* Pay attention to cookies set by the server during the login process. Some authentication mechanisms rely on cookies for session management. *Investigate common authentication types:* 1. *Basic authentication:* This is a simple username/password authentication scheme encoded directly in the HTTP header. Look for `WWW-Authenticate: Basic` header in the initial response or any other indication of Basic authentication. 2. *Form-based authentication:* This uses a web form for login credentials submission. If you identified login form elements and an action URL, this might be the authentication type. 3. *Token-based authentication:* This utilizes a token obtained through a separate login request. Analyze the network traffic for clues about token endpoints and how the token is used for access. *Try different Postman request methods:* 1. *POST request:* If you identified a form action URL, try constructing a POST request to that URL with the username and password values as form data. 2. *Authorization header:* If you identified an authentication type like Basic or token-based, try adding the appropriate authorization information in the request header. Refer to the specific authentication type for the correct format. *Seek additional resources:* 1. *Examine online documentation:* Check the website's documentation or help section for information about authentication methods and API access. 2. *Consult online forums:* Search online forums and communities for similar situations or discussions about accessing the specific website you're targeting. 3. *Contact website support:* Consider contacting the website's support team directly if available. They might be able to provide specific instructions or clarify the authentication process. By analyzing the available information and trying different approaches, you should be able to identify the correct authentication mechanism and successfully download the file using Postman. Remember to pay close attention to details, analyze network traffic, and explore various resources for clues about the specific authentication implementation.
how to access the api in our react app with the help of nodejs i have api and also have token but dont have proper guide to do so please anyone sujjest me some videos
In this video we need to keep our token in a variable statically, and then next time when I execute the login auth API again, it will generate a new token. It's not a solution; it's a wastage of time, nothing else.Please don't POST in complete knowledge
Hello Raghav, I have followed your full tutorial on Postman and found all of the videos extremely helpful. I appreciate your time and effort in producing such excellent content!!
Thanks a lot
Hi Raghav, your entire Postman playlist is very clear, well presented and well structured. Thank you very much for all the effort you put into this. You are amazing!!
You are most welcome Deepak
Excellent video. The part I was looking for starts at 8:18 - how to use a parameter for password, which is super helpful. Thank you!
Most welcome
Dear Raghav,
I have just completed your Postman Begginer Tutorial 2022.
It was very good practice for me to update myself on Postman.
All informations are extremely helpful. I appreciate your time.
May God love you and make you happy My Man.
Thanks a lot
watched the full tutorial, very detail and well-explained!! thank you now i have good starting point using Postman
Great to hear! All the best..
I have just completed all of the parts and really it is very helpful. Thanks
You are welcome
Hi Raghav, your Postman API testing tutorial is wonderful for a novice like me.Thank you so much. I believe it was for REST. I have a request. Can you please make a video on definitions and difference between SOAP and REST and when to use what with examples for a novice in simple layman terms ?
Glad it was helpful Parasari, you can find the Basics API videos here - automationstepbystep.com/
Big fan here, Sir your video on roadmap to DevOps is very good. Mickey & Minnie series is very good. Sir want to go in BigData & data science, please guide me on roadmap of big data. I have seen many videos but no one explain better than you. Please guide me on Bigdata and data science roadmap and tools. Thankyou for being such a great explainer. Sir i am waiting for your reply 😇 i know you will help me.
Hi, I will try to analyse on this and will create a session, thanks for watching and supporting
tutorial is helpful and to the point easy english and very good method of teaching
Glad you liked it Jimmy
Thank you so much! It's a good start for all who want to learn Postman.
Most welcome
Very Nicely and simply taught.. Thanks Raghav..
Thanks a ton Nilesh
Hi raghav, first of all, thanks for your tutorials on Postman. I liked and learnt all session in this Playlist - till 14 videos. Where can I find next set of videos in this series? Thank you..
Sharath
can check here - automationstepbystep.com/
All the sessions are informative, thank you 🙂
Glad you like them
Hi Raghav, you are really too good 😀👍💯 Thanks a lot for all these valuable contents... Best regards 👍
So nice of you
Hi Sir, Thanks for API tutorial it is very helpful for a beginner like me in this season, and I am still very curious about what kind of project to work on using Postman then I can post in my portfolio
Great.. you can work with any API related projects with Postman
i just loved this session sir.
Glad to hear that Fouqia, humbled
Already completly learn and practical this video.. Thank sir.
Most welcome
Session was very useful..thanks raghav..😊
Always welcome
Hi Raghav,
Kindly upload a video on API Security testing using postman.
Many many thanks for your time and efforts.
I will plan Shailesh
Thanks i completed ❤
Great Niharika
Hello @RaghavPal, Thanks for the Tutorials. I became Ekalavya to your Tutorials 🙂... Can you please Add API performance testing using postman to the same series..
Also please add the latest options / features that are newly added eBPF-based API discovery and API monitoring capabilities to the Postman API Platform.
Siddhartha
Great to know this is helping you
Sure, i will plan on this
This was amazing!!!!! Best video !!!!
Glad you liked it Laura
[18-Feb-2024 00:00 IST, Sunday] Hello @Raghav sir, I have been watching through all the videos of this series. You are undeniably an excellent trainer. Sometimes, I feel, won't it be more engaging if you show all this using some real examples of any site? Isn't is possible? Like if we talk about authorization, it can be performed on some (dummy) eCommerce site. That would be more engaging, interactive & relatable. What do you think, sir ? Thanks again !
Sure Jatin
Hi Raghav, thanks for your sessions. All are simple explained and understandable, in my postman recently downloaded i did not find test option along with body, what to do
Viswanath
You'll find the Test option in Postman's sidebar, within the Tests tab. Let me know if you still can't find it
@RaghavPal not yet, can you please tell me step by step
ok check this ua-cam.com/video/wEOLZq-7DYs/v-deo.html
@@RaghavPal yes in this video test is not present and pre request we can write for latest versions, thank you
Hi Sir, the playlist is really awesome. One small testing like take response and capture Some id as variable and store it and use and id to other request,if you add that as well,it will be beautiful.
Hi Yashwant, I must have shown that in some chaining session. Can check all lectures here - automationstepbystep.com/
@@RaghavPal is chaining possible in Postman? or only in Soapui?
This video series was indeed very simple and very interesting!
Glad you enjoyed it
It was a very good video series, thank you for sharing!
Glad you enjoyed it Başak
Thank you for this excellent resource.
Most welcome
Indeed - learn something new every day
Happy to see this
helpful video. Thanks Raghav!
Most welcome
Is this the end of the playlist if yes is this much enough to work on postman api
Tony
This is enough to work on any project of Postman. Please follow all tutorials with hands-on
@@RaghavPal ok thank you
Thanks you so much...very useful
You are most welcome Manunu
Easy, Excellent, superb
Glad you liked it Amruta
Hi Raghav... How do I run performance tests of my postman collections through release pipelines? Kindly create a video for this.
Deva
I will plan to create a video on this. For now let's break down the problem into smaller steps to help you run performance tests of your Postman collections through release pipelines.
Step 1: Understand the Requirements
* You have a Postman collection with API requests.
* You want to run performance tests on this collection.
* You want to integrate these performance tests into your release pipelines.
Step 2: Choose a Performance Testing Tool
* Postman has a built-in feature called "Postman Sandbox" that allows you to write and run JavaScript code to test API performance. However, it's limited in its capabilities.
* Popular alternatives for performance testing include:
+ Newman (a command-line collection runner for Postman)
+ JMeter (a widely-used open-source performance testing tool)
+ Gatling (a commercial performance testing tool with a free trial)
+ Artillery (a modern, open-source performance testing tool)
For this example, let's choose Newman as our performance testing tool.
Step 3: Install Newman
* Install Newman using npm (Node Package Manager) by running the following command:
```
npm install -g newman
```
This will install Newman globally on your system.
Step 4: Create a Performance Test Script
* Create a new JavaScript file (e.g., `performance-test.js`) that will contain your performance test script.
* In this script, use Newman's API to run your Postman collection and measure performance metrics such as response times, throughput, and error rates.
Here's an example script to get you started:
```javascript
const newman = require('newman');
// Set the collection to run
const collection = 'path/to/your/postman/collection.json';
// Set the environment to run against
const environment = 'path/to/your/postman/environment.json';
// Run the collection and measure performance
newman.run({
collection: collection,
environment: environment,
iterationCount: 10, // Run the collection 10 times
delayBetweenIterations: 1000 // Wait 1 second between iterations
}, (err, summary) => {
if (err) {
console.error(err);
} else {
console.log(`Summary: ${summary}`);
}
});
```
Step 5: Integrate with Release Pipelines
* You'll need to integrate your performance test script with your release pipelines. The exact steps will vary depending on your pipeline tool (e.g., Azure DevOps, Jenkins, CircleCI).
--
@@RaghavPal Thank you for your reply. I've a doubt here... Where to specify the number of users, ramp-up and ramp-down time. Kindly let me know please.
Can check JMeter tutorials for details on this - automationstepbystep.com/
Thank you very much, Raghav.
It's a Great tutorial )
Most welcome Den
Good Job Dear😍
Thanks
Thank you, for all your hard work ❤
You are so welcome Debarun
great content and perfect explanation for a beginner like me. Loved it !
Great to know this
Hi Raghav , i have one general query , I'm an tester with experience in both selenium automation and manual , which are the masters related to automation , do you have any suggestions that we can take for masters in field od testing .
you can plan on getting skilled on
CI, CD, DevOps
API Testing
Performance Testing
More functional testing tools
Very helpful. Thank you.
Glad it was helpful John
Thank you so much for this playlist. It's helping a lot for the beginners.🙏🙏
Glad it was helpful Mahesh
Hi Raghav! I like the crisp and clear instructions in your structured videos. Very grateful if you can plan a session on Azure IoT hub and how to test them?
Hi Swetha, I will do
@@RaghavPal Thank you! Looking forward
hi nice video, and how to create our own api for use ?? plz let me know
Hi Mohan, can check this - ua-cam.com/video/7vx0RIwHVzg/v-deo.html
HI RAGHAV. i have watch all videos of this series, when will you upload next video, it was very helpfull , Thanks
Hi Sandeep, I have tried to cover all the basic topics, Let me know if there are other topics you need, I will plan
@@RaghavPal , is this all 14 videos is sufficient for facing any interview from POSTMAN Tool Perspective view or APIs Manual.
Yes, will be enough if you have done hands-on along with the videos
@@RaghavPal Thanks, i have cover all videos multiple times , now i am Confident 😊
I want to set common bearertoken and baseurl for single collection in postman
Navneet
To set a common Bearer Token and Base URL for a single collection in Postman, you have a few options:
1. Collection Variables:
- Create a collection variable for the Bearer Token and Base URL.
- In your collection, go to the Variables tab.
- Define the following variables:
- `tokenBaseURL`: Set this to the base URL for your authentication service.
- `authData`: If your auth service requires specific data, add it here as a JSON object.
- Now, your requests within the collection can reference these variables.
2. Pre-request Script:
- You can use a pre-request script at the collection level to set environment variables dynamically.
- Here's an example of how to set the Bearer Token using a script:
```javascript
pm.sendRequest({
url: 'YourURL',
method: 'POST',
header: {
'content-type': 'application/json'
},
body: {
mode: 'raw',
raw: JSON.stringify({
// YOUR PARAM TO CREATE THE TOKEN IF NEEDED
})
}
}, (err, res) => {
pm.collectionVariables.set('TOKEN', res.json().accessToken);
});
```
3. Environment Variables:
- Create a new environment or use an existing one.
- Add environment variables for the Bearer Token and Base URL.
- Set the values accordingly.
Remember to choose the approach that best fits your project requirements and workflow
-
@@RaghavPal Thankyou So much Sir
For your valuable responde and with this I got my appropriate answer..
Very precise and to the point. Great tutorial
Thanks a lot
Hi, can you explain how and where to add next page toxen for oauth2.0?
To add a next page token for OAuth 2.0 in Postman, you can do the following:
1. Open the Postman request that you want to add the next page token to.
2. Click the **Authorization** tab.
3. Select **OAuth 2.0** from the **Type** dropdown list.
4. In the **Authorization Data** section, click the **Add** button.
5. In the **Type** dropdown list, select **Bearer Token**.
6. In the **Token** field, enter the next page token.
7. Click the **Save** button.
Here is an example of how to add a next page token for OAuth 2.0 in Postman:
```
Request:
api.example.com/users?page=1
Authorization:
Type: OAuth 2.0
Authorization Data:
Type: Bearer Token
Token: YOUR_NEXT_PAGE_TOKEN
```
Once you have added the next page token to the request, you can send the request and Postman will automatically include the next page token in the request header.
Here are some additional tips for using next page tokens in Postman:
* You can get a next page token by sending a request to the API endpoint that you are using. The next page token will be returned in the response header.
* You can save next page tokens to variables in Postman. This will allow you to easily reuse next page tokens in different requests.
* You can use the `pm.response.headers.get('next-page-token')` Postman function to get the next page token from the response header.
I hope this helps
Hi , you given the token at environment level and given the variable in the request . Here my question is if my token expire in 5 mins but my collection or testcase will be running more than 5 mins then my token will be invalid so how to get the token at run time from the response without copying it manually .
Shilpa
There are two ways to get a token at runtime from the response without copying it manually in Postman:
1. **Use a pre-request script:** You can use a pre-request script to extract the token from the response and store it in a variable. This variable can then be used in subsequent requests in your collection.
For example, the following pre-request script will extract the token from the response and store it in a variable called `token`:
```javascript
// Get the token from the response
var token = pm.response.json().access_token;
// Store the token in a variable
pm.environment.set("token", token);
```
Once you have stored the token in a variable, you can use it in subsequent requests in your collection by referencing the variable name. For example, the following request will use the `token` variable to authenticate the request:
```
Authorization: Bearer {{token}}
```
2. **Use a test script:** You can also use a test script to extract the token from the response and store it in a variable. This variable can then be used in subsequent requests in your collection, or to validate the response.
For example, the following test script will extract the token from the response and store it in a variable called `token`:
```javascript
// Get the token from the response
var token = pm.response.json().access_token;
// Store the token in a variable
pm.environment.set("token", token);
// Validate that the token is not empty
pm.test("Token is not empty", function() {
pm.expect(token).to.not.be.empty;
});
```
Once you have stored the token in a variable, you can use it in subsequent requests in your collection, or to validate the response.
Which method you use to get a token at runtime from the response will depend on your specific needs. If you need to use the token in subsequent requests in your collection, then you should use a pre-request script. If you need to validate the token, or if you only need to use the token in a single request, then you can use a test script.
I hope this helps
@@RaghavPal Thank you so much
Very nice video sir
Thanks and welcome
Best 🎉 thanks
Most welcome Anush
18/Feb/24 - I am following the same steps but on 5:44 I am getting [ ] in the response...Please help Raghav...Thanks for the fantastic videos !
Jatin
will need more details on the steps and logs
Hi Raghav, thank you for your videos. I watched and learned a lot from your videos. I have two questions, and if you make videos about them, that would be wonderful. The first question is, since the bearer token expires within the given period, is there a way to automatically retrieve the new token from the URL without manually entering it every time? The second question is, what do we do when we have more than one bearer token in the platform? Is there a way to automate and use them with variables on the environment tab? I really appreciate any help you can provide. I have been looking for an answer but have not yet found one.
Hi Avni,
For your first question, there are a few ways to automatically retrieve a new bearer token when it expires:
Use a token refresh mechanism: Many APIs that use bearer tokens also provide a token refresh mechanism. This allows your application to automatically refresh the token before it expires, without the need for user intervention. You can usually find information about how to use this mechanism in the API documentation.
Implement a custom solution: If the API you are using does not provide a token refresh mechanism, you can implement your own custom solution. This might involve creating a script or program that periodically checks if the token has expired, and then retrieves a new token if necessary. You can use a programming language of your choice to implement this solution.
For your second question, if you have multiple bearer tokens in your platform, you can use environment variables to store and manage them. Here's how you can do it:
Create environment variables: In the environment tab of your application, you can create environment variables to store your bearer tokens. For example, you could create an environment variable called "BEARER_TOKEN_1" to store your first token, and another variable called "BEARER_TOKEN_2" to store your second token.
Retrieve the tokens in your code: In your code, you can retrieve the appropriate token by reading the value of the corresponding environment variable. This way, you can use the correct token depending on the context or use case.
For example, in JavaScript, you can retrieve an environment variable like this:
const token = process.env.BEARER_TOKEN_1;
In Python, you can retrieve an environment variable like this:
import os
token = os.environ['BEARER_TOKEN_1']
By using environment variables to manage your bearer tokens, you can easily switch between tokens and keep them organized.
@@RaghavPal Thank you very much sir. Your content is amazing.
Thank you , it ws very good
You're welcome Purvash 😊
The turorial is best thanks
Thanks a lot Lokesh
Thanks
Most welcome Sushant
Not bad, good, but need more engagement while you are making video, best of luck
Thanks for the feedback! I'll work on making the videos more engaging.
hello sir , how to use hawk authorization any
code snippet available
To use Hawk authorization in Postman, follow these steps:
1. Open Postman:
2. Create a New Request:
3. Authorization Tab:
- In the request details, go to the Authorization tab.
4. Select Hawk Authentication:
- From the Type dropdown list, choose Hawk Authentication.
5. Enter Details:
- Fill in the following details:
- Hawk Auth ID: Your API authentication ID value.
- Hawk Auth Key: Your API authentication key value.
- Algorithm: The hash algorithm used to create the message authentication code (MAC).
6. Advanced Parameters (Optional):
- You can set additional parameters if needed:
- User: The username.
- Nonce: A random string generated by the client.
- ext: Any application-specific information to be sent with the request.
- app: The binding between credentials and the application to prevent an attacker using credentials issued to someone else.
- dlg: The ID of the application the credentials were issued to.
- Timestamp: Timestamp the server uses to prevent replay attacks outside the time window.
7. Headers:
- Postman will automatically add the Hawk Authentication parameters to the request headers.
Remember to replace the placeholders with your actual authentication ID and key. Once configured, you can send the request, and Postman will handle the Hawk authorization for you
Thank you so much!!
You're welcome Gayni
thank you
You are welcome
Hello Raghav, Thank you so much for such informative videos. I am trying to demo this video lecture but i am getting 404 response..help me in this.
Hi, try with a different api request, also check the url, syntax and formats again
Hello Raghav, I have set my oauth2 - bearer token at the collection level. While authorising I am passing the user number - 1234567 in the token field. How to set up/ pass that token user number to the env variable?
Rajarajeswari
Let's break down the problem step by step..
Step 1: Understand the context
You have set up an OAuth 2.0 Bearer token at the collection level in Postman. When authorizing, you are passing a user number `1234567` in the token field.
Step 2: Identify the goal
You want to set up and pass the token user number `1234567` to an environment variable.
Step 3: Create an environment variable
In Postman, go to the "No environment" dropdown menu in the top-right corner of the app and select "Manage environments". Then, click the "New" button to create a new environment.
Give your environment a name, e.g., "MyOAuthEnv". Click "Add" to create the environment.
Step 4: Add a variable to the environment
In the "MyOAuthEnv" environment, click the "Add a new variable" button. Enter the following details:
* `Key`: `token_user_number` (or any other name you prefer)
* `Value`: `1234567` (the user number you want to pass)
* `Type`: `string`
Click "Add" to save the variable.
Step 5: Update the OAuth 2.0 Bearer token
Go back to your collection and edit the OAuth 2.0 Bearer token settings. In the "Token" field, enter `{{token_user_number}}`. This will reference the environment variable you just created.
Step 6: Select the environment
Make sure you have selected the "MyOAuthEnv" environment in the top-right corner of the app. This will enable Postman to use the environment variable you created.
Now, when you send a request with the OAuth 2.0 Bearer token, Postman will replace `{{token_user_number}}` with the value `1234567` from the environment variable.
--
super sir
Thanks Srinivas
Will the content of requested url gets affected based on authentication used ?
I was able to see the contents without auth probably coz of caching.
I’m not sure if I need to test entire content with using auth,
When I tested without authentication the contents were displayed as expected
Prithvi
Thats okay.. it will be as per the API design and implementation. In case you are using any demo api, can continue.. in case you are using your project or any real APIs.. can discuss with the dev team
@@RaghavPal if it’s in the project then what must the concern? Is it that the contents were still displayed without auth? Or discrepancy with the content ?
If auth is implemented for your APIs it should work.. and if its not working as per the implementation.. its a issue and should be reported.. You team can give more details on this
@@RaghavPal I see so whenever auth is implemented the only expected outcome is that it should produce error when we try to access it without authentication and the content will have no impact(with or without authentication), right?
Ideally yes.. unless you are using some demo.. test apis..
While authentication primarily focuses on security, it doesn’t directly impact the content served by the API.
Hi Raghav, I have followed your postman tutorial, it is very much useful.
I have a query,
I am trying to run the command. In runtime, I set the global variable. I am able to get a successful result in postman. But when I am trying to run in the command prompt with Newman Test is getting failed. Can you help me with this?
newman run -r htmlextra
Hi,
It is difficult to know why your test is failing without more information. Check logs and more details on Postman Console - ua-cam.com/video/Xmr33_1-wzs/v-deo.html
Hi Raghav, do we need to share the Env along with the collection? I think we have to. so if we share the environment with the other team member, the current value will be exposed to the shared team member. so how can we prevent this? please guide me if I am wrongly understood. thank you
Hi Deepak, yes, check more here - learning.postman.com/docs/collaborating-in-postman/sharing/
thanks bro.
Most welcome Ken
How do I know which authorization is required??
Hi Hassan
There are a few ways to know which authorization is required for an API:
* Check the API documentation: The API documentation should specify which authorization methods are supported and what credentials are required
* Try making a request without authorization: If you make a request to an API without providing any authorization, the API will typically return an error message indicating that authorization is required
* Use a tool like Postman: Postman is a tool that allows you to test APIs. You can use Postman to make requests to an API and see what authorization is required
Once you know which authorization is required, you can use the appropriate authorization method when making requests to the API
@@RaghavPal Thank you so much Sir
How to automate the multi factor authentication using postman
Keerthi
While Postman doesn't have built-in MFA support, you can automate MFA flows using these techniques:
*1. Environment Variables and Pre-Request Scripts:*
- Store MFA codes in environment variables, retrieved from a secure source (e.g., text file, password manager).
- Use pre-request scripts to fetch the current MFA code and dynamically set it in the request body or header.
*2. Custom Code in Pre-Request Scripts:*
- Write code to handle MFA challenges directly within pre-request scripts.
- Interact with external services or devices (e.g., send SMS requests for codes, generate codes using authenticator apps).
*3. Third-Party Libraries:*
- Explore third-party libraries or extensions that provide MFA support within Postman.
- Some options include:
- Postman Interceptor extension for Chrome (can capture MFA tokens from browser sessions)
- Custom libraries for specific MFA providers
*4. Integration with External Tools:*
- Use Postman in conjunction with external tools or libraries for MFA automation.
- For example, integrate with Selenium WebDriver to automate browser-based MFA flows.
*Key Considerations:*
- *Security:*
- Store MFA codes securely (avoid plain text storage).
- Implement appropriate access controls and logging.
- *Complexity:*
- MFA automation can be complex, especially for multi-step flows.
- Thoroughly test and validate your implementation.
- *MFA Provider Support:*
- Adapt methods based on the specific MFA provider and authentication methods used.
*Example (Pre-Request Script):*
```javascript
// Retrieve MFA code from a secure source
const mfaCode = pm.environment.get("mfa_code");
// Set the MFA code in the request header
pm.request.headers.add({ key: "X-MFA-Code", value: mfaCode });
```
*Remember:*
- MFA automation in Postman requires careful planning and security considerations.
- Evaluate the complexity and risks involved before implementation.
- Stay updated on the latest Postman features and third-party integrations for potential MFA support enhancements.
I'm trying to download a file from a website through HTTP request, but I don't know what type of authentication it uses. I'm running a GET request to find out the type of authentication by error log, but it turns out I get "200 OK" and I'm redirected to an HTML page where I must put the user and password. I tried every type of request on Postman, but all failed. What must I do in this case?
It seems like you're encountering a dynamic authentication mechanism on the website you're trying to download the file from. While the initial GET request returns a 200 OK response, the server redirects you to a login page instead of directly providing the requested file. This suggests a more complex authentication process than standard HTTP authentication types.
Here are some steps you can try to identify and handle the authentication mechanism:
*Analyze the HTML page:*
1. *Inspect the HTML code:* Open the login page in Postman's "Preview" tab and inspect the source code using the browser developer tools. Look for clues about the authentication type, such as form elements, input fields, action URLs, and JavaScript code.
2. *Identify form elements:* Pay close attention to the form elements, particularly the input fields for username and password. Note their names and values.
3. *Identify action URL:* Look for the form's action URL, which indicates where the login credentials are submitted. This URL might be important for constructing the authentication request.
*Analyze the network traffic:*
1. *Enable network capture:* In Postman, enable network capture to monitor all network requests and responses while interacting with the login page. This can reveal additional details about the authentication process, including headers, cookies, and hidden data.
2. *Analyze request and response headers:* Look for specific headers related to authentication, such as `Authorization`, `WWW-Authenticate`, `Set-Cookie`, and `Location`. These headers often provide clues about the required authentication type and additional information needed for the login request.
3. *Identify cookies:* Pay attention to cookies set by the server during the login process. Some authentication mechanisms rely on cookies for session management.
*Investigate common authentication types:*
1. *Basic authentication:* This is a simple username/password authentication scheme encoded directly in the HTTP header. Look for `WWW-Authenticate: Basic` header in the initial response or any other indication of Basic authentication.
2. *Form-based authentication:* This uses a web form for login credentials submission. If you identified login form elements and an action URL, this might be the authentication type.
3. *Token-based authentication:* This utilizes a token obtained through a separate login request. Analyze the network traffic for clues about token endpoints and how the token is used for access.
*Try different Postman request methods:*
1. *POST request:* If you identified a form action URL, try constructing a POST request to that URL with the username and password values as form data.
2. *Authorization header:* If you identified an authentication type like Basic or token-based, try adding the appropriate authorization information in the request header. Refer to the specific authentication type for the correct format.
*Seek additional resources:*
1. *Examine online documentation:* Check the website's documentation or help section for information about authentication methods and API access.
2. *Consult online forums:* Search online forums and communities for similar situations or discussions about accessing the specific website you're targeting.
3. *Contact website support:* Consider contacting the website's support team directly if available. They might be able to provide specific instructions or clarify the authentication process.
By analyzing the available information and trying different approaches, you should be able to identify the correct authentication mechanism and successfully download the file using Postman. Remember to pay close attention to details, analyze network traffic, and explore various resources for clues about the specific authentication implementation.
This is nice session
But I want to know the how to automate
Authorization in postman
Hi Rohit, do you need some specific type of authorization
@@RaghavPal
No I want to know how to automate
Auth automation in postman.
that is what was shown in the video, in case you have any issues, pls inform in detail
@@RaghavPal
I want to automate this
Could you please help with oauth 2.0 by automation in postman
I will plan a session Devatha
How to do digital certificate authentication in using postman
Hi Pravin, this can help learning.postman.com/docs/sending-requests/certificates/
Sir is this the last video?
Can check all POSTMAN videos here - automationstepbystep.com/
how to access the api in our react app with the help of nodejs i have api and also have token but dont have proper guide to do so please anyone sujjest me some videos
Can check these:
ua-cam.com/video/sRzbFa8gYFI/v-deo.html
ua-cam.com/video/BdqPDxrfDOI/v-deo.html
ua-cam.com/video/fnpmR6Q5lEc/v-deo.html
👍👍👍👍👍
Thanks for liking Vinod
Thanks -I am getting 404
will need to check your request and logs
In this video we need to keep our token in a variable statically, and then next time when I execute the login auth API again, it will generate a new token. It's not a solution; it's a wastage of time, nothing else.Please don't POST in complete knowledge
Pranesh
will check on this. It is a beginner tutorial for getting started knowledge, will plan to add real world scenario