API Testing with Postman and REST-Assured
API testing validates that backend services return correct responses, handle edge cases appropriately, and enforce authentication and authorisation rules. It is faster and more reliable than E2E testing for validating backend behaviour and should form a substantial part of any service-oriented application's test suite.
Postman / Insomnia
Postman and Insomnia are GUI tools for manually exploring APIs and building automated API test collections. Postman Collections can be version-controlled and run in CI via Newman (the Postman CLI runner). Excellent for exploratory testing, documentation, and sharing API examples with the team. Postman's test scripts (JavaScript) allow response validation, chaining requests, and environment-specific configuration.
REST-Assured (Java)
REST-Assured is a Java DSL for API testing — particularly popular in Java/Spring ecosystems. Readable, expressive syntax for making HTTP requests and asserting on responses. Integrates with JUnit and TestNG. Good for teams building Java services who want API tests as part of their Java test suite.
Supertest (Node.js)
Supertest is a Node.js HTTP testing library that works directly with Express/Fastify/Koa apps — making HTTP requests without starting a network server. Fast, lightweight, integrates naturally with Jest and Mocha.
What to Test
- Happy path: correct inputs return correct responses
- Authentication: unauthenticated requests are rejected (401), insufficient permissions are rejected (403)
- Validation: invalid inputs return informative errors (400/422)
- Edge cases: boundary values, empty inputs, large payloads
- Error handling: downstream failures are handled gracefully