Postman — Complete API Testing Guide
What is Postman?
Postman is a GUI-based HTTP client — a tool that lets you send HTTP requests (GET, POST, PUT, DELETE) to any API and inspect the responses. Think of it as a browser for APIs. Instead of writing code to test your endpoints, you use Postman's visual interface to fire requests and see results instantly.
Why Use Postman?
When you build a REST API with ASP.NET Core, you need a way to test it without writing a frontend first. Postman lets you test every endpoint immediately — try different inputs, check status codes, verify JSON responses, and test authentication — all without touching your code.
Where is it Used?
| Scenario | Use |
|---|---|
| API development testing | ✅ Test each endpoint as you build it |
| JWT auth testing | ✅ Login, get token, call protected endpoints |
| Bug investigation | ✅ Reproduce issues with exact requests |
| API documentation | ✅ Collections = living documentation |
| Team API testing | ✅ Share collections with teammates |
| Automated testing | ✅ Run test suites in CI/CD |
Key Benefits
- No code needed — test APIs visually without writing test code
- Collections — organize all API requests for a project in one place
- Environments — switch between dev/staging/prod with one click
- JWT support — built-in auth token management
- Auto-tests — write JavaScript assertions to verify responses
- Team sharing — export collections as JSON, import anywhere
- Free — basic features are completely free
Postman is the industry-standard tool for testing REST APIs. Every backend developer uses it daily.
Install
Download: postman.com/downloads
⌨️ Postman Keyboard Shortcuts
| Shortcut | Action |
|---|---|
Ctrl+Enter | Send request |
Ctrl+N | New request |
Ctrl+S | Save request |
Ctrl+/ | Toggle request sidebar |
Ctrl+Shift+C | New collection |
Ctrl+Shift+E | Manage environments |
Ctrl+P | Quick search |
Ctrl+L | Focus URL bar |
Ctrl+Alt+C | Open console |
Testing School Management API
GET — Retrieve
GET http://localhost:5001/api/students
GET http://localhost:5001/api/students?className=10th
GET http://localhost:5001/api/students/1
POST — Create
POST http://localhost:5001/api/students
Content-Type: application/json
{
"name": "Ravi Kumar",
"className": "10th",
"section": "A",
"email": "ravi@school.com"
}
PUT — Update
PUT http://localhost:5001/api/students/1
Content-Type: application/json
{
"id": 1,
"name": "Ravi Kumar",
"className": "11th"
}
DELETE
DELETE http://localhost:5001/api/students/1
JWT Authentication
Step 1 — Login
POST http://localhost:5001/api/auth/login
{
"email": "admin@nexcoding.in",
"password": "Admin@123"
}
Response gives: { "token": "eyJhbG..." }
Step 2 — Use Token
In request → Authorization tab → Type: Bearer Token → paste token.
Or via header:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Collections
Organize requests:
📁 School Management API
📁 Auth
POST /auth/login
POST /auth/refresh
📁 Students
GET /students
POST /students
GET /students/:id
PUT /students/:id
DELETE /students/:id
📁 Exams
POST /exams/marks
GET /students/:id/report-card
Export collection → share with team → everyone has same test set.
Environments — Switch Between Servers
Development:
baseUrl = http://localhost:5001
adminEmail = admin@nexcoding.in
adminPassword = Admin@123
token = (populated by pre-request script)
Production:
baseUrl = https://api.nexcoding.in
adminEmail = admin@nexcoding.in
adminPassword = (actual prod password)
Use {{baseUrl}} in all request URLs — switch env in top-right dropdown.
Pre-request Script — Auto Login
Add to Collection → Pre-request:
const url = pm.environment.get("baseUrl") + "/api/auth/login";
pm.sendRequest({
url: url,
method: "POST",
header: { "Content-Type": "application/json" },
body: {
mode: "raw",
raw: JSON.stringify({
email: pm.environment.get("adminEmail"),
password: pm.environment.get("adminPassword")
})
}
}, (err, res) => {
if (!err)
pm.environment.set("token", res.json().token);
});
Now every request auto-gets a fresh token before sending.
Tests — Assert Responses
// Tests tab (runs after response)
pm.test("Status is 200", () => pm.response.to.have.status(200));
pm.test("Has students array", () => {
const body = pm.response.json();
pm.expect(body).to.be.an("array");
});
pm.test("Student has name", () => {
const student = pm.response.json()[0];
pm.expect(student.name).to.not.be.empty;
});
// Save id for next request
const student = pm.response.json();
pm.environment.set("studentId", student.id);
HTTP Status Codes
| Code | Meaning | Expected When |
|---|---|---|
| 200 | OK | GET, PUT success |
| 201 | Created | POST success |
| 204 | No Content | DELETE success |
| 400 | Bad Request | Validation error |
| 401 | Unauthorized | No/expired token |
| 403 | Forbidden | Valid token, no permission |
| 404 | Not Found | Resource missing |
| 500 | Server Error | Bug in your code |
Postman Interview Questions
Q1: What is Postman and why do developers use it?
HTTP client for testing REST APIs.
Allows sending GET/POST/PUT/DELETE requests, setting headers,
adding auth tokens, and verifying responses — without writing code.
Q2: What is a Postman Collection?
A group of saved API requests organized in folders.
Share with team, run all tests in sequence, export/import.
Q3: What is a Postman Environment?
Set of variables for a specific deployment (dev, staging, prod).
Allows same collection to run against different servers.
Switch environment → requests automatically use correct URLs/tokens.
Q4: How do you test a JWT-protected endpoint in Postman?
1. POST /auth/login → get token from response
2. Go to protected request → Authorization tab
3. Type: Bearer Token → paste token
4. Send — Postman includes Authorization header automatically
Use ChatGPT, Claude, or Copilot to go deeper on Postman API testing for .NET developers. Try these prompts:
"How do I test JWT authentication in Postman step by step?""What is the difference between Postman Collections and Environments?""How do I use pre-request scripts in Postman to auto-login before each request?""Quiz me on Postman — 5 questions about collections, environments, and testing"
💡 Tip: After reading this article, paste your own code into AI and ask "What could go wrong here and why?" — fastest way to find edge cases and deepen understanding.