What Is Postman API? The Complete Guide to API Testing and Development

Postman is an API development platform that lets developers design, test, document, and monitor APIs through a graphical interface. Originally built as a Chrome extension for sending REST requests, Postman has grown into a comprehensive API platform used by over 40 million developers and 500,000 organizations worldwide.

What Is Postman? From REST Client to API Platform

Postman started as a simple tool for sending HTTP requests — a graphical alternative to command-line tools like curl. Instead of composing raw HTTP requests in a terminal, developers could use a clean interface to set the HTTP method (GET, POST, PUT, DELETE), enter the URL, add headers and request body, then inspect the formatted response.

That core functionality remains, but Postman has evolved far beyond it. Today it is an API development environment that covers the full API lifecycle:

• Design — Define API schemas using OpenAPI, GraphQL, or gRPC definitions
• Develop — Build and debug API requests with real-time response inspection
• Test — Write automated test scripts that validate response status, body, and headers
• Mock — Create mock servers that simulate API behavior before the backend is built
• Document — Auto-generate interactive API documentation from collections
• Monitor — Schedule automated tests to run at regular intervals and alert on failures
• Collaborate — Share collections, environments, and workspaces with your team

graph LR
    D[Design] --> B[Develop]
    B --> T[Test]
    T --> M[Mock]
    M --> Doc[Document]
    Doc --> Mon[Monitor]
    Mon --> D

Getting Started: Your First API Request in Postman

The fastest way to understand Postman is to send a request:

1. Download and install Postman from postman.com
2. Open a new request tab and select GET as the method
3. Enter a URL — for example, https://jsonplaceholder.typicode.com/posts/1
4. Click Send
5. Inspect the response — you'll see the JSON body, status code (200 OK), response time, and headers

Response from JSONPlaceholder API:

Example response from the JSONPlaceholder API:

{
  "userId": 1,
  "id": 1,
  "title": "sunt aut facere repellat provident occaecati",
  "body": "quia et suscipit\nsuscipit recusandae..."
}

Hardcoding values like URLs or API keys is inefficient and risky. Postman solves this with variables. You can define a variable like {{baseUrl}} and use it in all your requests.

Postman Collections: Organizing API Requests

A Postman Collection is a group of saved API requests organized into folders. Think of it as an executable project folder for your API.

A typical collection for a user management API might contain:

Collections are more than just organization. They are executable documentation:

• Run sequentially — Execute all requests in order using the Collection Runner
• Share with your team — Export as JSON or share via Postman workspaces
• Generate documentation — Postman auto-generates interactive docs from collection descriptions and examples
• Import into CI/CD — Use Newman (Postman's CLI companion) to run collections in pipelines

Pre-request Scripts and Test Scripts

Every request in Postman has two script hooks:

• Pre-request Script — Runs before the request is sent. Use it to generate timestamps, compute signatures, or set dynamic variables.
• Test Script — Runs after the response is received. Use it to validate the response and extract values for subsequent requests.

// Pre-request Script: Generate a timestamp
pm.environment.set("timestamp", new Date().toISOString());

// Test Script: Validate response and extract token
pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

pm.test("Response contains access token", function () {
    const json = pm.response.json();
    pm.expect(json.access_token).to.be.a("string");
    // Save token for subsequent requests
    pm.environment.set("auth_token", json.access_token);
});

This chaining — where one request's response feeds into the next request's parameters — is what makes collections powerful. You can build complete end-to-end API test suites that run with a single click.

Environments and Variables: Managing Multiple Deployments

Hardcoding URLs and API keys into requests is fragile and insecure. Postman solves this with environments and variables.

An environment is a set of key-value pairs. You create separate environments for each deployment target:

In your requests, you reference variables using double curly braces: {{baseUrl}}/users/{{userId}}. Switching the active environment instantly changes where all requests are sent — no manual edits required.

Variable scopes in Postman (from narrowest to broadest):

1. Local — Set during script execution, not persisted
2. Environment — Tied to a specific environment
3. Collection — Shared across all requests in a collection
4. Global — Available across all collections and environments

Automated API Testing with Postman

Postman's testing capabilities go beyond manual request-response inspection. You can build comprehensive automated test suites.

Writing Tests

The pm library provides assertion methods for validating every aspect of a response:

// Status code validation
pm.test("Successful response", function () {
    pm.response.to.have.status(200);
});

// Response time check
pm.test("Response time under 500ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

// JSON schema validation
pm.test("Response matches schema", function () {
    const schema = {
        type: "object",
        required: ["id", "name", "email"],
        properties: {
            id: { type: "number" },
            name: { type: "string" },
            email: { type: "string", format: "email" }
        }
    };
    pm.response.to.have.jsonSchema(schema);
});

// Header validation
pm.test("Content-Type is JSON", function () {
    pm.response.to.have.header("Content-Type", "application/json; charset=utf-8");
});

These tests are saved with the request in your collection. You can then use the Collection Runner to execute the entire collection automatically and get a detailed report of which tests passed or failed, making it perfect for regression testing and CI/CD pipelines. Postman can also import OpenAPI specifications to auto-generate collections, ensuring tests stay in sync with your API contract.

• Iterations — Run the collection multiple times
• Delay — Add a delay between requests
• Data files — Feed CSV or JSON data files to parameterize requests across iterations

Newman: CLI for CI/CD Integration

Newman is Postman's command-line collection runner. It lets you run Postman collections in CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI):

# Install Newman
npm install -g newman

# Run a collection with an environment
newman run my-collection.json \
  -e staging-environment.json \
  --reporters cli,junit \
  --reporter-junit-export results.xml

This turns your Postman collections into automated regression tests that run on every code push.

Mock Servers: Unblock Frontend Development

A common bottleneck: the frontend team needs an API that the backend team hasn't built yet. Postman's Mock Servers solve this.

How it works:

1. Define examples — For each request in your collection, add example responses (the expected JSON output)
2. Create a mock server — Postman generates a URL (e.g., https://abc123.mock.pstmn.io)
3. Frontend builds against the mock — The mock returns your predefined examples for matching requests
4. Replace with real API — When the backend is ready, switch the baseUrl environment variable to the real server

The mock server matches incoming requests by method, URL path, and query parameters, then returns the corresponding example response. This enables truly parallel development — frontend and backend teams can work simultaneously as long as they agree on the API contract.

Postman and API Gateways: The Complete Workflow

Postman excels at building and testing API behavior. An API gateway excels at securing and managing API traffic in production. Together, they cover the complete API lifecycle.

graph TD
    subgraph Development
        Dev[Developer] --> PM[Postman]
        PM --> |Design & Test| API[API Endpoints]
    end

    subgraph Production
        Client[API Consumers] --> GW[API Gateway<br>Apache APISIX]
        GW --> |Auth, Rate Limit,<br>Logging| Backend[Backend Services]
    end

    PM -.-> |Validate Gateway<br>Policies| GW

Here is how they work together in practice:

Testing API Gateway Policies with Postman

After configuring routes and plugins in Apache APISIX or API7 Enterprise, use Postman to verify each policy works correctly:

Example: Validating a Rate Limit

Suppose you've configured a rate limit of 3 requests per 10 seconds on /api/products:

1. Request 1: GET /api/products → 200 OK (passes through gateway)
2. Request 2: GET /api/products → 200 OK (passes through gateway)
3. Request 3: GET /api/products → 200 OK (passes through gateway)
4. Request 4: GET /api/products → 429 Too Many Requests (gateway blocks it)

You can automate this validation with a Postman test:

// Run this in a loop to verify rate limiting
if (pm.info.iteration < 3) {
    pm.test("Request should succeed", function () {
        pm.response.to.have.status(200);
    });
} else {
    pm.test("Request should be rate-limited", function () {
        pm.response.to.have.status(429);
    });
}

Example: Validating Authentication

Test that your gateway rejects requests without valid credentials:

// Without API key — expect 401
pm.test("Unauthenticated request is rejected", function () {
    pm.response.to.have.status(401);
});

// With valid API key — expect 200
pm.test("Authenticated request succeeds", function () {
    pm.response.to.have.status(200);
});

This workflow — configure gateway policies, then validate with Postman — ensures your API security and traffic management are production-ready before deployment.

Postman vs Other API Testing Tools

Postman's advantage is the combination of GUI, testing, mocking, and collaboration in one platform. For quick one-off requests, curl remains simpler. For teams that prefer code-over-GUI, tools like REST Client (VS Code extension) or Hoppscotch offer lightweight alternatives.

1. Organize collections by API domain — Group related endpoints (Users, Products, Orders) into separate collections or folders.
2. Use environments for every deployment — Never hardcode URLs or credentials. Create Local, Staging, and Production environments.
3. Write tests for every request — At minimum, validate the status code and response schema. This catches regressions early.
4. Use collection-level auth — Set authentication at the collection level and inherit it in child requests instead of configuring auth on every request.
5. Version your collections — Use Postman's built-in versioning or export collections to Git alongside your code.
6. Integrate Newman into CI/CD — Run your test collections automatically on every pull request.
7. Document as you build — Add descriptions to collections, folders, and individual requests. Postman generates beautiful API docs from these descriptions.
8. Use pre-request scripts for dynamic data — Generate timestamps, random IDs, or computed signatures in pre-request scripts rather than hardcoding them.

FAQ

What is Postman used for?

Postman is used for designing, testing, documenting, and monitoring APIs. Developers use it to send HTTP requests (GET, POST, PUT, DELETE) to API endpoints, inspect responses, write automated test scripts, create mock servers, and generate API documentation. It supports REST, GraphQL, gRPC, WebSocket, and SOAP APIs.

Is Postman free?

Yes, Postman offers a free tier that includes unlimited requests, collections, environments, and basic collaboration for up to 3 team members. Paid plans (Basic, Professional, Enterprise) add features like advanced team collaboration, custom domains for mock servers, increased API call limits, and admin controls.

What is the difference between Postman and curl?

Both send HTTP requests, but they serve different purposes. curl is a command-line tool — lightweight, scriptable, and available on every Unix system. Postman provides a graphical interface, saved collections, environments, automated testing, mock servers, and team collaboration. Use curl for quick one-off requests or shell scripts; use Postman for organized API development workflows.

Can Postman test API gateways?

Yes. After configuring policies on an API gateway (authentication, rate limiting, request transformation), you use Postman to send requests through the gateway and verify that each policy behaves correctly. For example, you can validate that unauthenticated requests return 401, rate-limited requests return 429, and transformed responses match the expected schema.

But building a great API is only half the battle. As you use Postman to perfect its functionality, remember that an API gateway provides the essential layer of security, reliability, and observability needed for production. Postman validates the contract of the API, while a gateway enforces the policies of its usage.

What is a Postman Collection?

A Postman Collection is a group of saved API requests organized into folders. Collections serve as executable API documentation — you can run all requests sequentially, share them with teammates, generate docs, and export them for CI/CD automation. Each request in a collection can include pre-request scripts, test scripts, and example responses.

Continue building your API development skills with these related guides:

• OpenAPI Specification — Define your API contract in the industry-standard format that Postman imports natively for auto-generated collections.
• HTTP Methods in APIs — Master GET, POST, PUT, DELETE, PATCH, and other methods you'll use in every Postman request.
• RESTful API Best Practices — Design the clean, consistent REST APIs that Postman was built to test.
• What Is an API Key? — Learn how API key authentication works — the most common auth method you'll configure in Postman's Authorization tab.
• What Is an API Gateway? — Understand the gateway layer that sits between Postman and your backend in production environments.
• API Gateway Comparison — Compare API gateways to find the best production complement to your Postman testing workflow.

Eager to deepen your knowledge about API gateways? Follow our LinkedIn for valuable insights delivered straight to your inbox!

• HTTP Methods in APIs: GET, POST, PUT, DELETE Explained
• RESTful API Best Practices
• OpenAPI Specification: The Standard for API Documentation
• What Does API Mean? A Complete Guide
• What Is an API Key? Authentication Explained
• API Lifecycle Management
• What Is an API Gateway?