Postman is an API(application programming interface) development tool which helps to build, test and modify APIs. It is used by over 5 million developers every month to make their API development easy and simple. It has the ability to make various types of HTTP requests(GET, POST, PUT, PATCH), saving environments for later use, converting the API to code for various languages(like JavaScript, Python).
Below is the Postman Workspace. Let’s explore the step by step process on How to use Postman and different features of the Postman tool!
- New – This is where you will create a new request, collection or environment.
- Import – This is used to import a collection or environment. There are options such as import from file, folder, link or paste raw text.
- Runner – Automation tests can be executed through the Collection Runner. This will be discussed further in the next lesson.
- Open New – Open a new tab, Postman Window or Runner Window by clicking this button.
- My Workspace – You can create a new workspace individually or as a team.
- Invite – Collaborate on a workspace by inviting team members.
- History – Past requests that you have sent will be displayed in History. This makes it easy to track actions that you have done.
- Collections – Organize your test suite by creating collections. Each collection may have subfolders and multiple requests. A request or folder can also be duplicated as well.
- Request tab – This displays the title of the request you are working on. By default, “Untitled Request” would be displayed for requests without titles.
- HTTP Request – Clicking this would display a dropdown list of different requests such as GET, POST, COPY, DELETE, etc. In Postman API testing, the most commonly used requests are GET and POST.
- Request URL – Also known as an endpoint, this is where you will identify the link to where the API will communicate with.
- Save – If there are changes to a request, clicking save is a must so that new changes will not be lost or overwritten.
- Params – This is where you will write parameters needed for a request such as key values.
- Authorization – In order to access APIs, proper authorization is needed. It may be in the form of a username and password, bearer token, etc.
- Headers – You can set headers such as content type JSON depending on the needs of the organization.
- Body – This is where one can customize details in a request commonly used in POST request.
- Pre-request Script – These are scripts that will be executed before the request. Usually, pre-request scripts for the setting environment are used to ensure that tests will be run in the correct environment.
- Tests – These are scripts executed during the request. It is important to have tests as it sets up checkpoints to verify if response status is ok, retrieved data is as expected and other tests.
Working with GET Requests Get requests are used to retrieve information from the given URL. There will be no changes done to the endpoint.
We will use the following URL for all examples in this Postman tutorial
HTTP defines these standard status codes that can be used to convey the results of a client’s request. The status codes are divided into five categories.
1xx: Informational
– Communicates transfer protocol-level information.
2xx: Success
– Indicates that the client’s request was accepted successfully.
3xx: Redirection
– Indicates that the client must take some additional action in order to complete their request.
4xx: Client Error
– This category of error status codes points the finger at clients.
5xx: Server Error
– The server takes responsibility for these error status codes.
Status Code | Description |
100 Continue | An interim response. Indicates to the client that the initial part of the request has been received and has not yet been rejected by the server. The client SHOULD continue by sending the remainder of the request or, if the request has already been completed, ignore this response. The server MUST send a final response after the request has been completed. |
101 Switching Protocol | Sent in response to an Upgrade request header from the client, and indicates the protocol the server is switching to. |
102 Processing (WebDAV) | Indicates that the server has received and is processing the request, but no response is available yet. |
103 Early Hints | Primarily intended to be used with the Link header. It suggests the user agent start preloading the resources while the server prepares a final response. |
Status Code | Description |
200 OK | Indicates that the request has succeeded. |
201 Created | Indicates that the request has succeeded and a new resource has been created as a result. |
202 Accepted | Indicates that the request has been received but not completed yet. It is typically used in log running requests and batch processing. |
203 Non-Authoritative Information | Indicates that the returned metainformation in the entity-header is not the definitive set as available from the origin server, but is gathered from a local or a third-party copy. The set presented MAY be a subset or superset of the original version. |
204 No Content | The server has fulfilled the request but does not need to return a response body. The server may return the updated meta information. |
205 Reset Content | Indicates the client to reset the document which sent this request. |
206 Partial Content | It is used when the Range header is sent from the client to request only part of a resource. |
207 Multi-Status (WebDAV) | An indicator to a client that multiple operations happened, and that the status for each operation can be found in the body of the response. |
208 Already Reported (WebDAV) | Allows a client to tell the server that the same resource (with the same binding) was mentioned earlier. It never appears as a true HTTP response code in the status line, and only appears in bodies. |
226 IM Used | The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance. |
3xx: Redirection – Indicates that the client must take some additional action in order to complete their request.
Status Code | Description |
300 Multiple Choices | The request has more than one possible response. The user-agent or user should choose one of them. |
301 Moved Permanently | The URL of the requested resource has been changed permanently. The new URL is given by the Location header field in the response. This response is cacheable unless indicated otherwise. |
302 Found | The URL of the requested resource has been changed temporarily. The new URL is given by the Location field in the response. This response is only cacheable if indicated by a Cache-Control or Expires header field. |
303 See Other | The response can be found under a different URI and SHOULD be retrieved using a GET method on that resource. |
304 Not Modified | Indicates the client that the response has not been modified, so the client can continue to use the same cached version of the response. |
305 Use Proxy (Deprecated) | Indicates that a requested response must be accessed by a proxy. |
306 (Unused) | It is a reserved status code and is not used anymore. |
307 Temporary Redirect | Indicates the client to get the requested resource at another URI with same method that was used in the prior request. It is similar to 302 Found with one exception that the same HTTP method will be used that was used in the prior request. |
308 Permanent Redirect (experimental) | Indicates that the resource is now permanently located at another URI, specified by the Location header. It is similar to 301 Moved Permanently with one exception that the same HTTP method will be used that was used in the prior request. |
Status Code | Description |
400 Bad Request | The request could not be understood by the server due to incorrect syntax. The client SHOULD NOT repeat the request without modifications. |
401 Unauthorized | Indicates that the request requires user authentication information. The client MAY repeat the request with a suitable Authorization header field |
402 Payment Required (Experimental) | Reserved for future use. It is aimed for using in the digital payment systems. |
403 Forbidden | Unauthorized request. The client does not have access rights to the content. Unlike 401, the client’s identity is known to the server. |
404 Not Found | The server can not find the requested resource. |
405 Method Not Allowed | The request HTTP method is known by the server but has been disabled and cannot be used for that resource. |
406 Not Acceptable | The server doesn’t find any content that conforms to the criteria given by the user agent in the Accept header sent in the request. |
407 Proxy Authentication Required | Indicates that the client must first authenticate itself with the proxy. |
408 Request Timeout | Indicates that the server did not receive a complete request from the client within the server’s allotted timeout period. |
409 Conflict | The request could not be completed due to a conflict with the current state of the resource. |
410 Gone | The requested resource is no longer available at the server. |
411 Length Required | The server refuses to accept the request without a defined Content- Length. The client MAY repeat the request if it adds a valid Content-Length header field. |
412 Precondition Failed | The client has indicated preconditions in its headers which the server does not meet. |
413 Request Entity Too Large | Request entity is larger than limits defined by server. |
414 Request-URI Too Long | The URI requested by the client is longer than the server can interpret. |
415 Unsupported Media Type | The media-type in Content-type of the request is not supported by the server. |
416 Requested Range Not Satisfiable | The range specified by the Range header field in the request can’t be fulfilled. |
417 Expectation Failed | The expectation indicated by the Expect request header field can’t be met by the server. |
418 I’m a teapot (RFC 2324) | It was defined as April’s lool joke and is not expected to be implemented by actual HTTP servers. (RFC 2324) |
420 Enhance Your Calm (Twitter) | Returned by the Twitter Search and Trends API when the client is being rate limited. |
422 Unprocessable Entity (WebDAV) | The server understands the content type and syntax of the request entity, but still server is unable to process the request for some reason. |
423 Locked (WebDAV) | The resource that is being accessed is locked. |
424 Failed Dependency (WebDAV) | The request failed due to failure of a previous request. |
425 Too Early (WebDAV) | Indicates that the server is unwilling to risk processing a request that might be replayed. |
426 Upgrade Required | The server refuses to perform the request. The server will process the request after the client upgrades to a different protocol. |
428 Precondition Required | The origin server requires the request to be conditional. |
429 Too Many Requests | The user has sent too many requests in a given amount of time (“rate limiting”). |
431 Request Header Fields Too Large | The server is unwilling to process the request because its header fields are too large. |
444 No Response (Nginx) | The Nginx server returns no information to the client and closes the connection. |
449 Retry With (Microsoft) | The request should be retried after performing the appropriate action. |
450 Blocked by Windows Parental Controls (Microsoft) | Windows Parental Controls are turned on and are blocking access to the given webpage. |
451 Unavailable For Legal Reasons | The user-agent requested a resource that cannot legally be provided. |
499 Client Closed Request (Nginx) | The connection is closed by the client while HTTP server is processing its request, making the server unable to send the HTTP header back. |
Status Code | Description |
500 Internal Server Error | The server encountered an unexpected condition that prevented it from fulfilling the request. |
501 Not Implemented | The HTTP method is not supported by the server and cannot be handled. |
502 Bad Gateway | The server got an invalid response while working as a gateway to get the response needed to handle the request. |
503 Service Unavailable | The server is not ready to handle the request. |
504 Gateway Timeout | The server is acting as a gateway and cannot get a response in time for a request. |
505 HTTP Version Not Supported (Experimental) | The HTTP version used in the request is not supported by the server. |
506 Variant Also Negotiates (Experimental) | Indicates that the server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper endpoint in the negotiation process. |
507 Insufficient Storage (WebDAV) | The method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. |
508 Loop Detected (WebDAV) | The server detected an infinite loop while processing the request. |
510 Not Extended | Further extensions to the request are required for the server to fulfill it. |
511 Network Authentication Required | Indicates that the client needs to authenticate to gain network access. |
If you haven't yet, go ahead and install Python. (Your Python version should be 3.4.x or higher.)
Important (Windows users): Please make sure to add the Python path to Windows Path. Read more here Also, Windows installer now includes an option to add python.exe to the system search path. When you install Python, select the "Add Python 3.x to PATH" option. If selected, the install directory will be added to your PATH.
Important (Mac/Linux users): Mac and Linux systems have Python 2.x installed already. When you type and run
on the terminal, it will run the Python2 interpreter. To launch Python 3, runpython3
and to run thepython3
installer runpip3
. -
Open a terminal or command line window. Run the following commands to install
:pip install flask pip install flask-wtf pip install flask-sqlalchemy
A protocol is a set of rules and guidelines for communicating data. Rules are defined for each step in the process during communication between two or more computers. Networks have to follow these rules to successfully transmit data.
from flask import Flask
app = Flask(__name__)
def index():
return "<h1>Hello!</h1>"
def course():
return '<h1>Hello class!</h1>'
def mycourse(name):
return '<h1>Hello, {0} class!</h1>'.format(name)
def appname():
return "<h1>Application name:--> {}</h1>".format(__name__)
if __name__ == '__main__':
import json
from flask import Flask
app = Flask(__name__)
def index():
return json.dumps({'name': 'alice',
'email': '[email protected]'})
jsonify is a function provided by Flask, a popular web framework for Python. It is used to convert Python objects into JSON (JavaScript Object Notation) format, which is a lightweight data interchange format commonly used in web APIs.
import json
from flask import Flask, jsonify
app = Flask(__name__)
def index():
return jsonify({'name': 'alice',
'email': '[email protected]'})
from flask import Flask, jsonify
app = Flask(__name__)
def get_data():
data = {
'name': 'John Doe',
'age': 25,
'city': 'New York'
return jsonify(data)
if __name__ == '__main__':
from flask import Flask, jsonify
app = Flask(__name__)
def calculate(n):
result = {"Value":n**n,
return jsonify(result)
def name(fname):
result = {"Name":fname}
return result
if __name__ == '__main__':
We know that there are six commonly used HTTP request methods, which are
The code that we just had had to deal with GET by default (the browser defaults to using GET), so how do you program the other requests?
Like this:
@app.route('/', methods=['POST'])
@app.route('/', methods=['DELETE'])
@app.route('/', methods=['PUT'])
from flask import Flask, jsonify
app = Flask(__name__)
users = [
{'id': 1, 'name': 'John Doe'},
{'id': 2, 'name': 'Jane Smith'}
@app.route('/api', methods=['GET'])
def get_users():
return jsonify(users)
if __name__ == '__main__':
from flask import Flask, jsonify
app = Flask(__name__)
@app.route('/api', methods=['GET','POST'])
def get_users():
return jsonify([
{'id': 1, 'name': 'John Doe'},
{'id': 2, 'name': 'Jane Smith'}
if __name__ == '__main__':
from flask import Flask, jsonify
app = Flask(__name__)
@app.route('/api', methods=['GET'])
def get_users():
users = []
users.append({'id': 1, 'name': 'John Doe'})
users.append({'id': 2, 'name': 'Jane Smith'})
return jsonify(users)
if __name__ == '__main__':
from flask import Flask, jsonify
app = Flask(__name__)
@app.route('/api', methods=['GET'])
def get_users():
users = []
users.append({'id': 1, 'name': 'John Doe'})
users.append({'id': 2, 'name': 'Jane Smith'})
users.append({'id': 3, 'name': 'Alice Johnson'})
return jsonify({'users': users})
if __name__ == '__main__':
from flask import Flask
app = Flask(__name__)
@app.route('/api/users', methods=['POST'])
def create_user():
return 'Creating a new user'
if __name__ == '__main__':
from flask import Flask
app = Flask(__name__)
@app.route('/api/users', methods=['POST'])
def create_user():
return jsonify({"message": "Creating a new user"})
if __name__ == '__main__':
from flask import Flask, request
app = Flask(__name__)
@app.route('/api/users', methods=['POST'])
def create_user():
data = request.json
name = data.get('name')
return f"Creating a new user: {name}"
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
users = []
# @app.route('/api/users', methods=['POST'])'/api/users')
def create_user():
data = request.json
name = data.get('name')
email = data.get('email')
new_user = {'name': name, 'email': email}
return jsonify(new_user), 202
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
users = []
@app.route('/api/users', methods=['POST'])
def create_user():
new_user = request.get_json()
return jsonify(new_user), 201
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
users = []
@app.route('/api/users', methods=['POST'])
def create_user():
new_user = request.get_json()
return jsonify(new_user), 201
@app.route('/api/users/all', methods=['GET'])
def get_all_users():
return jsonify(users)
if __name__ == '__main__':
from flask import Flask, request, render_template
app = Flask(__name__)
@app.route("/formlogin", methods=['GET', 'POST'])
def login():
if request.method == "POST":
uname = request.form['username']
password = request.form['user_password']
if uname == "admin" and password == "123":
return "Welcome " + uname
return "Try again"
return render_template('form.html')
if __name__ == '__main__':
from flask import Flask, request, render_template
app = Flask(__name__)
def login():
return render_template('form.html')
uname = request.form['uname']
password = request.form['password']
if uname == "admin" and password == "123":
return "Welcome " + uname
return "Try again"
if __name__ == '__main__':
from flask import Flask
app = Flask(__name__)
@app.route('/api/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
return f'Updating user with ID: {user_id}'
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
users = [
{"id": 1, "name": "John Doe"},
{"id": 2, "name": "Jane Smith"},
{"id": 3, "name": "Doe"},
{"id": 4, "name": "Smith"},
{"id": 5, "name": "John"},
{"id": 7, "name": "Jane"}
@app.route('/api/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
data = request.json
for user in users:
if user['id'] == user_id:
return jsonify(user)
return jsonify({'message': 'User not found'}), 404
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
users = [
{'id': 1, 'name': 'John Doe'},
{'id': 2, 'name': 'Jane Smith'}
@app.route('/api/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
data = request.get_json()
for user in users:
if user['id'] == user_id:
user['name'] = data['name']
return jsonify(user)
return jsonify({'message': 'User not found'}), 404
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
users = [
{'id': 1, 'name': 'John Doe'},
{'id': 2, 'name': 'Jane Smith'}
@app.route('/api/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
data = request.get_json()
for user in users:
if user['id'] == user_id:
return jsonify(user)
return jsonify({'message': 'User not found'}), 404
@app.route('/api/users/all', methods=['GET'])
def get_all_users():
return jsonify(users)
if __name__ == '__main__':
from flask import Flask, request, jsonify
app = Flask(__name__)
@app.route('/api/users/<id>', methods=['PUT'])
def update_user(id):
data = request.json
name = data['name']
email = data['email']
user = {'id': id, 'name': name, 'email': email}
return jsonify(user)
if __name__ == '__main__':
from flask import Flask
app = Flask(__name__)
@app.route('/api/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
return f'Deleting user with ID: {user_id}'
if __name__ == '__main__':
from flask import Flask, jsonify
app = Flask(__name__)
users = [
{"id": 1, "name": "John Doe"},
{"id": 2, "name": "Jane Smith"},
{"id": 3, "name": "Doe"},
{"id": 4, "name": "Smith"},
{"id": 5, "name": "John"},
{"id": 7, "name": "Jane"}
@app.route('/api/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
for user in users:
if user['id'] == user_id:
return jsonify({'message': 'User deleted'})
return jsonify({'message': 'User not found'}), 404
if __name__ == '__main__':
from flask import Flask, request, jsonify
import mysql.connector
from pprint import pprint
app = Flask(__name__)
db = mysql.connector.connect(
# Create a table in the database if it doesn't exist
def create_table():
cur = db.cursor()
cur.execute("CREATE TABLE IF NOT EXISTS temp_emp_3 (ID INT PRIMARY KEY AUTO_INCREMENT, Name VARCHAR(100), Email VARCHAR(100), Address VARCHAR(100))")
# API route to get all users
@app.route('/api/users', methods=['GET'])
def get_users():
cur = db.cursor()
cur.execute("SELECT * FROM temp_emp_3")
users = cur.fetchall()
user_list = []
for user in users:
user_dict = {
'id': user[0],
'name': user[1],
'address': user[3]
return jsonify(user_list)
# API route to create a new user
@app.route('/api/users/add', methods=['POST'])
def create_user():
name = request.json.get('name')
email = request.json.get('email')
addr = request.json.get("address")
cur = db.cursor()
cur.execute("INSERT INTO temp_emp_3 (Name,Email,Address) VALUES (%s,%s,%s)", (name,email,addr))
return jsonify({'message': 'User created successfully'})
# API route to update an existing user
@app.route('/api/users/update/<string:user_id>', methods=['PUT'])
def update_user(user_id):
name = request.json.get('name')
email = request.json.get('email')
addr = request.json.get('address')
cur = db.cursor()
cur.execute("UPDATE temp_emp_3 SET Name = %s, Email = %s, Address = %s WHERE ID = %s", (name, email,addr, user_id))
return jsonify({'message': 'User updated successfully'})
# API route to delete a user
@app.route('/api/users/delete/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
cur = db.cursor()
cur.execute("DELETE FROM temp_emp_3 WHERE id = %s" %(user_id))
return jsonify({'message': 'User deleted successfully'})
if __name__ == '__main__':
Paste this API script into and don't forgot to comment in last line of the script
from flask import Flask, request, jsonify
import mysql.connector
app = Flask(__name__)
# MySQL configurations
db = mysql.connector.connect(
# Create a table in the database if it doesn't exist
def create_table():
cur = db.cursor()
cur.execute("CREATE TABLE IF NOT EXISTS temp_emp_3 (ID INT PRIMARY KEY AUTO_INCREMENT, Name VARCHAR(100), Email VARCHAR(100), Address VARCHAR(100))")
# API route to get all users
@app.route('/api/users', methods=['GET'])
def get_users():
cur = db.cursor()
cur.execute("SELECT * FROM temp_emp_3")
users = cur.fetchall()
user_list = []
for user in users:
user_dict = {
'id': user[0],
'name': user[1],
'email': user[2],
'address': user[3]
return jsonify(user_list)
# API route to create a new user
@app.route('/api/users/add', methods=['POST'])
def create_user():
name = request.json.get('name')
email = request.json.get('email')
addr = request.json.get('address')
cur = db.cursor()
cur.execute("INSERT INTO temp_emp_3 (Name, Email, Address) VALUES (%s, %s, %s)", (name, email, addr))
return jsonify({'message': 'User created successfully'})
# API route to update an existing user
@app.route('/api/users/update/<string:user_id>', methods=['PUT'])
def update_user(user_id):
name = request.json.get('name')
email = request.json.get('email')
addr = request.json.get('address')
cur = db.cursor()
cur.execute("UPDATE temp_emp_3 SET Name = %s, Email = %s, Address = %s WHERE ID = %s", (name, email, addr, user_id))
return jsonify({'message': 'User updated successfully'})
# API route to delete a user
@app.route('/api/users/delete/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
cur = db.cursor()
cur.execute("DELETE FROM temp_emp_3 WHERE ID = %s", (user_id,))
return jsonify({'message': 'User deleted successfully'})
if __name__ == '__main__':