Preface – This post is part of the SAP ABAP OData Tutorial series.

Introduction

Postman is an API development tool that helps developers to create, test, share and document the APIs. It has various HTTP requests like GET, POST, PUT, PATCH and the ability to save the environment.

In this article, we will learn how to set up the POSTMAN and then we will test OData CRUD operations using POSTMAN.

Installing POSTMAN

To install POSTMAN on your device you can use the link go.postman.co/home and download the latest version for your platform.

For more details on installing and updating POSTMAN, you can refer to the link https://learning.postman.com/docs/getting-started/installation-and-updates/

Components of POSTMAN

Postman UI is made up of various components.

• Left sidebar provides the navigation to Collections, APIs, Environments, Mock Servers, Monitors and History.
• Header provides the access to Workspace, Reports, and Search option.
• Center area is where we work with requests.
• Right sidebar provides the link to Comments, Request Info’s, Code and Documentations.

Variables

We will use the variables to store our data which will be reused multiple times.

You can create variables by clicking ENVIRONMENT in the left panel and selecting GLOBAL.

Here you create variables and provide initial and current value. In case you need to change the value of the variable you only need to update the CURRENT VALUE field. This is the field from where the data is picked up.

Scope of variables:

• Global scope: Enable you to use data between the Collection, requests, test scripts and environment.
• Collection: Enable you to use data in different requests under the same collection.
• Environment: Enables to tailor the processing to different environments.
• Data: Comes from external files like CSV, JSON.
• Local: The scope is temporary and can only be used in the defined requests.

Create variable

1. Select data and click on Set as Variable.
   
2. Select Set as new Variable.
   
3. Provide name, value and scope.
   

Format to use variables in request: {{variable_name}}

Example:  .

HTTP requests

There are various HTTP methods available that are used to make a request to APIs. Some of the frequently used HTTP methods are:

• GET: Used to retrieve data from APIs (Read scenario)
• POST: Used to send new data to API (Create scenario)
• PUT or PATCH: Used to update existing data (Update scenario). PUT request modifies the entire resource in the database whereas PATCH request modifies only the supplied resource. So, while using PUT we need to send the entire data in request URI and by using PATCH we need to send only the updatable field.
• DELETE: Used to remove existing record (Delete scenario)

It supports various addition methods. Refer to the below snip.

Creating requests

You can create a request by clicking on the NEW tab and selecting HTTP Request. Also, you can create a request by clicking + button.

After selecting HTTP Request, a screen will open. Provide relevant name, description to your HTTP request.

Specify the relevant details for your requests (like HTTP method, URL, parameters, body data).

Click on SEND button to save your call. You can create a collection to save all your related requests under one folder.

Collection

A collection is a folder that groups the number of API requests. There can be n number of collections in Postman. Generally, an API request belonging to the same business object is saved under  the same Collection. You can even share your API requests with your team via collection.

Authentication

Authentication is verifying the client’s identity who is accessing the request whereas authorization is verifying the client’s action of permission. Some APIs require authorization details act.

To provide authorization details, click on the Authorization tab and select auth Type. Provide the relevant details and SAVE.

There are various auth types, for more details check out Authorizing requests.

Instead of adding an authorization in each request individually, you can add your authorization details directly to your Collection.

Steps:

1. Select TYPE as Inherit auth from parent.
   
2. Click Collection and add authorization details there.
   

Sending requests

GET request

Steps to follow:

1. Click on the NEW button and select HTTP request
   
   

2. Select HTTP request GET and enter OData service URL in URL field
   

3. Click on the Send button
   

At the bottom, you can see the output and status code.

Fetch x-csrf-token

An x-csrf-token is used to prevent cross-site request forgery attacks. While making a call for Create/Update/Delete we must need to send x-csrf-token value via Header.

Steps to fetch the x-csrf-token value.

1. Create a GET
2. Add in HEADERS: key = x-csrf-token and value = fetch.
   
3. Execute the request by clicking on SEND
4. Below you will get the result. In the Header section of the result you can find fetched x-csrf-token value. Get that value and paste it in HEADERS section of CUD requests.

POST request

1. Select HTTP request POST and enter OData service URL for create in URL field. (Do not provide the key field and its value in URI)
   
2. Provide x-csrf-token parameter in HEADERS (To fetch x-csrf-token refer How to fetch x-csrf-token?).
   
3. Provide the data to be created in the BODY tab and select the relevant data type. Here, we have selected raw.
   
4. Save and click on Send to execute the request.

PUT/PATCH request

To know which request URI to use please read HTTP requests.

1. Select HTTP request PUT/PATCH and enter OData service URL for create in URL field. ( Add key field and its value which is to be updated)
   
2. Provide x-csrf-token parameter in HEADERS (To fetch x-csrf-token refer How to fetch x-csrf-token?).
   
3. Provide the data to be created in the BODY tab and select the relevant data type. Here, we have selected raw.
   
4. Save and click on Send to execute the request.

DELETE request

1. Select HTTP request DELETE and enter OData service URL for create in URL field. ( Add key field and its value which is to be deleted)
   
2. Provide x-csrf-token parameter in HEADERS (To fetch x-csrf-token refer How to fetch x-csrf-token?).
   
3. For DELETE requests we don’t have to provide any input in BODY.
   
4. Save and click on Send to execute the request.

Sharing API requests

To share your API requests with your team or other people follow the below steps.

1. Save your requests in Collection.
2. Click on Collection that you want to share.
3. Click on the Share button
   
4. There are three ways you can share.
   

Best practices

1. If a parameter or value is used at multiple places. Always try to create its variable in the Environment section and use the variable in your requests.
   Example: If api.getpostman.com is used in all your requests URL.
   
   Create a variable with value api.getpostman.com and use the variable everywhere.
   The positive aspect is in case your domain is changed, you only need to change the value in one place and all your requests will adapt it.
   
   

2. If you are adding Authorization, never provide your password directly in your Request or Collection level.

The mishappening is, if you provide your password directly at a collection level or in request and you share the collection with your team or other people, the password will also get shared with them. So, everyone with that collection will get to know your password.

The best approach is to create a variable for your password in the environment section and use that variable in the password field. This way only the variable name will be shared and your password will be safe.

3. Instead of fetching x-csrf-token value and adding it to request every time manually, you can create a variable for x-csrf-token in the environment and add a script code to automatically update the x-csrf-token value in the environment.