Latest Posts

Using Fiddler/Postman to test APIs

Posted on by Rishan Solutions

Loading

When working with APIs, testing is a crucial aspect of ensuring that your endpoints are functioning as expected. Two popular tools for testing and debugging APIs are Fiddler and Postman. Both tools provide powerful capabilities to monitor, analyze, and test APIs, and in this guide, we will walk through how to effectively use them for API testing.

1. Fiddler: API Monitoring and Debugging Tool

Fiddler is a free web debugging proxy tool that captures HTTP and HTTPS traffic between your computer and the internet. It’s particularly useful for monitoring API requests and responses, debugging issues, and performing traffic analysis. Fiddler can be used to inspect requests sent to an API, view headers, and analyze the content of the responses.

Step 1: Install Fiddler

  • Download and install Fiddler from the official website.
  • After installation, launch Fiddler. By default, it starts capturing traffic.

Step 2: Capture API Requests with Fiddler

  • Make sure Fiddler is running.
  • To test an API, perform the API call through a browser, mobile app, or any client that makes an HTTP request. Fiddler will capture these requests automatically.
  • In Fiddler’s Web Sessions panel, you will see all HTTP and HTTPS requests, including the API calls.

Step 3: Analyze Requests and Responses

  • Click on any request to see details.
  • Inspect Request: Under the Request tab, you can view the URL, HTTP method (GET, POST, PUT, DELETE), headers, and body (if applicable).
  • Inspect Response: Under the Response tab, you can see the status code, headers, and body of the response.

Step 4: Modify Requests for Testing

  • You can modify the API request before sending it to the server:
    • Right-click on the request and choose Replay or Edit to modify headers or body parameters.
    • This allows you to simulate various API request scenarios, such as testing different HTTP methods, changing parameters, or modifying headers for authentication.

Step 5: Filter API Traffic

  • Fiddler can capture traffic from any application, which may lead to clutter. To focus on specific API requests:
    • Use Filters to capture traffic from a specific application (like a browser or mobile app) or based on request URL patterns.
    • You can use AutoResponder to simulate specific responses for particular API endpoints, which is useful for testing how your application behaves with certain responses.

Step 6: Troubleshoot and Debug

  • If there are issues with an API request, such as incorrect parameters or server errors, Fiddler can help:
    • Check Status Codes: The Response tab will show you the status code (e.g., 200 for success, 400 for bad request, 500 for server error).
    • Inspect Headers and Content: Compare the request and response headers to ensure that they match what the API documentation specifies.

Step 7: Export Session Data

  • Fiddler allows you to export captured traffic. If you need to share request/response data for further analysis:
    • Right-click the session and select Save or Export Sessions to save the traffic logs in various formats (e.g., .saz for Fiddler, .har for HTTP Archive format).

2. Postman: API Testing and Automation Tool

Postman is a popular tool for API testing that provides a user-friendly interface for making API requests and analyzing responses. It’s more focused on testing and automating APIs, offering advanced features such as environment variables, collections, and automated tests.

Step 1: Install Postman

  • Download and install Postman from the official website.
  • Once installed, open Postman and start testing APIs right away.

Step 2: Create and Send API Requests

  • Create a Request: In the Postman app, click on the + tab to open a new request window.
  • Set Method and URL: Choose the HTTP method (GET, POST, PUT, DELETE) and enter the API endpoint URL.
    • For example, to test a GET request for a public API, enter the URL of the endpoint (e.g., https://api.example.com/users).
  • Add Headers and Body: Depending on the API, you may need to add headers (e.g., authorization tokens, content type) or body parameters (especially for POST, PUT requests).
    • To add headers, go to the Headers tab and enter the necessary fields.
    • For POST/PUT requests, you can enter the body parameters under the Body tab using raw JSON or other formats.

Step 3: Send the Request

  • Click Send to execute the API request.
  • Postman will display the response status, headers, and body. You can inspect the data returned by the API.
    • The Response tab will show you the status code, response time, and size of the response.
    • The body content can be viewed in JSON, XML, or HTML format, depending on the response type.

Step 4: Analyze the Response

  • Status Code: Check the status code in the response to verify if the request was successful (200 OK) or failed (e.g., 404 Not Found, 500 Internal Server Error).
  • Response Headers: Review the response headers to check for authentication tokens, content type, and caching information.
  • Response Body: Examine the response body, which often contains the actual data returned by the API. If the API response is in JSON format, Postman will display it in a readable format.

Step 5: Automate API Tests

Postman allows you to automate API testing by writing tests in JavaScript. These tests can verify that the API responses meet specific expectations.

  • Write Tests: Under the Tests tab, you can write JavaScript to validate various conditions.
    • Example test to check if the status code is 200:
      pm.test("Status code is 200", function () { pm.response.to.have.status(200); });
  • Run Tests Automatically: Postman’s Collection Runner can execute a collection of requests with automated tests, making it perfect for regression testing and continuous integration workflows.

Step 6: Save and Share Collections

  • Collections: Organize your API requests into collections, making it easy to reuse and share test cases with teammates.
  • Environment Variables: Postman allows you to use environment variables (e.g., base URLs, authentication tokens) that can be easily swapped depending on your environment (development, staging, production).
    • Example: Define a variable {{base_url}} and use it in requests like {{base_url}}/users.

Step 7: Monitor and Debug

  • Console Logs: Postman has a built-in console where you can view detailed logs, such as the request URL, headers, and response details.
    • Open the console by selecting View > Show Postman Console.
    • This is especially helpful when debugging issues with headers, body data, or parameters.

Comparing Fiddler and Postman

  • Fiddler:
    • Mainly used for monitoring and debugging API traffic.
    • Provides deep traffic analysis and debugging capabilities for HTTP/HTTPS requests.
    • Allows modifying requests before they are sent to the server.
    • Can be used to inspect traffic from any application on your computer.
  • Postman:
    • Mainly focused on API testing and automation.
    • Provides a rich interface for managing and executing API requests and analyzing responses.
    • Supports writing test scripts and automating API tests.
    • Excellent for organizing tests, running collections, and sharing API requests.

Leave a Reply

Your email address will not be published. Required fields are marked *