Free Interview Questions on Postman| Beginner to Expert

Previous Lesson

Interview Questions on Postman for Expert (Above 4 years of Experience)

Free Interview Questions on Postman| Beginner to Expert Interview Questions on Postman for Expert (Above 4 years of Experience)

Interview Questions and Answers on “API Testing and Automation”

Writing Test Scripts with JavaScript

Interviewer: How do you write test scripts in Postman?
Your Answer: Test scripts in Postman are written in JavaScript within the “Tests” tab of a request. They are used to validate the response data, check status codes, and perform other assertions. For example, to check if the response status is 200, you can write:

pm.test("Status is 200", function() {
    pm.response.to.have.status(200);
});

Interviewer: How do you use variables in Postman test scripts?
Your Answer: Variables can be used in test scripts by accessing them with pm.environment.get() for environment variables, pm.collectionVariables.get() for collection variables, and pm.globals.get() for global variables. For example, let token = pm.environment.get("authToken"); retrieves the auth token from the environment.

Interviewer: What is the role of the pm.response object in writing test scripts?
Your Answer: The pm.response object contains the response data from the API request, such as the status code, body, headers, and response time. It is used in test scripts to validate different aspects of the response, such as the status, body content, and response time.

Interviewer: Can you give an example of validating a JSON response using test scripts in Postman?
Your Answer: To validate a JSON response, you can use pm.response.json() to parse the response body into a JavaScript object. Then, you can check specific properties. For example:

pm.test("Check user ID", function() {
    var jsonData = pm.response.json();
    pm.expect(jsonData.user.id).to.eql(123);
});

Interviewer: How do you handle multiple assertions in a single test script in Postman?
Your Answer: Multiple assertions can be combined in a single test script by chaining pm.test() functions. Each assertion within a test checks different aspects of the response. For example:

pm.test("Response is valid", function() {
    pm.response.to.have.status(200);
    pm.response.to.have.header("Content-Type", "application/json");
    pm.expect(pm.response.json().user.id).to.eql(123);
});

Assertion Libraries in Postman

Interviewer: What are assertion libraries in Postman?
Your Answer: Postman comes with built-in assertion libraries that allow you to perform checks on response data. The commonly used libraries are Chai for assertions (e.g., pm.expect()), and Chai-as-promised for handling asynchronous code. These libraries allow you to assert conditions like status codes, headers, response times, and more.

Interviewer: Can you explain the difference between pm.expect() and pm.response.to.have.status() in Postman?
Your Answer: pm.expect() is part of the Chai assertion library and is used to make more complex assertions on response data, like checking values or properties. For example:

pm.expect(jsonData.user.name).to.eql('John');

pm.response.to.have.status() is a shorthand provided by Postman to assert specific HTTP response status codes. For example:

pm.response.to.have.status(200);

Interviewer: How do you check for specific headers in a Postman response?
Your Answer: You can check for specific headers using pm.response.to.have.header(). For example, to check if the “Content-Type” header is “application/json”, you can write:

pm.test("Content-Type is application/json", function() {
    pm.response.to.have.header("Content-Type", "application/json");
});

Interviewer: How do you validate the response time of an API request in Postman?
Your Answer: You can validate the response time using the pm.response.responseTime property. For example, to assert that the response time is less than 500 ms:

pm.test("Response time is less than 500ms", function() {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

Interviewer: Can you perform negative testing in Postman?
Your Answer: Yes, you can perform negative testing in Postman by validating error responses, invalid status codes, or unexpected behavior. For example, you can test that an invalid request returns a 400 status code and an appropriate error message:

pm.test("Bad Request returns 400", function() {
    pm.response.to.have.status(400);
    pm.expect(pm.response.json().error).to.eql('Invalid request');
});

Automating Test Suites with Newman

Interviewer: What is Newman, and how is it used in API testing?
Your Answer: Newman is the command-line companion tool for Postman that allows you to run Postman collections directly from the terminal. It is used for automating API tests in CI/CD pipelines. For example, you can run a collection with the following command:

newman run mycollection.json

Interviewer: How do you export and run a Postman collection using Newman?
Your Answer: To run a Postman collection with Newman, first export the collection from Postman as a JSON file. Then, use the newman run command in the terminal:

newman run path_to_collection_file.json

Interviewer: How can you generate reports with Newman?
Your Answer: Newman allows you to generate reports in different formats like HTML, JSON, or JUnit. You can specify the report format using the -r option. For example, to generate an HTML report:

newman run mycollection.json -r html

Interviewer: How can you pass environment variables to Newman when running a collection?
Your Answer: You can pass environment variables to Newman using the -e option followed by the path to the environment file. For example:

newman run mycollection.json -e myenvironment.json

Interviewer: How do you automate running tests in Newman as part of a CI/CD pipeline?
Your Answer: You can automate Newman runs in CI/CD pipelines like Jenkins or GitHub Actions by adding a step to the pipeline configuration. For example, in Jenkins, you would use a shell script step to run the Newman command, and in GitHub Actions, you would define a workflow step using a run command.

Integration with CI/CD Pipelines (Jenkins, GitHub Actions, etc.)

Interviewer: How do you integrate Postman with Jenkins?
Your Answer: Postman collections can be integrated with Jenkins by using Newman in a Jenkins pipeline. First, install Newman on the Jenkins server, then add a build step to run the newman run command in the pipeline script to execute the Postman collection.

Interviewer: How can you integrate Postman tests into GitHub Actions?
Your Answer: You can use the newman action in a GitHub Actions workflow to run Postman tests. For example, a simple workflow might look like this:

name: API Testing  
on:  
  push:  
    branches:  
      - main  
jobs:  
  test:  
    runs-on: ubuntu-latest  
    steps:  
      - name: Checkout repository  
        uses: actions/checkout@v2  
      - name: Install Node.js  
        uses: actions/setup-node@v2  
        with:  
          node-version: '14'  
      - name: Install Newman  
        run: npm install -g newman  
      - name: Run Postman tests  
        run: newman run mycollection.json

Interviewer: How do you configure a Postman test to run automatically on every commit?
Your Answer: By integrating Postman tests with a CI/CD pipeline like Jenkins, GitHub Actions, or GitLab CI, you can automatically trigger test execution whenever code is committed. You configure the pipeline to run newman run commands on every commit or pull request.

Interviewer: Can you use environment variables in CI/CD tools like Jenkins or GitHub Actions?
Your Answer: Yes, you can use environment variables in CI/CD tools like Jenkins and GitHub Actions by defining them in the pipeline configuration file or as environment variables in the CI tool. These can be passed to the Postman collection via Newman during the test run.

Performance and Load Testing

Interviewer: Can you perform load testing using Postman?
Your Answer: Postman is primarily a functional testing tool, but it can perform basic load testing by sending a series of requests in sequence using the Collection Runner. However, for more advanced load testing, you would typically use tools like Apache JMeter or Artillery.

Interviewer: How do you measure response times in Postman?
Your Answer: You can measure response times using pm.response.responseTime in Postman. This can be asserted to ensure that the response time meets the expected performance standards:

pm.test("Response time is under 500ms", function() {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

Interviewer: Can you integrate performance testing with Postman in a CI/CD pipeline?
Your Answer: While Postman itself is not designed for high-load performance testing, it can still be integrated with a CI/CD pipeline for basic performance checks,

such as ensuring that response times are within acceptable limits. For more advanced performance testing, other tools like JMeter or LoadRunner should be considered.

Interviewer: How do you handle performance and stress testing of an API using Postman?
Your Answer: For stress testing in Postman, you can use the Collection Runner to send a high number of requests, but for extensive load or stress testing, tools like JMeter or Locust are more appropriate. However, Postman can still provide insights into basic performance and response times during regular API testing.

Interviewer: How can you check the scalability of your API using Postman?
Your Answer: Postman can help monitor scalability by running tests with varying data sizes and response times in Collection Runner. However, for comprehensive scalability testing, it’s better to use specialized tools like JMeter or Gatling to simulate large-scale load scenarios.

Interview Questions and Answers on “Collaboration and API Documentation”

Sharing and Collaborating on Workspaces

Interviewer: How do you share a Postman workspace with others?
Your Answer: To share a Postman workspace, go to the workspace settings, click on “Manage Members,” and invite collaborators via their email addresses. You can set permissions like “Viewer,” “Editor,” or “Admin” to control access levels.

Interviewer: Can you explain the concept of Workspaces in Postman?
Your Answer: Workspaces in Postman are collaborative environments where users can organize and share collections, environments, and APIs. They allow teams to work together on API development and testing by providing a centralized space to manage API requests and workflows.

Interviewer: How do you handle permissions in Postman workspaces?
Your Answer: Permissions in Postman workspaces can be set at the user level. You can assign different roles such as “Viewer,” “Editor,” or “Admin” to members. “Viewers” can only view the workspace, “Editors” can modify collections and environments, and “Admins” have full control over workspace settings.

Interviewer: How do you collaborate on API testing with team members in Postman?
Your Answer: You can collaborate on API testing in Postman by sharing collections and environments in a workspace. Team members can contribute by editing requests, writing test scripts, or adding variables to the environment, and changes are synced across all team members in real time.

Interviewer: What are some advantages of using workspaces in Postman for team collaboration?
Your Answer: Workspaces enable seamless collaboration by allowing team members to access and edit shared collections, environments, and APIs in real time. It also helps in version control, managing test cases, and tracking changes, making the process more efficient and transparent.

Version Control for Collections

Interviewer: How does version control work in Postman?
Your Answer: Postman provides built-in version control for collections, enabling teams to track changes made to requests and APIs. Each update to a collection is automatically saved, and users can view previous versions, compare changes, or revert to earlier versions if needed.

Interviewer: How can you manage multiple versions of a collection in Postman?
Your Answer: In Postman, you can manage multiple versions of a collection by using the version history feature. Postman tracks every change made to a collection, allowing you to view, compare, and revert to previous versions of the collection as needed.

Interviewer: How do you create and manage branch versions for a Postman collection?
Your Answer: While Postman itself does not have native Git-like branching, you can create and manage different versions of a collection by duplicating the collection and saving it with different version names. This allows teams to maintain separate versions for development, testing, and production environments.

Interviewer: Can you integrate Postman with a version control system like Git?
Your Answer: Postman does not directly integrate with Git for version control; however, you can export collections and push them to a Git repository manually. Alternatively, you can use tools like Newman in a CI/CD pipeline for version-controlled testing.

Interviewer: What are some best practices for using version control in Postman?
Your Answer: Best practices include using descriptive names for collection versions, keeping track of changes through Postman’s version history, and regularly exporting collections to backup and share with team members. Additionally, it’s a good practice to keep your collections organized into folders based on their purpose.

Generating API Documentation Automatically

Interviewer: How do you generate API documentation in Postman?
Your Answer: You can generate API documentation in Postman by clicking on the “Documentation” button in a collection’s options. Postman will automatically generate a detailed, user-friendly API documentation, including request methods, headers, parameters, and response examples.

Interviewer: Can you customize the automatically generated API documentation in Postman?
Your Answer: Yes, you can customize the generated API documentation by editing the descriptions of requests, adding examples, and annotating the responses. You can also include markdown for better readability and formatting.

Interviewer: How do you publish and share API documentation generated by Postman?
Your Answer: After generating API documentation in Postman, you can publish it to a public or private URL. You can then share the link with your team or external stakeholders for easy access to the API documentation.

Interviewer: What are the benefits of having automatically generated API documentation in Postman?
Your Answer: Automatically generated API documentation in Postman ensures that documentation is always up-to-date with the latest version of the API. It also reduces the effort of manual documentation, improves collaboration by providing a centralized reference, and ensures consistency in API descriptions and examples.

Interviewer: How do you include request and response examples in Postman’s API documentation?
Your Answer: In Postman, you can add examples to requests and responses by selecting the “Examples” tab in the request editor. These examples will be included in the automatically generated documentation, helping users understand how the API works with sample data.

Importing and Exporting API Specifications (Swagger, OpenAPI)

Interviewer: How can you import an OpenAPI (Swagger) specification into Postman?
Your Answer: To import an OpenAPI specification into Postman, go to the “Import” tab in Postman, select “Link” or “File,” and then upload the Swagger or OpenAPI JSON or YAML file. Postman will automatically convert it into a collection for you to use.

Interviewer: Can you export an OpenAPI specification from Postman?
Your Answer: Yes, Postman allows you to export collections in Swagger (OpenAPI) format. To do this, click on the collection, go to “Export,” and choose the “Swagger 2.0” or “OpenAPI 3.0” format for export. This generates a specification file that can be used outside of Postman.

Interviewer: What is the advantage of importing Swagger or OpenAPI definitions into Postman?
Your Answer: Importing Swagger or OpenAPI definitions into Postman allows you to quickly generate collections from the API specification. It ensures that your API tests and requests are aligned with the API definition, making it easier to work with RESTful APIs and reducing manual effort.

Interviewer: How does Postman handle updates to an OpenAPI specification?
Your Answer: Postman allows you to update an imported OpenAPI specification by re-importing the updated version of the file. You can then refresh the collection to reflect the changes made to the API definition.

Interviewer: How do you test an API that uses an OpenAPI specification in Postman?
Your Answer: Once an OpenAPI specification is imported into Postman, you can test the endpoints defined in the specification by sending requests directly from the generated collection. Postman allows you to validate responses, run tests, and automate the testing process for these endpoints.

Postman Teams and Enterprise Features

Interviewer: What is the difference between Postman Teams and Postman Enterprise?
Your Answer: Postman Teams is designed for small to medium-sized teams and includes features such as shared workspaces, version control, and API documentation. Postman Enterprise, on the other hand, offers advanced features like enhanced security, SSO integration, audit logs, and collaboration at a larger scale for organizations with more complex needs.

Interviewer: How do Postman Teams enable collaboration?
Your Answer: Postman Teams allow members to collaborate on collections, environments, and APIs in shared workspaces. Teams can manage permissions, track changes, and review API documentation, ensuring that everyone has access to the latest version of the project.

Interviewer: What are some advanced features available in Postman Enterprise?
Your Answer: Postman Enterprise includes features such as Single Sign-On (SSO), user and group management, advanced security controls, centralized API governance, audit logs, and the ability to integrate with enterprise-grade tools and services for automation and CI/CD.

Interviewer: How does Postman’s role-based access control work in Postman Teams?
Your Answer: Postman Teams provides role-based access control (RBAC) to manage permissions. Users can be assigned roles like “Viewer,” “Editor,” or “Admin,” each with different levels of access to workspaces, collections, and environments, ensuring controlled collaboration.

Interviewer: What is the role of the Postman Admin in a Postman Team?
Your Answer: A Postman Admin has full control over the team’s workspaces, settings, and user permissions. Admins can manage workspace access, assign roles to team members, and handle the configuration of enterprise-level features such as integrations and security settings.

Interviewer: How do Postman Teams help with managing API security?
Your Answer: Postman Teams offer centralized management of API keys, credentials, and other sensitive information through environment variables and secret management features. You can also enforce security policies like SSO for authentication and control access to different workspaces based on user roles.

Interviewer: How do you track changes in a Postman Team workspace?
Your Answer: Postman automatically tracks changes in the workspace with version control. You can see the history of changes made to collections, environments, and requests, and you can revert to previous versions if necessary. This ensures transparency and accountability for team members.

Interviewer: Can Postman integrate with other tools used by enterprise teams?
Your Answer: Yes, Postman integrates with several third-party tools and services like Jenkins, GitHub, GitLab, Slack, and more. These integrations help automate testing,monitor APIs, and improve collaboration and workflow in enterprise environments.

Interviewer: How does Postman handle audit logs in enterprise environments?
Your Answer: Postman Enterprise includes audit logs to track all user activities in the workspace. This helps organizations maintain compliance, monitor API usage, and detect any unauthorized changes or access to sensitive data.

Interview Questions and Answers
Chapter 7: Expert Techniques and Best Practices

Creating Custom Postman Workflows

1. Interviewer: How do you create a custom workflow in Postman for your API testing?
Your Answer:
To create a custom workflow in Postman, you can use the following features:

  • Pre-request scripts: Customize request data before sending requests.
  • Test scripts: Automate assertions and validations after the response is received.
  • Collection Runner: Run a sequence of requests with specific data sets.
  • Environment Variables: Create reusable data points across requests and collections.
    You can also use Postman Monitors to automate and schedule workflows for continuous testing.

2. Interviewer: How do you handle conditional workflows in Postman?
Your Answer:
You can create conditional workflows in Postman using Test Scripts to determine the next steps based on response data. For example, use pm.response.status to check if a request succeeded and decide whether to proceed with the next request:

if (pm.response.status === 200) {  
    // Continue with next steps  
} else {  
    // Handle failure  
}

3. Interviewer: How can you automate running different collections based on different environments or conditions?
Your Answer:
By using Postman environments and Collection Runner, you can automate the running of different collections for various environments.

  • Set environment variables for different environments (e.g., dev, staging, production).
  • Use the Collection Runner to select different environments and data sets for automation.
  • Set conditional logic in scripts to decide which collection or workflow to execute based on environment variables.

Advanced Scripting Techniques

4. Interviewer: Can you explain how you can use JavaScript in Postman for advanced scripting?
Your Answer:
Postman allows you to write JavaScript in Pre-request and Test Scripts to dynamically manipulate requests and responses. You can:

  • Extract and store values from responses with pm.response.json() or pm.response.text().
  • Set and get environment variables using pm.environment.set() and pm.environment.get().
  • Write advanced logic for conditional testing, looping, and data manipulation.
    For example, extracting a token from the response to use in subsequent requests:
let jsonData = pm.response.json();  
pm.environment.set("authToken", jsonData.token);

5. Interviewer: How do you handle dynamic data generation in Postman scripts?
Your Answer:
Postman allows you to generate dynamic data in scripts using Faker.js or by writing custom logic. You can generate random values like email, phone numbers, or dates, which can be used in requests:

let faker = require('faker');  
let randomEmail = faker.internet.email();  
pm.environment.set("email", randomEmail);

6. Interviewer: How do you implement retries for failed requests in Postman?
Your Answer:
To implement retries in Postman, you can use Postman’s built-in pm.sendRequest() function within a script and set a retry logic. For example, after a failed request, you can retry it a certain number of times:

let retries = 3;  
function makeRequest() {  
    pm.sendRequest(pm.request, function (err, res) {  
        if (err || res.status !== 200) {  
            if (retries > 0) {  
                retries--;  
                makeRequest();  
            } else {  
                console.log("Max retries reached");  
            }  
        } else {  
            console.log("Request successful");  
        }  
    });  
}  
makeRequest();

Managing Large APIs with Postman Workspaces

7. Interviewer: How do you manage a large set of APIs in Postman using workspaces?
Your Answer:
In Postman, workspaces allow you to organize your APIs into collections, environments, and monitors. For large APIs:

  • Create separate collections for different API versions or functional areas (e.g., Authentication, User Management).
  • Use Workspaces to segregate teams, so different team members work on different parts of the API without overlap.
  • Leverage Environments to manage API configurations across development, staging, and production environments.
  • Use Shared Workspaces to collaborate with team members and maintain consistency.

8. Interviewer: How do you handle versioning of APIs in Postman?
Your Answer:
API versioning can be managed by:

  • Creating separate collections for each version (e.g., v1, v2).
  • Using Environment variables to switch between versions dynamically.
  • Implementing versioning in the request URLs and managing these versions within workspaces.

9. Interviewer: What is the benefit of using Postman Workspaces for collaboration?
Your Answer:
Postman Workspaces allow for better collaboration by enabling multiple users to work on the same collection or environment. Features include:

  • Real-time synchronization: Changes made by one user are immediately visible to others.
  • Role-based access control: Limit permissions to read or edit collections and environments.
  • Version control: Track changes in collections and environments to ensure everyone works with the latest versions.

API Governance and Best Practices

10. Interviewer: How do you enforce API testing best practices using Postman?
Your Answer:
Postman helps enforce API testing best practices through:

  • Automated Tests: Use automated tests to validate responses, schema, and status codes.
  • API Documentation: Create clear, up-to-date API documentation within Postman for consistent usage.
  • Version Control: Manage different API versions in collections to ensure backward compatibility.
  • Mock Servers: Test APIs in isolation by mocking responses.

11. Interviewer: How do you ensure that API tests are aligned with business requirements?
Your Answer:
To align API tests with business requirements:

  • Use Postman’s collections to organize tests based on business functionality.
  • Collaborate with stakeholders to ensure API endpoints meet the defined business cases.
  • Regularly update test scripts to match evolving business logic or requirements.

12. Interviewer: What are some best practices for handling API security in testing?
Your Answer:
API security best practices include:

  • Use strong authentication mechanisms (OAuth, API keys, JWT tokens).
  • Test for SQL injection and XSS vulnerabilities using custom test scripts.
  • Ensure encryption of sensitive data using HTTPS and validate SSL certificates.
  • Regularly review security headers (e.g., CORS, CSP) and ensure proper authorization checks.

Security Testing with Postman

13. Interviewer: How do you test the security of an API using Postman?
Your Answer:
To test API security:

  • Test authentication and authorization: Ensure proper implementation of OAuth, API keys, and JWT tokens.
  • Test for data validation vulnerabilities: Check if the API is vulnerable to SQL injection, XSS, or other malicious payloads.
  • Test for SSL/TLS security: Validate the use of HTTPS and proper SSL/TLS configuration.
  • Use Postman’s Pre-request scripts to manipulate data and simulate security attacks.

14. Interviewer: How do you perform SQL injection tests using Postman?
Your Answer:
To test for SQL injection in Postman:

  • Input common SQL injection payloads (e.g., "' OR 1=1 --) in API parameters or headers.
  • Observe if the API responds unexpectedly or executes unauthorized queries.
  • Check for error messages that might expose database internals.

15. Interviewer: How do you test for Cross-Site Scripting (XSS) vulnerabilities in an API?
Your Answer:
Test for XSS by sending malicious scripts as inputs in API parameters, headers, or body content. For example:

<script>alert('XSS');</script>

Check the response for script execution, especially in fields that might be reflected back to the user (e.g., error messages).

Using Postman with GraphQL and WebSockets

16. Interviewer: How do you test a GraphQL API in Postman?
Your Answer:
To test GraphQL APIs in Postman:

  • Set the request type to POST and use the GraphQL endpoint.
  • Set the Body to JSON and define the GraphQL query inside the query field.
    For example:
{  
  "query": "{ users { name } }"  
}
  • Use variables to parameterize GraphQL queries.
  • Test GraphQL responses like regular APIs by validating the returned data.

17. Interviewer: How do you use WebSockets in Postman for API testing?
Your Answer:
Postman supports WebSockets for testing real-time communication. You can:

  • Use the WebSocket connection type to connect to a WebSocket server.
  • Send and receive messages via the WebSocket protocol.
  • Use scripts to automate tests on WebSocket responses and check for message integrity.

Real-World Case Studies and Projects

18. Interviewer: Can you describe a real-world project where you used Postman for API testing?
Your Answer:
In a recent project, I

used Postman to test an e-commerce platform’s API. We had multiple endpoints for user authentication, product management, and order processing. I created collections for each feature, wrote test scripts for response validation (e.g., verifying status codes, response times, and JSON schema), and set up monitors for continuous testing. Additionally, I integrated Postman with CI/CD pipelines for automated testing before deployment.

19. Interviewer: How do you measure the success of an API testing project using Postman?
Your Answer:
The success of an API testing project can be measured by:

  • Test Coverage: Ensuring all endpoints and business logic are tested.
  • Automation: Achieving a high degree of automation with Postman tests.
  • Error Detection: Identifying and resolving issues in API responses or functionality.
  • Efficiency: Reducing testing time with reusable collections, environments, and monitors.

Previous Lesson
Back to Course
Scroll to Top