Dulu kalau mau test API, aku buka terminal, ketik curl panjang lebar, copy-paste token auth, ganti parameter satu-satu, dan kalau lupa syntax curl? Google lagi. Capek.
Terus temen nge-rekomendasiin Postman. Awalnya gak tertarik — “Gue lebih suka terminal, lebih hacker.” Tapi pas coba… wah, ternyata jauh lebih productive. Collections, environments, automated tests — semua ada.
Sekarang, sebelum push code, aku SELALU test di Postman dulu. Dan aku bakal share semua yang aku tau soal Postman di tutorial ini.
Postman Itu Apa?
Postman itu aplikasi untuk build, test, dan manage API. Bisa dipakai sebagai:
- API client — kirim request HTTP (GET, POST, PUT, DELETE, dll)
- Testing tool — tulis assertions untuk verify response
- Documentation — auto-generate API docs
- Mock server — simulasi API tanpa backend asli
- Environment manager — switch antara dev/staging/production
Gratis untuk fitur basic. Tim yang butuh kolaborasi pakai berbayar.
Install Postman
- Desktop: Download dari postman.com/downloads (Windows, macOS, Linux)
- Web: Buka web.postman.co — langsung di browser
- CLI (newman):
npm install -g newman— buat CI/CD
Postman Basics
Interface
Buka Postman, kamu bakal lihat:
- Left sidebar: Collections, History, Environment
- Center: Request builder (method, URL, headers, body)
- Right: Response area (body, headers, cookies, timing)
- Bottom: Console (debugging)
Request Pertama
- Pilih method (GET, POST, dll)
- Masukin URL:
https://jsonplaceholder.typicode.com/posts/1 - Klik Send
- Lihat response!
{
"userId": 1,
"id": 1,
"title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
"body": "quia et suscipit\nsuscipit recusandae consequuntur..."
}
Gampang kan?
HTTP Methods
- GET — Ambil data
- POST — Create data baru
- PUT — Update data (replace semua)
- PATCH — Update data (partial)
- DELETE — Hapus data
- HEAD — Cuma headers (tanpa body)
- OPTIONS — Cek permissions (CORS)
Cara Pakai Postman Step-by-Step
Step 1: POST Request dengan Body
Buat POST data:
- Pilih method:
POST - URL:
https://jsonplaceholder.typicode.com/posts - Tab Body → pilih raw → pilih JSON
- Masukin body:
{
"title": "Belajar Postman",
"body": "Tutorial lengkap API testing",
"userId": 1
}
- Tab Headers: tambah
Content-Type: application/json(Postman biasanya auto-add) - Klik Send
Response:
{
"title": "Belajar Postman",
"body": "Tutorial lengkap API testing",
"userId": 1,
"id": 101
}
Step 2: Headers & Authentication
Banyak API yang butuh authentication. Contoh pakai Bearer token:
- Tab Authorization
- Pilih type: Bearer Token
- Masukin token:
your-api-token-here
Atau pakai Basic Auth:
- Pilih Basic Auth
- Username:
your-username - Password:
your-password
Atau custom headers:
- Tab Headers
- Tambahin:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
X-API-Key: your-api-key
Accept: application/json
Step 3: Collections
Collections itu folder untuk organize requests. Sangat berguna kalau kamu punya banyak API endpoints.
Bikin collection:
- Klik New → Collection
- Kasih nama, misal “Toko API”
- Tambahin requests ke dalamnya
Organize dengan folders:
📦 Toko API
├── 📁 Auth
│ ├── POST /login
│ ├── POST /register
│ └── POST /refresh-token
├── 📁 Products
│ ├── GET /products
│ ├── GET /products/:id
│ ├── POST /products
│ └── DELETE /products/:id
└── 📁 Orders
├── GET /orders
└── POST /orders
Export/Import collections:
- Export: Klik collection → titik tiga → Export → pilih format
- Import: Klik Import → pilih file atau URL
Step 4: Environments
Environments bikin kamu bisa switch antara dev/staging/production tanpa ganti request satu-satu.
Bikin environment:
- Klik Environments (sidebar)
- Klik New → Environment
- Kasih nama: “Development”
Tambahin variables:
| Variable | Value |
|---|---|
| base_url | http://localhost:3000 |
| auth_token | dev-token-xxx |
Bikin environment lain untuk Production:
| Variable | Value |
|---|---|
| base_url | https://api.example.com |
| auth_token | prod-token-xxx |
Sekarang di request, pakai variable:
POST {{base_url}}/api/login
Headers:
Authorization: Bearer {{auth_token}}
Klik environment dropdown di pojok kanan atas → pilih “Development” atau “Production”. Semua variable otomatis keganti!
Variable precedence:
- Local variables (per-request)
- Environment variables
- Collection variables
- Global variables
Step 5: Pre-request Scripts
Jalankan script SEBELUM request dikirim. Berguna untuk:
- Generate dynamic data
- Set timestamp
- Get auth token dari API lain
Tab Pre-request Script:
// Generate random data
const randomEmail = `user${Date.now()}@test.com`;
pm.environment.set("test_email", randomEmail);
// Set timestamp
pm.environment.set("timestamp", new Date().toISOString());
// Get token dari API lain (chaining)
pm.sendRequest({
url: pm.environment.get("base_url") + "/api/auth/token",
method: "POST",
header: { "Content-Type": "application/json" },
body: {
mode: "raw",
raw: JSON.stringify({
client_id: pm.environment.get("client_id"),
client_secret: pm.environment.get("client_secret")
})
}
}, (err, response) => {
if (!err) {
const token = response.json().access_token;
pm.environment.set("auth_token", token);
}
});
Step 6: Tests (Assertions)
Ini bagian paling powerful. Tab Tests:
// Status code check
pm.test("Status code is 200", () => {
pm.response.to.have.status(200);
});
// Response time check
pm.test("Response time is less than 1 second", () => {
pm.expect(pm.response.responseTime).to.be.below(1000);
});
// Body contains field
pm.test("Response has 'id' field", () => {
const data = pm.response.json();
pm.expect(data).to.have.property("id");
});
// Type checking
pm.test("User data type is correct", () => {
const user = pm.response.json();
pm.expect(user.id).to.be.a("number");
pm.expect(user.name).to.be.a("string");
pm.expect(user.email).to.match(/@.+\..+/); // Regex check
});
// Array check
pm.test("Response returns array of products", () => {
const data = pm.response.json();
pm.expect(data).to.be.an("array");
pm.expect(data.length).to.be.above(0);
});
// Schema validation (pakai tv4 library)
const schema = {
type: "object",
required: ["id", "title", "body", "userId"],
properties: {
id: { type: "number" },
title: { type: "string" },
body: { type: "string" },
userId: { type: "number" }
}
};
pm.test("Schema validation", () => {
const data = pm.response.json();
const isValid = tv4.validate(data, schema);
pm.expect(isValid).to.be.true;
});
Step 7: Chained Requests
Skenario real: login → ambil token → pakai token untuk create data → verify.
Request 1: Login
Pre-request Script:
// Nothing needed
Tests:
const response = pm.response.json();
pm.test("Login successful", () => {
pm.expect(pm.response.status).to.equal(200);
pm.expect(response).to.have.property("access_token");
});
// Simpan token untuk request berikutnya
pm.environment.set("auth_token", response.access_token);
Request 2: Create Product
URL: {{base_url}}/api/products
Tests:
const product = pm.response.json();
pm.test("Product created", () => {
pm.expect(pm.response.status).to.equal(201);
pm.expect(product).to.have.property("id");
});
// Simpan product ID untuk request berikutnya
pm.environment.set("product_id", product.id);
Request 3: Delete Product
URL: {{base_url}}/api/products/{{product_id}}
Method: DELETE
Tests:
pm.test("Product deleted", () => {
pm.expect(pm.response.status).to.equal(204);
});
Sekarang klik Runner (di tab collection) → Run → semua request jalan berurutan!
Step 8: API Tests yang Komplit
Ini test suite lengkap untuk REST API:
// ===== GENERIC TESTS (bisa dipakai semua endpoint) =====
pm.test("Status code is valid", () => {
const validStatuses = [200, 201, 204, 400, 401, 403, 404, 500];
pm.expect(validStatuses).to.include(pm.response.status);
});
pm.test("Response time under 2 seconds", () => {
pm.expect(pm.response.responseTime).to.be.below(2000);
});
pm.test("Response is JSON", () => {
pm.expect(pm.response.headers.get("Content-Type"))
.to.include("application/json");
});
// ===== GET LIST TESTS =====
pm.test("Returns paginated data", () => {
const data = pm.response.json();
if (pm.response.status === 200) {
pm.expect(data).to.have.property("data");
pm.expect(data.data).to.be.an("array");
pm.expect(data).to.have.property("pagination");
}
});
// ===== CREATE TESTS =====
pm.test("Created successfully", () => {
pm.expect(pm.response.status).to.equal(201);
const data = pm.response.json();
pm.expect(data).to.have.property("id");
pm.expect(data.id).to.be.a("number");
});
// ===== ERROR TESTS =====
pm.test("Proper error format on 400", () => {
if (pm.response.status === 400) {
const data = pm.response.json();
pm.expect(data).to.have.property("error");
pm.expect(data.error).to.be.a("string");
}
});
pm.test("Auth required returns 401", () => {
if (pm.response.status === 401) {
const data = pm.response.json();
pm.expect(data.error).to.include("unauthorized");
}
});
Newman: Postman di Terminal
Newman itu CLI version of Postman. Berguna untuk CI/CD.
Install:
npm install -g newman
Export collection dari Postman, lalu jalankan:
# Run collection
newman run collection.json
# Dengan environment
newman run collection.json -e environment.json
# Dengan environment dan reporter
newman run collection.json \
-e environment.json \
-r cli,html \
--reporter-html-export report.html
# Run dengan iterations (banyak requests)
newman run collection.json \
--iteration-data data.json \
--iteration-count 10
Buat CI/CD (GitHub Actions):
name: API Tests
on: [push, pull_request]
jobs:
test-api:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Newman
run: npm install -g newman
- name: Run API Tests
run: |
newman run tests/api-collection.json \
-e tests/production-env.json \
-r cli,htmlextra \
--reporter-htmlextra-export test-results.html
- name: Upload test report
uses: actions/upload-artifact@v4
with:
name: api-test-report
path: test-results.html
Tips Pro
1. Variables naming convention
{{base_url}} — URL
{{auth_token}} — Auth
{{user_id}} — ID untuk test
{{api_version}} — Versioning
2. Quick actions keyboard shortcuts
Ctrl+Enter— Send requestCtrl+S— Save requestCtrl+E— Quick switch environmentCtrl+Shift+A— Show/hide sidebar
3. Use examples for documentation
Setelah response diterima, klik Save as Example. Ini bisa jadi referensi buat tim lain yang pakai API kamu.
4. Visualize responses
Tab Tests, pakai pm.visualizer.set() untuk render HTML response:
const template = `
<div style="font-family: Arial; padding: 20px;">
<h2>📊 API Response Dashboard</h2>
<p><strong>Status:</strong> {{response.status}}</p>
<p><strong>Time:</strong> {{response.time}}ms</p>
<p><strong>Size:</strong> {{response.size}} bytes</p>
</div>
`;
pm.visualizer.set(template, {
response: {
status: pm.response.code,
time: pm.response.responseTime,
size: pm.response.responseSize
}
});
Klik tab Visualize di response area untuk lihat hasilnya.
Pitfalls
1. Lupa switch environment Pernah test production API pake development token. Langsung panic. Selalu cek environment indicator di pojok kanan atas sebelum send.
2. Variable gak resolve
Kalau {{variable}} muncul literally (gak keganti), cek:
- Nama variable bener? (case-sensitive)
- Ada di active environment?
- Bukan typo?
3. Tests gak jalan Postman test pakai Chai assertion. Kalau error:
- Cek syntax JS kamu
- Response bentuknya sesuai yang di-expect?
- Pakai console.log() untuk debug
4. Collection export format Export v2.1 untuk compatibility maximum. Export v2.0 juga bisa tapi fitur lebih dikit.
Postman Alternative
Kalau kamu lebih suka terminal:
- httpie — curl yang lebih user-friendly
- Thunder Client — VS Code extension
- Insomnia — alternatif Postman yang lebih ringan
- Bruno — open source, collections disimpan di file system
Tapi kalau ditanya saran? Tetep Postman. Community-nya paling gede, fitur paling lengkap, dan free tier-nya udah cukup buat kebanyakan kebutuhan.
Conclusion
Postman itu wajib dikuasain buat backend developer. Dari basic request sampai automated testing, semua ada. Mulai dari bikin collection untuk project kamu sekarang.
Yang penting: jangan cuma test manual di browser/terminal. Automated tests itu investasi yang bikin kamu tidur nyenyak pas production deploy.
Mau tanya tips Postman? Atau mau share collection kamu? Chat aku di Telegram!