API Testing with Postman — Boards & Lists (Localhost Demo)

This README documents end-to-end API testing of a simple Boards/Lists service using Postman against a local server.

---

1) Reflection & Summary

Thought Process

Designed as a mini lifecycle: Create → Use → Delete (Cleanup), covering happy paths (201, 200) and cleanup verification. Used environment variables (User_id, board_id, list-1, list_2, accessToken) for repeatability across runs.

Approach & Methodology

• Environment-driven setup ({{BaseUrl}})
• Postman Tests validate status codes and payloads
• Incremental verification after each creation
• Cleanup-first policy for idempotent reruns (lists → board → user)

Steps Taken

1. Create User → capture User_id, accessToken
2. Create Board → store board_id
3. Add Two Lists → store IDs
4. Delete One List
5. Delete Board
6. Delete User (with token)

CRUD Operation Explanation

• Create: User, Board, Lists (POST)
• Read: Validate responses & optional GET for board details
• Update: Not used in this demo (env vars simulate state updates)
• Delete: Lists, Board, User (DELETE)

Final Achievements

• Reproducible Postman collection with automated assertions
• Clear screenshots + examples for knowledge sharing
• Runner results confirm all tests passed ✅

---

2️⃣ Source of APIs

Before setting up the Postman environment, I verified the backend APIs directly in the browser Developer Tools (Network tab).

The backend was running on:

http://localhost:3000/api

▶️ Observations from Network Tab

• Signup API (/signup)

  • Sent a POST request with email, password, and welcomeEmail flag.

  • Payload captured:

    {
      "email": "[email protected]",
      "password": "sakif123",
      "welcomeEmail": false
    }

  • 📷 Screenshot:

• Response Preview

  • On success, API returned a JWT accessToken and the newly created user.

  • Example response:

    {
      "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "user": {
        "email": "[email protected]",
        "welcomeEmail": false,
        "id": 11
      }
    }

  • 📷 Screenshot: View Token Preview

• Boards API (/boards)

  • Once authenticated, I could create and fetch boards.

  • Example response (board created):

    {
      "name": "Board-1",
      "user": 11,
      "starred": false,
      "created": "2025-08-14",
      "id": 11
    }

---

2) Environment Setup

What this does: Defines variables for URLs and dynamic IDs used throughout the collection so requests are portable and easy to rerun.

Variable	Example Value	Notes
BaseUrl	http://localhost:3000/api	Base API URL
board_id	11	Set after board creation
list_2	26	Set after creating list-2
list-1	25	Set after creating list-1
User_id	31	Set after user creation
accessToken	<jwt-token>	Set from signup response

📸 Screenshot — Postman Environment Setup

---

3) Create User

What this does: Creates a new user. Stores User_id and accessToken in the environment for authenticated calls later.

Request

POST {{BaseUrl}}/signup

Body (JSON)

{
  "email": "sakif{{randomInt}}@gmail.com",
  "password": "sakif123",
  "welcomeEmail": false
}

Tests

pm.test("Successful POST request", function () {
  pm.expect(pm.response.code).to.be.oneOf([201, 202]);
});

let response = pm.response.json();
let responseEmail = response.user.email;

pm.test("Email contains 'sakif' and ends with @gmail.com", function () {
  pm.expect(responseEmail).to.match(/sakif\d+@gmail\.com$/);
});

var jsonData = pm.response.json();
pm.environment.set("User_id", jsonData.user.id);
pm.environment.set("accessToken", jsonData.accessToken);

Expected Response (201 Created)

{
  "accessToken": "<jwt-token>",
  "user": {
    "email": "[email protected]",
    "welcomeEmail": false,
    "id": 31
  }
}

📸 Screenshots

• Body/Response:
• Tests:

---

4) Create Board

What this does: Creates a board and saves its id to board_id for subsequent list operations and cleanup.

Request

POST {{BaseUrl}}/boards

Body (JSON)

{
  "name": "Automation Bord"
}

Tests

pm.test("Status code is 201", function () {
  pm.response.to.have.status(201);
});

pm.test("Name: Automation Bord", function () {
  pm.expect(pm.response.json().name).to.eql("Automation Bord");
});

let response = pm.response.json();
pm.environment.set("board_id", response.id);

Expected Response (201 Created)

{
  "name": "Automation Bord",
  "user": 0,
  "starred": false,
  "created": "2025-08-18",
  "id": 11
}

📸 Screenshots

• Request Body:
• Tests & Response:

---

5) Add Two Lists

List-1

What this does: Creates list-1 under the created board and stores its ID in list-1.

POST {{BaseUrl}}/lists

Body

{
  "boardId": {{board_id}},
  "name": "list-1",
  "order": 0
}

Tests

pm.test("Status code is 201", function () {
  pm.response.to.have.status(201);
});

pm.test("Name: list-1", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData.name).to.eql("list-1");
});

let response = pm.response.json();
pm.environment.set("list-1", response.id);

Expected Response

{
  "boardId": 11,
  "name": "list-1",
  "order": 0,
  "created": "2025-08-18",
  "id": 25
}

📸 Screenshots

• Add list-1 Body/Response:
• Add list-1 Tests:

---

List-2

What this does: Creates list-2 under the same board and stores its ID in list_2. This is the one we’ll delete later.

POST {{BaseUrl}}/lists

Body

{
  "boardId": {{board_id}},
  "name": "list-2",
  "order": 0
}

Tests

pm.test("Status code is 201", function () {
  pm.response.to.have.status(201);
});

var jsonData = pm.response.json();

pm.test("Board ID matches", function () {
  pm.expect(jsonData.boardId).to.eql(11);
});

pm.test("List name is: list-2", function () {
  pm.expect(jsonData.name).to.eql("list-2");
});

let response = pm.response.json();
pm.environment.set("list_2", response.id);

Expected Response

{
  "boardId": 11,
  "name": "list-2",
  "order": 0,
  "created": "2025-08-18",
  "id": 26
}

📸 Screenshots

• Add list-2 Body/Response:
• Add list-2 Tests:

---

6) Delete One List

What this does: Deletes list-2 (stored in list_2) to validate deletion behavior and prep for board deletion.

Request

DELETE {{BaseUrl}}/lists/{{list_2}}

Expected Response (200 OK)

{}

📸 Screenshot

---

7) Delete Board

What this does: Deletes the board using board_id (after list cleanup) to keep the environment idempotent.

Request

DELETE {{BaseUrl}}/boards/{{board_id}}

Tests

pm.test("Board ID is Deleted", function () {
  pm.response.to.have.status(200);
});

Expected Response

{}

📸 Screenshot

---

8) Delete User

What this does: Deletes the user created in Step 3 using User_id. Requires accessToken as a Bearer token.

Request

DELETE {{BaseUrl}}/users/{{User_id}}

Authorization

• Type: Bearer Token
• Token: {{accessToken}}

Tests

pm.test(`User_id:${pm.environment.get("User_id")}, User successfully deleted`, function () {
  pm.response.to.have.status(200);
});

Expected Response (200 OK)

{}

📸 Screenshots

• Authorization (Bearer token):
• Tests (Validation):

---

9) Postman Collection Run Results

What this shows: End-to-end execution with all assertions green — confirming the flow and cleanup are correct.

After running via Postman Runner:

• ✅ All 8 tests passed
• Avg response time: ~49ms

📸 Screenshots

• Runner Detailed:
• Runner Summary:

---

Final Notes

• The flow covers Create → Read (validate) → Delete across User, Board, and Lists.
• All dynamic IDs and tokens are saved to the environment for repeatable runs.