REST API Testing
Master REST API testing techniques and best practices. This is a foundational concept in quality assurance and test automation that professional developers rely on daily. The explanations below are written to be beginner-friendly while covering the depth and nuance that comes from real-world Software Testing experience. Take your time with each section and practice the examples
50 min•By Priygop Team•Last updated: Feb 2026
REST API Concepts
- HTTP Methods: GET, POST, PUT, DELETE, PATCH
- Status Codes: 200, 201, 400, 401, 404, 500
- Headers: Content-Type, Authorization, Accept
- Request/Response: JSON, XML, or other formats
- URL Structure: Base URL + endpoint + parameters
REST API Testing with Postman
Example
// GET Request Example
GET https://api.example.com/users/123
Headers:
Authorization: Bearer token123
Accept: application/json
Response:
{
"id": 123,
"name": "John Doe",
"email": "john@example.com",
"status": "active"
}
// POST Request Example
POST https://api.example.com/users
Headers:
Content-Type: application/json
Authorization: Bearer token123
Body:
{
"name": "Jane Smith",
"email": "jane@example.com",
"password": "securepass123"
}
Response:
{
"id": 124,
"name": "Jane Smith",
"email": "jane@example.com",
"status": "active",
"created_at": "2024-01-15T10:30:00Z"
}
// PUT Request Example
PUT https://api.example.com/users/123
Headers:
Content-Type: application/json
Authorization: Bearer token123
Body:
{
"name": "John Updated",
"email": "john.updated@example.com"
}
Response:
{
"id": 123,
"name": "John Updated",
"email": "john.updated@example.com",
"status": "active",
"updated_at": "2024-01-15T11:00:00Z"
}
// DELETE Request Example
DELETE https://api.example.com/users/123
Headers:
Authorization: Bearer token123
Response:
{
"message": "User deleted successfully",
"deleted_at": "2024-01-15T11:30:00Z"
}REST API Test Cases
Example
// Positive Test Cases
const positiveTestCases = [
{
"Test": "GET /users - Valid request",
"Request": "GET https://api.example.com/users",
"Expected": "200 OK, List of users"
},
{
"Test": "POST /users - Create valid user",
"Request": "POST with valid user data",
"Expected": "201 Created, User object with ID"
},
{
"Test": "PUT /users/123 - Update existing user",
"Request": "PUT with updated data",
"Expected": "200 OK, Updated user object"
}
];
// Negative Test Cases
const negativeTestCases = [
{
"Test": "GET /users/999 - Non-existent user",
"Request": "GET https://api.example.com/users/999",
"Expected": "404 Not Found"
},
{
"Test": "POST /users - Invalid data",
"Request": "POST with missing required fields",
"Expected": "400 Bad Request, Validation errors"
},
{
"Test": "PUT /users/123 - Unauthorized",
"Request": "PUT without valid token",
"Expected": "401 Unauthorized"
}
];
// Edge Cases
const edgeTestCases = [
{
"Test": "GET /users - Empty result",
"Request": "GET with filter that returns no results",
"Expected": "200 OK, Empty array"
},
{
"Test": "POST /users - Duplicate email",
"Request": "POST with existing email",
"Expected": "409 Conflict, Duplicate email error"
},
{
"Test": "PUT /users/123 - Large payload",
"Request": "PUT with very large data",
"Expected": "413 Payload Too Large"
}
];