Postman Cheatsheet

API testing, collections, variables, scripts & automation

Tool

Contents

Basics Variables Test Scripts Pre-request Scripts Collections Environments Advanced

📮

Basics

GET    — Retrieve resource
POST   — Create resource
PUT    — Full update
PATCH  — Partial update
DELETE — Remove resource

Headers
Content-Type: application/json
Authorization: Bearer <token>
Accept: application/json

Body (raw JSON)
{
  "name": "Alice",
  "email": "alice@test.com"
}

Query Params
GET /users?page=1&limit=10

💎

Variables

Variable scopes (precedence):
Local → Data → Environment → Collection → Global

Use in URL / headers / body:
{{base_url}}/api/users
Authorization: Bearer {{token}}

Set in scripts:
pm.globals.set("key", "value");
pm.environment.set("key", "value");
pm.collectionVariables.set("key", "value");
pm.variables.set("key", "value");   // local

Get in scripts:
pm.variables.get("key");           // auto scope
pm.environment.get("key");

✅

Test Scripts

// Status code
pm.test("Status 200", () => {
    pm.response.to.have.status(200);
});

// JSON body
pm.test("Has name", () => {
    const json = pm.response.json();
    pm.expect(json.name).to.eql("Alice");
});

// Response time
pm.test("Fast response", () => {
    pm.expect(pm.response.responseTime).to.be.below(500);
});

// Headers
pm.test("Content-Type JSON", () => {
    pm.response.to.have.header("Content-Type");
});

// Save response data
const json = pm.response.json();
pm.environment.set("userId", json.id);

⚡

Pre-request Scripts

// Generate timestamp
pm.variables.set("timestamp", Date.now());

// Random data
pm.variables.set("randomEmail",
    `user${Math.random().toString(36).substr(2)}@test.com`);

// Dynamic variables (built-in)
{{$randomFirstName}}
{{$randomEmail}}
{{$randomInt}}
{{$timestamp}}
{{$guid}}

📁

Collections

Collection = folder of organized requests

Features:
• Group related requests
• Share with team
• Run all with Collection Runner
• Export / Import as JSON
• Add collection-level variables
• Add collection-level auth

Collection Runner options:
• Iterations: run N times
• Delay: ms between requests
• Data file: CSV/JSON for data-driven tests

CLI (Newman):
npm install -g newman
newman run collection.json -e env.json
newman run collection.json --iteration-count 5

🌍

Environments

Environment = set of key-value variables

Common setup:
• Dev:  base_url = http://localhost:3000
• Staging: base_url = https://staging.api.com
• Prod: base_url = https://api.com

Switch environments via dropdown
Use {{base_url}} in requests

Initial vs Current value:
• Initial = shared (synced)
• Current = local only (secrets)

🔧

Advanced

// Chain requests — save token from login
// Login response test script:
const json = pm.response.json();
pm.environment.set("token", json.token);
// Next request header: Bearer {{token}}

// Send request from script
pm.sendRequest("https://api.com/token", (err, res) => {
    pm.environment.set("token", res.json().token);
});

// Skip or repeat
postman.setNextRequest("Request Name");  // jump to
postman.setNextRequest(null);             // stop runner