Skip to main content

API Testing Automation Guide with PostQode API Agent

Table of Contents

  1. Overview
  2. Getting Started
  3. Importing API Collections
  4. Setting Up Variables
  5. Executing API Requests
  6. Analyzing Responses & Schema
  7. Generating Test Cases
  8. Running Automated Tests
  9. Best Practices

Overview

The PostQode API Agent is an intelligent assistant that automates API testing workflows. Instead of manually creating test cases, writing assertions, and managing test data, the API Agent can:

  • Import API collections from Postman, OpenAPI, cURL, or HAR files
  • Execute API requests and analyze responses automatically
  • Generate comprehensive test suites with assertions based on actual API behavior
  • Create data-driven tests with CSV datasets
  • Manage environment variables and authentication tokens

Key Benefits:

  • Speed: Generate 20+ test cases in minutes instead of hours
  • 🎯 Accuracy: Assertions based on real API responses, not guesswork
  • 🔄 Automation: Execute requests, extract tokens, chain dependencies automatically
  • 📊 Coverage: Positive, negative, boundary, and security test scenarios

Video Demo

Watch this quick demo to see the PostQode API Agent in action:

Getting Started

Prerequisites

  • PostQode installed and configured
  • API collection file (Postman, OpenAPI, cURL, or HAR format)
  • Access to the API server you want to test

Workflow Overview

Import Collection → Setup Variables → Execute Requests → Analyze Response → Generate Tests → Run Automation

Importing API Collections

What It Does

The API Agent imports your existing API definitions and converts them into PostQode's format, preserving all request details, headers, authentication, and test scripts.

How to Import

Command:

"Import the Postman collection from /path/to/collection.json"

What Happens:

  1. API Agent reads the collection file
  2. Converts each request to PostQode's .request.yaml format
  3. Organizes requests into folders under collections/
  4. Preserves all headers, body, authentication, and scripts

Example:

User: "Import the VSCode Extension API collection from Downloads folder"

API Agent:
✅ Imported 35 API requests organized into 7 categories:
   - Authentication & Licensing (7 requests)
   - Extension Activation & Telemetry (4 requests)
   - Settings Sync (4 requests)
   - AI Autocomplete Backend (5 requests)
   - Update & Version Management (3 requests)
   - Error Reporting & Diagnostics (3 requests)
   - Feature Flags (2 requests)

Result:

  • All requests available at collections/VSCode Extension API Collection/
  • Ready to execute, modify, or generate tests from

Setting Up Variables

What It Does

Variables allow you to parameterize your API requests (URLs, tokens, credentials) so tests can run across different environments without code changes.

How to Create Variables

Command:

"Create variables for API testing"

What Happens:

  1. API Agent analyzes your imported requests
  2. Identifies common variables (base_url, access_token, etc.)
  3. Creates a variable set with sensible defaults
  4. Stores in variables/ directory

Example Variable Set:

name: VSCode Extension API Variables
variables:
  - key: base_url
    value: https://api.example.com
    type: default
  
  - key: access_token
    value: ""
    type: default
    description: Auto-populated by login request
  
  - key: test_email
    value: [email protected]
    type: default
  
  - key: test_password
    value: Test@12345
    type: secret

Usage in Requests:

{
  "url": "{'{{base_url}}'}/auth/login",
  "headers": {
    "Authorization": "Bearer {'{{access_token}}'}"
  }
}

Key Features:

  • Environment Switching: Change base_url to switch between dev/staging/prod
  • Token Management: Tokens auto-extracted from responses and stored
  • Secret Protection: Passwords marked as type: secret

Executing API Requests

What It Does

The API Agent executes requests against your API server, captures the full response, and infers the response schema automatically.

How to Execute

Command:

"Execute the login request"

What Happens:

  1. API Agent locates the request file
  2. Resolves all variables ({'{{base_url}}'}, {'{{test_email}}'}, etc.)
  3. Sends the HTTP request to the server
  4. Captures response: status, headers, body, timing
  5. Infers response schema from the actual data
  6. Suggests assertions based on the response

Example Execution:

Request:

POST {'{{base_url}}'}/auth/login
Content-Type: application/json

{
  "email": "{'{{test_email}}'}",
  "password": "{'{{test_password}}'}"
}

Response Captured:

{
  "status": 200,
  "responseTime": 245,
  "body": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user_id": "usr_12345",
    "expires_in": 3600
  }
}

Inferred Schema:

{
  "type": "object",
  "properties": {
    "access_token": { "type": "string" },
    "refresh_token": { "type": "string" },
    "user_id": { "type": "string" },
    "expires_in": { "type": "number" }
  },
  "required": ["access_token", "refresh_token", "user_id"]
}

Analyzing Responses & Schema

What It Does

After executing a request, the API Agent analyzes the response structure and generates a schema that describes the data types, required fields, and nested objects.

Schema Tab Features

Automatic Schema Inference:

  • Detects data types (string, number, boolean, array, object)
  • Identifies required vs optional fields
  • Maps nested object structures
  • Recognizes array item types

Why This Matters:

  • Accurate Assertions: Write assertions that match actual response structure
  • Contract Validation: Ensure API responses match expected schema
  • Documentation: Auto-generated API documentation from real responses

Example Analysis:

Response:

{
  "user": {
    "id": "usr_123",
    "email": "[email protected]",
    "profile": {
      "name": "Test User",
      "avatar_url": "https://..."
    }
  },
  "permissions": ["read", "write"]
}

Inferred Schema:

{
  "type": "object",
  "properties": {
    "user": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "email": { "type": "string" },
        "profile": {
          "type": "object",
          "properties": {
            "name": { "type": "string" },
            "avatar_url": { "type": "string" }
          }
        }
      }
    },
    "permissions": {
      "type": "array",
      "items": { "type": "string" }
    }
  }
}

Generated Assertions:

pq.test('Status 200', () => pq.response.to.have.status(200));
pq.test('Has user object', () => pq.expect(pq.response.json().user).to.be.an('object'));
pq.test('Has user.id', () => pq.expect(pq.response.json().user.id).to.be.a('string'));
pq.test('Has permissions array', () => pq.expect(pq.response.json().permissions).to.be.an('array'));

Generating Test Cases

What It Does

The API Agent creates comprehensive test suites with test cases that include:

  • Request configuration
  • Assertions based on actual response schema
  • Variable extraction for chaining requests
  • Positive, negative, and edge case scenarios

How to Generate Tests

Command:

"Create test cases for the Authentication section"

What Happens:

  1. API Agent executes the request to learn the response structure
  2. Creates a test suite (if needed)
  3. Generates test cases for different scenarios:
    • Positive: Valid inputs, expected success
    • Negative: Invalid inputs, expected errors
    • Boundary: Edge cases, limits
    • Security: Authentication, authorization checks
  4. Writes assertions matching the actual response schema
  5. Adds variable extraction for token management

Example Generated Test Case:

Test Case: Login with Valid Credentials

name: Login with Valid Credentials
description: Test successful login with valid email and password
type: TESTCASE
tags: [authentication, login, positive]

steps:
  - name: POST Login
    request:
      method: POST
      url: "{'{{base_url}}'}/auth/login"
      headers:
        - key: Content-Type
          value: application/json
      body:
        mode: raw
        raw: |
          {
            "email": "{'{{test_email}}'}",
            "password": "{'{{test_password}}'}"
          }
    
    events:
      - listen: test
        script:
          exec:
            - pq.test('Status 200', () => pq.response.to.have.status(200));
            - pq.test('Has access_token', () => pq.expect(pq.response.json().access_token).to.be.a('string'));
            - pq.test('Has refresh_token', () => pq.expect(pq.response.json().refresh_token).to.be.a('string'));
            - const json = pq.response.json();
            - pq.variables.set('access_token', json.access_token);
            - pq.variables.set('refresh_token', json.refresh_token);
            - pq.test('Token is not empty', () => pq.expect(json.access_token.length).to.be.above(10));

Key Features:

  • ✅ Assertions match actual response structure (not guessed)
  • ✅ Token extraction for subsequent requests
  • ✅ Performance checks (response time)
  • ✅ Descriptive test names and tags

Running Automated Tests

Test Execution Flow

1. Sequential Execution:

Register User → Login → Get Profile → Update Settings → Logout

2. Variable Chaining:

Login (extracts access_token) → API Call (uses access_token) → Refresh Token (updates access_token)

3. Data-Driven Testing:

CSV Dataset (100 users) → Run test case 100 times with different data

How to Run Tests

Command:

"Run the Authentication test suite"

What Happens:

  1. API Agent loads the test suite
  2. Executes test cases in order
  3. Resolves variables from environment file
  4. Runs each test step
  5. Evaluates assertions
  6. Reports results (pass/fail/skip)

Example Test Run:

Running: Authentication and Licensing Tests
├─ ✅ Register New User - Valid Data (245ms)
│  └─ ✅ Status 201 Created
│  └─ ✅ Has user_id
│  └─ ✅ Has email

├─ ✅ Login with Valid Credentials (198ms)
│  └─ ✅ Status 200
│  └─ ✅ Has access_token
│  └─ ✅ Token is not empty
│  └─ 📝 Stored: access_token, refresh_token, user_id

├─ ✅ Login with Invalid Password (156ms)
│  └─ ✅ Status 401 Unauthorized
│  └─ ✅ Has error message
│  └─ ✅ No access_token in response

├─ ✅ Refresh Access Token (134ms)
│  └─ ✅ Status 200
│  └─ ✅ Has new access_token
│  └─ 📝 Updated: access_token

├─ ✅ Logout User (89ms)
│  └─ ✅ Status 200
│  └─ ✅ Has success message

├─ ✅ Validate License Key - Valid (167ms)
│  └─ ✅ Status 200
│  └─ ✅ License is valid
│  └─ ✅ Has plan type

└─ ✅ Validate License Key - Invalid (145ms)
   └─ ✅ Status 403 Forbidden
   └─ ✅ License is invalid
   └─ ✅ Has error message

Summary: 7 passed, 0 failed, 0 skipped (1.2s)

Best Practices

1. Execute Before Generating

Always execute the request first to see the actual response before generating test cases. This ensures assertions match reality.

❌ Don't: Generate tests blindly
✅ Do: Execute → Analyze response → Generate tests

2. Use Descriptive Test Names

❌ Bad: "Test 1", "API Call"
✅ Good: "Login with Valid Credentials", "Validate License Key - Invalid"

3. Organize by Feature

testSuites/
├── Authentication and Licensing Tests/
├── Extension Activation and Telemetry Tests/
├── Settings Sync Tests/
└── AI Autocomplete Backend Tests/

4. Separate Positive and Negative Tests

✅ Login with Valid Credentials (positive)
✅ Login with Invalid Password (negative)
✅ Login with Missing Email (negative)

5. Use Variables for Flexibility

# Development
base_url: https://dev-api.example.com

# Staging
base_url: https://staging-api.example.com

# Production
base_url: https://api.example.com

6. Tag Your Tests

tags: [authentication, login, positive, smoke]
tags: [ai, code-completion, performance]
tags: [settings, sync, integration]

7. Add Performance Assertions

pq.test('Response time < 2000ms', () => 
  pq.expect(pq.response.responseTime).to.be.below(2000)
);

8. Chain Requests with Variables

// Step 1: Login
pq.variables.set('access_token', pq.response.json().access_token);

// Step 2: Use token in next request
headers: { "Authorization": "Bearer {'{{access_token}}'}" }

Example: Complete Workflow

Scenario: Testing a VSCode Extension API

Step 1: Import Collection

User: "Import the Postman collection from Downloads/VSCode_Extension_API_Collection.json"

Result: ✅ 35 requests imported into collections/

Step 2: Create Variables

User: "Create variables for API testing"

Result: ✅ Variable set created with base_url, access_token, test credentials

Step 3: Execute & Analyze

User: "Execute the login request"

Result: 
✅ Status 200 (245ms)
✅ Response schema inferred
✅ Suggested assertions generated

Step 4: Generate Test Suite

User: "Create test cases for Authentication section"

Result: 
✅ Test suite created: Authentication and Licensing Tests
✅ 7 test cases generated:
   - Register New User
   - Login (valid/invalid)
   - Token refresh
   - Logout
   - License validation (valid/invalid)

Step 5: Generate More Suites

User: "Create test cases for Telemetry, Settings Sync, and AI Backend sections"

Result:
✅ 3 more test suites created
✅ 13 additional test cases generated
✅ Total: 4 suites, 20 test cases

Step 6: Run Tests

User: "Run all test suites"

Result:
✅ 20 test cases executed
✅ 18 passed, 2 failed (API server not configured)
✅ Detailed report generated

Summary

The PostQode API Agent transforms API testing from a manual, time-consuming process into an automated, intelligent workflow:

Manual ApproachWith API Agent
Hours to write test casesMinutes to generate
Guess response structureAnalyze actual responses
Manual token managementAutomatic extraction
Copy-paste assertionsSchema-based assertions
One environment onlyMulti-environment ready
Tedious updatesRegenerate from API

Time Saved:

  • Import collection: 30 min → 1 min
  • Create variables: 20 min → 2 min
  • Generate 20 test cases: 4 hours → 10 min
  • Total: ~5 hours → ~15 minutes (95% time savings)

Get Started:

  1. Import your API collection
  2. Create variables
  3. Execute a request to see the response
  4. Ask the API Agent to generate test cases
  5. Run your automated tests

The API Agent handles the tedious work so you can focus on testing strategy and coverage!

Is this documentation incorrect or incomplete? Report an issue on GitHub