Skip to content

AbrarRagib/api-test-automation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🧪 API Test Automation — Restful-Booker (Postman + Newman + CI)

Postman Newman CI

Automated API test suite for the public Restful-Booker hotel booking API, built to demonstrate professional SQA practices end-to-end: test planning, test case design, negative & security testing, contract (schema) validation, request chaining, data-driven execution, CI integration, and defect reporting.

Author: Abrar Ragib — SQA Engineer · LinkedIn · Email


🔎 What this project demonstrates

Skill Where to look
Formal test planning (IEEE-829 style) TEST-PLAN.md
Test case design with traceability docs/TEST-CASES.md — 16 cases mapped 1:1 to automated requests
Full CRUD lifecycle testing Collection folder 03 - Bookings CRUD (Create → Read → Update → Patch → Delete → Verify 404)
Request chaining Auth token + bookingId passed between requests via collection variables
Contract / schema testing pm.response.to.have.jsonSchema() on booking creation
Negative & boundary testing Invalid credentials, non-existent IDs, malformed JSON
Basic security testing Mutations without a token asserted to return 403
Dynamic test data Pre-request scripts randomize names & prices → runs are self-contained and repeatable
Data-driven testing data/booking-data.csv iterated via Newman -d
Non-functional checks Collection-level response-time SLA on every request
CI/CD integration .github/workflows/api-tests.yml — runs on push, PR, and nightly cron; publishes JUnit results + HTML report artifact
Defect reporting docs/BUG-REPORT-TEMPLATE.md with 2 real defects found & documented

🐞 Real findings

This suite doesn't just pass — it found and documented two contract deviations in the API:

  1. DEF-001: POST /auth with bad credentials returns 200 OK + "Bad credentials" instead of 401 Unauthorized.
  2. DEF-002: DELETE /booking/{id} returns 201 Created instead of 200/204.

See the defect log in docs/TEST-CASES.md and the worked bug report in docs/BUG-REPORT-TEMPLATE.md.

📁 Repository structure

.
├── TEST-PLAN.md                          # Formal test plan (scope, approach, criteria, risks)
├── postman/
│   ├── Restful-Booker-API-Tests.postman_collection.json
│   └── environments/
│       └── qa.postman_environment.json
├── data/
│   └── booking-data.csv                  # Data-driven iterations for Newman
├── docs/
│   ├── TEST-CASES.md                     # Test case catalog + defect log
│   └── BUG-REPORT-TEMPLATE.md            # Template + worked example
├── newman-reports/                       # HTML/JUnit reports (generated, git-ignored)
└── .github/workflows/api-tests.yml       # CI pipeline

🚀 How to run

Option A — Postman GUI

  1. Import postman/Restful-Booker-API-Tests.postman_collection.json.
  2. Import postman/environments/qa.postman_environment.json and select it.
  3. Open the Collection Runner and run the whole collection (folder order matters: Auth before CRUD).

Option B — Newman CLI

npm install -g newman newman-reporter-htmlextra

newman run postman/Restful-Booker-API-Tests.postman_collection.json \
  -e postman/environments/qa.postman_environment.json \
  -r cli,htmlextra \
  --reporter-htmlextra-export newman-reports/report.html

Option C — Data-driven run (CSV iterations)

newman run postman/Restful-Booker-API-Tests.postman_collection.json \
  -e postman/environments/qa.postman_environment.json \
  -d data/booking-data.csv \
  --folder "03 - Bookings CRUD" \
  -r cli,htmlextra --reporter-htmlextra-export newman-reports/data-driven-report.html

Option D — CI

Every push, pull request, and a nightly cron trigger the suite automatically via GitHub Actions. Test results appear as a check on the commit; the HTML report is downloadable from the run's Artifacts.

🧠 Test strategy in one paragraph

The suite gates execution with a smoke check, generates its own randomized test data so runs are independent and repeatable against a shared public environment, chains state (token, bookingId) across requests to validate the true lifecycle rather than isolated calls, validates the response contract with JSON Schema (not just status codes), attacks the API with negative and unauthenticated requests to confirm error handling and authorization, and asserts a response-time SLA globally. Everything is version-controlled and runs headlessly in CI with human-readable HTML reporting.

🧰 Tech stack

Postman (Collection v2.1, Chai assertions, pre-request scripting) · Newman + htmlextra reporter · GitHub Actions · JSON Schema · CSV data files

📌 Notes

  • Target API is the public Restful-Booker practice service; the admin/password123 credentials are the vendor's published demo credentials (no secrets in this repo).
  • The demo instance resets periodically and can be slow on cold start — the smoke test warms it and SLAs are set accordingly.

About

API test automation with Postman, Newman & GitHub Actions — CRUD lifecycle, negative testing, schema validation, and HTML reporting.

Topics

Resources

Stars

5 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors