Introduction
Postman has become the go-to tool for testing and documenting APIs. In 2026, teams expect much more than manual requests: they want automated, reproducible tests integrated into the development cycle. This tutorial shows you how to leverage advanced scripts, dynamic variables, and Newman to transform Postman into a true automated testing platform. You'll learn how to chain complex requests, generate test data on the fly, and integrate your collections into a CI/CD pipeline.
Prerequisites
- Postman Desktop v11 or higher
- Solid knowledge of JavaScript
- Node.js 20+ and npm installed
- A Postman account with API Key
- Access to a REST API to test
Configuring Dynamic Variables
pm.environment.set('timestamp', Date.now());
const uuid = require('uuid');
pm.environment.set('requestId', uuid.v4());
const token = pm.environment.get('accessToken');
if (!token) {
pm.sendRequest({
url: pm.environment.get('authUrl'),
method: 'POST',
body: { mode: 'raw', raw: JSON.stringify({ client_id: pm.environment.get('clientId') }) }
}, function (err, res) {
pm.environment.set('accessToken', res.json().token);
});
}This Pre-request script generates a timestamp and a unique UUID for each request. It also retrieves an authentication token if it's missing, avoiding unnecessary calls.
Advanced Test Script with Assertions
pm.test('Status code is 200', () => pm.response.to.have.status(200));
const jsonData = pm.response.json();
pm.test('Response contains valid user object', () => {
pm.expect(jsonData).to.have.property('id');
pm.expect(jsonData.email).to.match(/^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/);
});
pm.test('Response time is under 300ms', () => {
pm.expect(pm.response.responseTime).to.be.below(300);
});This script validates the status code, data structure, and response time. Assertions use Chai to ensure every response meets the expected contract.
Chaining Requests with Variables
let userId = pm.response.json().id;
pm.environment.set('userId', userId);
postman.setNextRequest('Get User Details');
if (pm.response.code === 201) {
pm.execution.skipRequest('Delete User');
}This code dynamically moves to the next request and skips steps based on the response. It is essential for creating realistic business flows.
Export and Execution with Newman
newman run collection.json \
--environment env.json \
--reporters cli,junit,htmlextra \
--iteration-data data.csv \
--export-environment env-updated.jsonNewman runs the collection from the command line. The reporters generate JUnit reports usable by CI tools and a detailed HTML report.
GitHub Actions Integration
name: Postman Tests
on: [push]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- run: npm install -g newman newman-reporter-htmlextra
- run: newman run collection.json --reporters cli,junit,htmlextraThis workflow triggers Postman tests on every push. Results are published directly in GitHub checks.
Best Practices
- Use environment variables for all sensitive data
- Write atomic and independent tests
- Version your collections with Git via JSON export
- Limit token duration and renew them automatically
- Add JSON schema assertions with tv4 or Ajv
Common Errors to Avoid
- Forgetting to handle asynchronous errors in Pre-request scripts
- Storing secrets in plain text in global variables
- Not resetting variables between iterations
- Ignoring timeouts on slow environments
Going Further
Discover our complete courses on API testing and CI/CD automation at learni-group.com/formations.