When testing an API, it’s crucial to verify how it handles valid requests and responds to incorrect inputs. This process, known as positive and negative testing, ensures that the API behaves as expected in both ideal and edge cases.
Here, I present detailed examples of positive and negative testing in Postman, using a simple API callback function that updates a “notes” field. We’ll cover:
✅ A valid update scenario that successfully updates the notes field.
❌ Three negative test cases where the request fails due to missing data, incorrect field names, or invalid data types.
Each example includes:
- The request setup (endpoint, headers, and body)
- The Postman test script to validate responses
- The expected API response and status codes
/update-notes API Callback Function
API Callback Function
router.post('/update-notes', async (req, res) => {
console.log("Session User in /update-notes:", req.session?.user);
// Ensure req.user is correctly set from the session user
if (!req.user && req.session?.user?._id) {
req.user = await UserCollection.findById(req.session.user._id);
console.log("Manually retrieved user from session:", req.user);
}
// Edge case: If still no valid user, prevent updates
if (!req.user || !req.user._id) {
return res.status(401).json({ message: "Unauthorized: No valid user session" });
}
const { notes } = req.body;
// Validate input
if (!notes || typeof notes !== "string") {
return res.status(400).json({ message: "Invalid request: 'notes' field is required and must be a string" });
}
try {
// Ensure the update only applies to the logged-in user
const updatedUser = await UserCollection.findByIdAndUpdate(
req.user._id,
{ notes },
{ new: true } // Return the updated document
);
if (!updatedUser) {
return res.status(500).json({ message: "Failed to update notes: User not found" });
}
res.json({
message: "Notes updated successfully",
updatedFor: {
username: updatedUser.username,
email: updatedUser.email || "No email on record", // Ensure email always exists
},
notes: updatedUser.notes,
});
} catch (error) {
console.error("Error updating notes:", error);
res.status(500).json({ message: "Error updating notes" });
}
});The callback function above focuses on covering these 2 edge cases:
- Checks if
notesexists → If it’s missing, it returns a400 Bad Requesterror. - Ensures
notesis a string → Prevents updating with invalid data.
Test Cases in Postman
Here is 1 example of positive and 3 examples of negative testing that we want to set up in Postman:
| Scenario | Request Body | Expected Response |
|---|---|---|
| ✅ Valid update | { "notes": "This is my updated note" } | Status: 200 OK Response: { "message": "Notes updated successfully" } |
❌ Missing notes | {} | Status: 400 Bad Request Response: { "message": "Invalid request: 'notes' field is required and must be a string" } |
| ❌ Wrong field name | { "notees": "Wrong key" } | Status: 400 Bad Request Response: { "message": "Invalid request: 'notes' field is required and must be a string" } |
| ❌ Wrong data type | { "notes": 12345 } | Status: 400 Bad Request Response: { "message": "Invalid request: 'notes' field is required and must be a string" } |
My test approach is to make a separate request for each of these test cases.
Valid update test setup
Request: POST
Endpoint: http://localhost:5002/api/update-notes
Headers:
Key: X-Test-Auth
Value: test2:test123
Body:
{ "notes": "This is my updated note" }Test script:
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test("Response should be in JSON format", function () {
pm.response.to.have.header("Content-Type", "application/json; charset=utf-8");
});
pm.test("Response contains a success message", function () {
var jsonData = pm.response.json();
pm.expect(jsonData).to.have.property("message", "Notes updated successfully");
});
pm.test("Response contains the correct username and email", function () {
var jsonData = pm.response.json();
pm.expect(jsonData).to.have.property("updatedFor");
pm.expect(jsonData.updatedFor).to.have.property("username", "test665");
pm.expect(jsonData.updatedFor).to.have.property("email", "[email protected]");
});
pm.test("Response contains the updated notes field", function () {
var jsonData = pm.response.json();
pm.expect(jsonData).to.have.property("notes", "This is my updated note");
});
Test results:
PASSED Status code is 200
PASSED Response should be in JSON format
PASSED Response contains a success message
PASSED Response contains the correct username and email
PASSED Response contains the updated notes field
Expected response:
{
"message": "Notes updated successfully",
"updatedFor": {
"username": "test665",
"email": "[email protected]"
},
"notes": "This is my updated note"
}Response status: 200 OK
Missing notes test setup
Request: POST
Endpoint: http://localhost:5002/api/update-notes
Headers:
Key: X-Test-Auth
Value: test2:test123
Body:
{}Test script:
pm.test("Status code is 400", function () {
pm.response.to.have.status(400);
});
pm.test("Response contains the Invalid request message", function () {
var jsonData = pm.response.json();
pm.expect(jsonData).to.have.property("message", "Invalid request: 'notes' field is required and must be a string");
});Test results:
PASSED Status code is 400
PASSED Response contains the Invalid request message
Expected response:
{ "message": "Invalid request: 'notes' field is required and must be a string" }Response status: 400 Bad Request
Wrong field name test setup
Request: POST
Endpoint: http://localhost:5002/api/update-notes
Headers:
==> Key: X-Test-Auth
==> Value: test2:test123
Body:
{ "notees": "Wrong key" }Test script:
pm.test("Status code is 400", function () {
pm.response.to.have.status(400);
});
pm.test("Response contains the Invalid request message", function () {
var jsonData = pm.response.json();
pm.expect(jsonData).to.have.property("message", "Invalid request: 'notes' field is required and must be a string");
});Test results:
PASSED Status code is 400
PASSED Response contains the Invalid request message
Expected response:
{ "message": "Invalid request: 'notes' field is required and must be a string" }Response status: 400 Bad Request
Wrong data type test setup
Request: POST
Endpoint: http://localhost:5002/api/update-notes
Headers:
==> Key: X-Test-Auth
==> Value: test2:test123
Body:
{ "notes": 12345 }Test script:
pm.test("Status code is 400", function () {
pm.response.to.have.status(400);
});
pm.test("Response contains the Invalid request message", function () {
var jsonData = pm.response.json();
pm.expect(jsonData).to.have.property("message", "Invalid request: 'notes' field is required and must be a string");
});Test results:
PASSED Status code is 400
PASSED Response contains the Invalid request message
Expected response:
{ "message": "Invalid request: 'notes' field is required and must be a string" }Response status: 400 Bad Request
