My Journey with Postman Testing: From Manual Hell to Automated Heaven with MS Entra and Python
The Day I Realized Manual Testing Was Killing My Productivity
Picture this: It's 2 PM on a Friday, and I'm sitting at my desk clicking through Postman requests for the third time this week, manually testing our Python API that's protected by Microsoft Entra (formerly Azure AD). Each test cycle takes 45 minutes of mindless clicking, copying tokens, and praying I don't miss a step.
User creation? Click, copy token, paste, send. Group assignment? Repeat. Temporary Access Pass generation? You guessed it - more clicking. By the time I finish testing all the Microsoft Graph API integrations, I've lost half my day and most of my sanity.
That Friday afternoon frustration led me down a rabbit hole that completely transformed how I approach API testing. Today, I want to share how I built a comprehensive testing strategy using Postman collections that can test everything from MS Entra authentication to complex Microsoft Graph API operations - all automated, all reliable, and all designed to save your sanity.
This is the story of how I went from manual testing hell to automated testing heaven, complete with real code examples, sequence diagrams, and the hard-learned lessons that made me a better developer.
The Problem: Testing a Python API Protected by MS Entra
Before I show you the solution, let me paint a picture of what I was dealing with. Our architecture looked like this:
What made this challenging:
Token management nightmare: MS Entra tokens expire every hour
Complex authentication flows: Client credentials, on-behalf-of, and user flows
Multiple API endpoints: Our Python backend AND Microsoft Graph API
State management: Users created in one test needed by another
Error scenarios: Testing what happens when things go wrong
I was spending more time managing test data and tokens than actually testing functionality. Something had to change.
Discovery #1: Building the Python Backend That Started It All
Let me show you the Python FastAPI backend that became the foundation of my testing journey. This API handles user management operations while being protected by MS Entra:
Discovery #2: The Postman Collection That Changed Everything
After building the API, I needed a way to test it systematically. That's when I discovered the power of Postman collections with proper environment management and automated workflows.
But here's where it gets interesting - I didn't want to just click through Postman manually forever. I wanted true end-to-end automation that I could run from the command line and integrate into my CI/CD pipeline. Enter Newman.
The Complete Testing Flow: From Postman to Newman to CI/CD
Let me show you the entire journey of how a test flows through my system:
This diagram shows the complete evolution of my testing approach - from manual Postman clicks to fully automated CI/CD integration. Let me break down each phase.
Setting Up the Postman Environment
First, I created a Postman environment with all the variables I needed:
The Authentication Request That Started It All
This is the Postman request that gets an access token from MS Entra. It became the foundation for all my testing:
Discovery #3: Performance Testing - When My API Met Reality
Before I dive into the end-to-end testing flow, let me share a story that completely changed how I think about API performance. It was a Tuesday morning when our "perfectly working" API got its first real load test from actual users. Within 30 minutes, everything was on fire.
Our Python API that handled 10 test requests beautifully started returning 500 errors when 50 concurrent users tried to create accounts simultaneously. MS Entra token requests were timing out, database connections were exhausted, and I was frantically trying to figure out why my beautiful code was falling apart.
That day taught me that functional testing isn't enough. You need to know how your API behaves under pressure, where it breaks, and what happens when things go wrong. Enter performance testing with Postman - the reality check every API needs.
Load Testing: Finding Your API's Sweet Spot
Load testing became my way of answering the question: "How many users can my API handle before it starts sweating?" Here's how I built a comprehensive load testing strategy using Postman and Newman.
Setting Up Performance Test Data
First, I created a separate environment for performance testing with realistic data volumes:
Load Testing Collection Structure
I organized my performance tests into a dedicated collection with realistic user scenarios:
Load Test: User Creation Under Pressure
Here's my load testing approach for the user creation endpoint:
Newman CLI for Load Testing
Here's how I run load tests using Newman with proper concurrency:
Breakpoint Testing: Finding the Breaking Point
Breakpoint testing (also called stress testing) answers the question: "At what point does my API completely fall apart?" This became crucial for capacity planning and setting realistic SLAs.
Breakpoint Test Strategy
My approach to breakpoint testing involves gradually increasing load until the system breaks:
Breakpoint Test: Progressive User Creation Load
Advanced Newman Script for Breakpoint Testing
Performance Testing in CI/CD Pipeline
I integrated performance testing into my deployment pipeline to catch performance regressions early:
Discovery #4: End-to-End Testing Flow That Actually Works
Now, with performance testing foundation in place, here's the complete functional testing flow that transformed my development process:
1. User Creation Test
2. Group Creation and Management Test
3. Temporary Access Pass Generation Test
4. Integration Test with Microsoft Graph API Direct Call
The Complete Testing Strategy: From Performance to Function
Here's how all these tests work together in a comprehensive testing scenario that covers both performance and functionality:
Discovery #5: Newman CLI - Taking Tests from GUI to Command Line
Here's where my testing journey took an exciting turn. Clicking through Postman was great for development, but I wanted something more powerful - the ability to run my entire test suite from the command line, in CI/CD pipelines, and on any machine without opening the Postman GUI.
Enter Newman - Postman's command-line companion that changed everything about how I deploy and test my APIs.
Installing Newman: The 5-Minute Setup
That's it. Five minutes, and I went from GUI-only testing to command-line automation power.
My First Newman Run: The "Aha!" Moment
Remember that Postman collection I built? Let me show you how I run it with Newman:
The first time I ran this and watched my tests execute automatically in the terminal, I literally said "Where have you been all my life?"
The Newman Test Execution Flow
Let me show you what happens when Newman runs your tests:
Newman Command Options That Saved My Life
Here are the Newman options I use daily, with the real-world scenarios where they saved me:
The Test Report That Makes You Look Professional
Newman with the htmlextra reporter generates beautiful HTML reports that I actually love showing to my team. Here's what you get:
The report includes:
β Total requests executed
β Pass/fail summary with percentages
β Response time charts
β Test assertions results
β Environment data used
β Request/response details
β Failed test details with actual vs expected
Discovery #6: GitHub Actions CI/CD - The Final Boss Level
After mastering Newman locally, I wanted the ultimate automation: run tests automatically on every git push. This is where GitHub Actions entered my life and changed my deployment workflow forever.
The Complete CI/CD Pipeline Architecture
My GitHub Actions Workflow File
Here's the actual workflow file I use (.github/workflows/api-tests.yml):
Setting Up GitHub Secrets
For the workflow to work, you need to add these secrets to your GitHub repository:
The Multi-Environment Testing Strategy
I also created separate workflows for different environments:
The Local Development Script
I also created a bash script for local testing that mimics the CI/CD pipeline:
Make it executable:
My Pre-request Scripts That Made Everything Smooth
Now that you've seen the complete automation pipeline, let me share the pre-request scripts that tie everything together. One of the biggest game-changers was writing reusable pre-request scripts. Here's the collection-level pre-request script I use:
Collection-Level Test Scripts for Comprehensive Validation
I also created collection-level test scripts that run after every request:
My Newman CLI Scripts for CI/CD Integration
The real power came when I integrated these tests into my CI/CD pipeline using Newman:
And the corresponding GitHub Actions workflow:
What I Learned: The Hard-Won Lessons
After months of refining this comprehensive testing approach, here are the insights that made the biggest difference:
1. Performance Testing Changed Everything
The most eye-opening discovery was how differently my API behaved under load:
Single user vs. reality: My API worked perfectly with one user but broke at 30 concurrent users
Token bottlenecks: MS Entra token requests became the bottleneck under high load
Database connections: Connection pool exhaustion happened faster than expected
Memory leaks: Small memory leaks became major issues under sustained load
Cascade failures: One slow endpoint affected the entire application
2. Breakpoint Testing Revealed Hidden Limits
Finding where your API breaks teaches you more than any documentation:
Know your limits: Every system has a breaking point - find it before your users do
Plan for scale: Use breakpoint data to plan infrastructure scaling
Set realistic SLAs: You can't promise 99.9% uptime if you break at 50 users
Capacity planning: Know when to scale before you need to scale
Graceful degradation: Design your API to fail gracefully, not catastrophically
3. Token Management Is Everything (Even More Under Load)
The biggest challenge wasn't the API logic - it was managing MS Entra tokens properly under pressure:
Token caching: Cache tokens at the application level to reduce MS Entra load
Bulk operations: Group operations to minimize token requests
Rate limiting: MS Entra has rate limits that become apparent under load
Circuit breakers: Implement circuit breakers for token acquisition
Monitoring: Track token acquisition success rates and response times
4. Load Testing Environments Need Special Care
Performance testing taught me that test environments need to be realistic:
Similar hardware: Test environment should match production specs
Network conditions: Test with realistic network latency and bandwidth
Data volumes: Test with production-like data volumes
Dependencies: Include all external dependencies in performance tests
Clean slate: Start each performance test run with a clean environment
5. Performance Monitoring Integration Is Critical
Performance testing is only valuable if you can act on the results:
Baseline establishment: Establish performance baselines for regression detection
Trend analysis: Track performance trends over time, not just point-in-time results
Alert thresholds: Set up alerts when performance degrades beyond acceptable limits
Automated regression detection: Fail builds when performance regresses significantly
Capacity planning: Use performance data to predict when you'll need to scale
6. Team Performance Culture Matters
Building a culture around performance testing was as important as the technical implementation:
Performance requirements: Include performance requirements in user stories
Regular testing: Run performance tests on every major release
Shared ownership: Make performance everyone's responsibility, not just DevOps
Performance reviews: Include performance analysis in code reviews
Education: Train the team on performance testing tools and techniques
The Results: From 45 Minutes to 5 Minutes (Plus Performance Confidence)
Let me share the concrete improvements this comprehensive testing strategy brought to my development workflow:
Before Comprehensive Testing:
Manual test cycle: 45 minutes of clicking through Postman for functional tests
Performance testing: Nonexistent (discovered issues in production)
Token management: 10 minutes per session copying/pasting tokens
Load testing: Manual, infrequent, and unreliable
Capacity planning: Guesswork based on "it should be fine"
Error debugging: Hours trying to reproduce issues
Confidence level: Low (always worried about breaking things under load)
Team onboarding: New developers needed days to understand the testing process
After Comprehensive Automated Testing:
Full functional test suite: 5 minutes running Newman CLI
Performance test suite: 15 minutes for comprehensive load + breakpoint testing
Token management: Automatic, with proper expiration handling and load testing
Load testing: Automated, repeatable, and integrated into CI/CD
Capacity planning: Data-driven decisions based on actual breakpoint testing
Error debugging: Clear logs, structured reporting, and performance correlation
Confidence level: High (comprehensive test coverage including performance)
Team onboarding: New developers can run all tests immediately
The Numbers That Matter:
Development velocity: Increased by 400% (functional + performance testing automation)
Bug detection: 95% of integration and performance issues caught before deployment
Performance incidents: Reduced by 80% (proactive capacity management)
Mean time to resolution: Decreased by 60% (better debugging data)
Team satisfaction: No more manual testing complaints OR performance surprises
CI/CD integration: Zero manual intervention required for any testing
Capacity planning accuracy: Improved from guesswork to 95% accurate predictions
Performance-Specific Improvements:
Load testing time: From 4 hours manual testing to 15 minutes automated
Breakpoint discovery: From "hope for the best" to "know exactly when we break"
Scalability confidence: From nervous about traffic spikes to welcoming them
Infrastructure costs: 30% reduction through accurate capacity planning
Performance regression detection: From post-incident to pre-deployment
My Advice for Your Comprehensive Testing Journey
If you're facing similar API testing challenges, here's what I wish someone had told me about building a complete testing strategy:
Start Simple:
Begin with basic auth: Get token management working first
Test one endpoint: Don't try to test everything at once
Use environment variables: Even for your first test
Add logging: Console.log statements are your debugging friend
Start with functional: Get functional tests working before adding performance
Add Performance Gradually:
Single user first: Ensure your functional tests pass consistently
Small load tests: Start with 5-10 virtual users
Monitor everything: Add performance monitoring from day one
Know your baseline: Establish performance baselines before optimizing
Automate early: Don't wait to integrate performance tests into CI/CD
Build Incrementally:
Add tests one by one: Build confidence gradually
Use Newman early: Don't wait to integrate CLI testing
Write good test descriptions: Future you will thank you
Handle errors gracefully: Tests should fail clearly when something's wrong
Test failure scenarios: Include performance testing under failure conditions
Scale Thoughtfully:
Organize collections logically: Separate functional and performance tests
Use folder structure: Group related tests by functionality and type
Share with your team: Make collections easily accessible
Document everything: Good README files save onboarding time
Plan for growth: Design your testing strategy to scale with your application
Performance-Specific Advice:
Test early and often: Performance problems are harder to fix later
Realistic test environments: Performance tests need production-like conditions
Know your dependencies: Test the performance of external dependencies
Plan for scale: Use performance data for capacity planning
Fail fast: Set up alerts when performance degrades beyond acceptable limits
The Ultimate Performance Testing Checklist
Here's my go-to checklist for comprehensive API performance testing with Postman:
Pre-Test Setup:
Load Testing:
Breakpoint Testing:
Token Performance Testing:
Error Scenario Testing:
Reporting and Analysis:
The End of Manual Testing Hell and Performance Surprises
Looking back at that frustrated Friday afternoon when I was manually clicking through Postman tests, and remembering that devastating Tuesday morning when my API crumbled under real user load, I'm amazed at how much this comprehensive testing approach transformed my development experience.
I went from dreading API testing to actually looking forward to seeing both my functional and performance test suites run. From spending hours debugging integration issues to catching both functional and performance problems before they ever reach production. From being terrified of traffic spikes to welcoming them with confidence. From onboarding new team members with days of testing explanation to having them run comprehensive test suites in minutes.
The performance testing component especially changed how I think about software development. Instead of building features and hoping they scale, I now build features knowing exactly how they'll behave under pressure. Instead of reactive firefighting when performance issues arise, I proactively prevent them through systematic testing.
Most importantly, I learned that good testing isn't about perfect code - it's about confidence at scale. These Postman collections don't just test my API; they give me the confidence to ship features, refactor code, handle traffic spikes, and sleep well knowing that if something breaks functionally or performance-wise, I'll know about it immediately with enough detail to fix it quickly.
The goal was never to eliminate all bugs or performance issues. The goal was to catch them early, understand them quickly, and fix them confidently while building systems that can handle real-world load gracefully.
The Three Pillars of My Testing Philosophy:
Functional Correctness: Does it work as intended?
Performance Reliability: Does it work under realistic load?
Operational Confidence: Can we detect, understand, and fix issues quickly?
This comprehensive approach addresses all three pillars systematically.
Mission accomplished. Now if you'll excuse me, I'm going to run my complete test suite - functional tests, load tests, and breakpoint tests - one more time just because I can, and it'll all be done before my coffee gets cold. And more importantly, I'll know exactly how my API will behave when real users start hitting it hard.
That's the difference between hoping your software works and knowing it works. That's the difference between reactive firefighting and proactive engineering. That's the difference between manual testing hell and automated testing heaven - with performance confidence as the cherry on top.
For those who want the TL;DR, here's my complete testing workflow in one place:
1. Development Phase (Postman GUI)
2. Local Automation (Newman CLI)
3. CI/CD Integration (GitHub Actions)
4. Continuous Monitoring (Scheduled Tests)
Resources and Tools
Essential Links
Postman: https://www.postman.com/downloads/
Newman: https://www.npmjs.com/package/newman
Newman HTML Reporter: https://www.npmjs.com/package/newman-reporter-htmlextra
Microsoft Graph API: https://learn.microsoft.com/en-us/graph/
MS Entra (Azure AD): https://learn.microsoft.com/en-us/entra/
Postman Collections
Below are the complete Postman collection and environment files you can use right away. No GitHub repo needed - just copy, paste, and start testing!
Complete Postman Collection Files
1. Full Test Suite Collection
File: ms-entra-api-tests.json
2. Smoke Tests Collection
File: smoke-tests.json
3. Environment Files
File: local.json
File: staging.json
File: ci-staging.json (For GitHub Actions)
4. Performance Test Collection
File: performance-tests.json
How to Use These Collections
Step 1: Import into Postman
Copy the JSON content from any collection above
Open Postman
Click "Import" button
Paste the JSON content
Click "Import"
Step 2: Setup Environment
Copy the environment JSON (e.g., local.json)
In Postman, click "Environments" (left sidebar)
Click "Import" and paste the JSON
Replace placeholder values with your actual credentials
Step 3: Run with Newman
About This Guide
Published: November 2025
Reading Time: ~30 minutes
Experience Level: Intermediate
Topics: API Testing, MS Entra, Postman, Newman, CI/CD, GitHub Actions
Tech Stack:
Postman & Newman
Python FastAPI
Microsoft Entra (Azure AD)
Microsoft Graph API
GitHub Actions
Node.js
Key Takeaways
β Manual testing doesn't scale - Automate with Newman CLI
β CI/CD integration is essential - Catch issues before production
β Performance testing matters - Know your breaking points
β Environment management - Separate local, staging, production
β Token automation - Never manually copy tokens again
β Test reports build confidence - Beautiful HTML reports for stakeholders
β Fail fast in development - Use --bail to stop on first error
β Scheduled monitoring - Catch production issues proactively
Questions? Found this helpful? Share your API testing experiences in the comments!
This guide was written based on real-world experience building and testing production APIs with Microsoft Entra authentication. All code examples are tested and working. Performance metrics are based on actual implementations.
Disclaimer: API performance varies based on infrastructure, data volume, and network conditions. Always test in environments similar to your production setup.
// Collection: Performance Testing - MS Entra API
// This collection runs high-volume tests to identify performance bottlenecks
// Collection Pre-request Script
console.log("π Starting Performance Test Suite");
console.log(`π Target: ${pm.environment.get("virtual_users")} virtual users`);
console.log(`β±οΈ Ramp-up: ${pm.environment.get("ramp_up_time")} seconds`);
console.log(`π― Threshold: ${pm.environment.get("performance_threshold_ms")}ms`);
// Set unique identifiers for this performance run
const performanceRunId = Date.now();
pm.environment.set("performance_run_id", performanceRunId);
pm.environment.set("start_time", new Date().toISOString());
// Initialize performance counters
pm.environment.set("requests_sent", "0");
pm.environment.set("requests_failed", "0");
pm.environment.set("total_response_time", "0");
// Request: Load Test - Create Users
// POST {{api_base_url}}/users
// Headers
Authorization: Bearer {{access_token}}
Content-Type: application/json
// Body (JSON)
{
"displayName": "LoadTest User {{$timestamp}}-{{$randomInt}}",
"userPrincipalName": "loadtest{{$timestamp}}{{$randomInt}}@yourdomain.com",
"mailNickname": "loadtest{{$timestamp}}{{$randomInt}}",
"password": "LoadTest123!{{$randomInt}}"
}
// Pre-request Script
console.log(`π Load Test Iteration: ${pm.info.iteration + 1}`);
// Generate unique test data to avoid conflicts
const uniqueId = `${Date.now()}-${Math.floor(Math.random() * 10000)}`;
pm.environment.set("unique_test_id", uniqueId);
// Record request start time for detailed performance tracking
pm.environment.set("request_start_time", Date.now());
// Tests Script
const responseTime = pm.response.responseTime;
const threshold = parseInt(pm.environment.get("performance_threshold_ms"));
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test(`Response time is under ${threshold}ms`, function () {
pm.expect(responseTime).to.be.below(threshold);
});
pm.test("Response has required fields", function () {
const jsonData = pm.response.json();
pm.expect(jsonData).to.have.property('success');
pm.expect(jsonData).to.have.property('user');
});
pm.test("User creation successful", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.success).to.be.true;
pm.expect(jsonData.user.id).to.be.a('string');
});
// Performance metrics collection
let requestsSent = parseInt(pm.environment.get("requests_sent")) + 1;
let requestsFailed = parseInt(pm.environment.get("requests_failed"));
let totalResponseTime = parseInt(pm.environment.get("total_response_time")) + responseTime;
if (pm.response.code !== 200) {
requestsFailed += 1;
}
pm.environment.set("requests_sent", requestsSent.toString());
pm.environment.set("requests_failed", requestsFailed.toString());
pm.environment.set("total_response_time", totalResponseTime.toString());
// Calculate and log performance statistics
const avgResponseTime = totalResponseTime / requestsSent;
const failureRate = (requestsFailed / requestsSent) * 100;
console.log(`π Performance Stats:`);
console.log(` Requests: ${requestsSent}`);
console.log(` Failures: ${requestsFailed} (${failureRate.toFixed(2)}%)`);
console.log(` Avg Response Time: ${avgResponseTime.toFixed(2)}ms`);
console.log(` Current Response Time: ${responseTime}ms`);
// Log performance warnings
if (responseTime > threshold) {
console.log(`β οΈ WARNING: Response time ${responseTime}ms exceeds threshold ${threshold}ms`);
}
if (failureRate > 5) {
console.log(`π¨ ALERT: Failure rate ${failureRate.toFixed(2)}% is too high!`);
}
#!/bin/bash
# load-test.sh - My go-to script for load testing
echo "ποΈ Starting Load Testing with Newman"
# Configuration
VIRTUAL_USERS=50
ITERATIONS=100
RAMP_UP_TIME=30
DELAY_REQUEST=100 # 100ms delay between requests per user
echo "π Test Configuration:"
echo " Virtual Users: $VIRTUAL_USERS"
echo " Iterations per User: $ITERATIONS"
echo " Ramp-up Time: $RAMP_UP_TIME seconds"
echo " Request Delay: ${DELAY_REQUEST}ms"
# Create results directory
mkdir -p results/load-tests/$(date +%Y%m%d_%H%M%S)
RESULT_DIR="results/load-tests/$(date +%Y%m%d_%H%M%S)"
# Run load test
newman run "postman/Performance-Tests.postman_collection.json" \
--environment "postman/Performance-Testing.postman_environment.json" \
--iteration-count $ITERATIONS \
--delay-request $DELAY_REQUEST \
--timeout-request 30000 \
--timeout-script 10000 \
--reporters cli,junit,htmlextra \
--reporter-junit-export "$RESULT_DIR/load-test-results.xml" \
--reporter-htmlextra-export "$RESULT_DIR/load-test-report.html" \
--reporter-htmlextra-title "Load Test Results - $VIRTUAL_USERS Users" \
--reporter-htmlextra-displayProgressBar \
--color on
# Check results
if [ $? -eq 0 ]; then
echo "β Load test completed successfully!"
echo "π Results saved to: $RESULT_DIR"
else
echo "β Load test failed!"
exit 1
fi
# Extract key metrics (this would be enhanced with actual log parsing)
echo "π Key Performance Metrics:"
echo " Check the HTML report for detailed analysis"
echo " Location: $RESULT_DIR/load-test-report.html"
// Collection: Breakpoint Testing - Finding the Limit
// This collection increases load until the API breaks
// Collection Pre-request Script for Breakpoint Testing
const currentIteration = pm.info.iteration;
const baseUsers = 10;
const userIncrement = 5;
const currentUsers = baseUsers + (Math.floor(currentIteration / 10) * userIncrement);
pm.environment.set("current_virtual_users", currentUsers.toString());
pm.environment.set("breakpoint_iteration", currentIteration.toString());
console.log(`π₯ Breakpoint Test - Iteration ${currentIteration}`);
console.log(`π₯ Current Virtual Users: ${currentUsers}`);
// Set aggressive thresholds for breakpoint testing
pm.environment.set("breakpoint_threshold_ms", "5000");
pm.environment.set("acceptable_failure_rate", "10");
// Request: Breakpoint Test - User Creation
// POST {{api_base_url}}/users
// Headers
Authorization: Bearer {{access_token}}
Content-Type: application/json
// Body (JSON)
{
"displayName": "BreakpointTest {{$timestamp}}-{{$randomInt}}",
"userPrincipalName": "breakpoint{{$timestamp}}{{$randomInt}}@yourdomain.com",
"mailNickname": "breakpoint{{$timestamp}}{{$randomInt}}",
"password": "Breakpoint123!{{$randomInt}}"
}
// Pre-request Script
const currentUsers = pm.environment.get("current_virtual_users");
const iteration = pm.environment.get("breakpoint_iteration");
console.log(`π₯ Breakpoint Test - ${currentUsers} virtual users`);
console.log(`π Iteration: ${iteration}`);
// Tests Script
const responseTime = pm.response.responseTime;
const threshold = parseInt(pm.environment.get("breakpoint_threshold_ms"));
pm.test("Response received (may be error)", function () {
// Just check that we got some response
pm.expect(pm.response.code).to.be.oneOf([200, 400, 401, 403, 429, 500, 502, 503, 504]);
});
pm.test("Response time tracking", function () {
// Track response time even for failed requests
pm.expect(responseTime).to.be.a('number');
});
// Breakpoint analysis
let breakpointData = pm.environment.get("breakpoint_data");
if (!breakpointData) {
breakpointData = JSON.stringify({
tests: [],
breakpointFound: false,
breakpointUsers: 0
});
}
let data = JSON.parse(breakpointData);
const currentUsers = parseInt(pm.environment.get("current_virtual_users"));
// Record this test result
data.tests.push({
iteration: parseInt(pm.environment.get("breakpoint_iteration")),
virtualUsers: currentUsers,
responseTime: responseTime,
statusCode: pm.response.code,
success: pm.response.code === 200,
timestamp: new Date().toISOString()
});
// Calculate failure rate for current load level
const currentLevelTests = data.tests.filter(t => t.virtualUsers === currentUsers);
const failureRate = (currentLevelTests.filter(t => !t.success).length / currentLevelTests.length) * 100;
console.log(`π Current Load Analysis:`);
console.log(` Virtual Users: ${currentUsers}`);
console.log(` Response Time: ${responseTime}ms`);
console.log(` Status Code: ${pm.response.code}`);
console.log(` Failure Rate: ${failureRate.toFixed(2)}%`);
// Detect breakpoint
const acceptableFailureRate = parseInt(pm.environment.get("acceptable_failure_rate"));
if (failureRate > acceptableFailureRate && !data.breakpointFound) {
data.breakpointFound = true;
data.breakpointUsers = currentUsers;
console.log(`π¨ BREAKPOINT DETECTED!`);
console.log(`π₯ System breaks at ${currentUsers} virtual users`);
console.log(`π Failure rate: ${failureRate.toFixed(2)}%`);
}
if (responseTime > threshold) {
console.log(`β οΈ Performance degradation: ${responseTime}ms > ${threshold}ms`);
}
pm.environment.set("breakpoint_data", JSON.stringify(data));
#!/bin/bash
# breakpoint-test.sh - Find where your API breaks
echo "π₯ Starting Breakpoint Testing"
# Configuration
START_USERS=5
MAX_USERS=200
USER_INCREMENT=10
ITERATIONS_PER_LEVEL=20
FAILURE_THRESHOLD=15 # % failure rate that indicates breakpoint
echo "π― Breakpoint Test Configuration:"
echo " Starting Users: $START_USERS"
echo " Maximum Users: $MAX_USERS"
echo " User Increment: $USER_INCREMENT"
echo " Iterations per Level: $ITERATIONS_PER_LEVEL"
echo " Failure Threshold: $FAILURE_THRESHOLD%"
# Create results directory
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
RESULT_DIR="results/breakpoint-tests/$TIMESTAMP"
mkdir -p "$RESULT_DIR"
# Track breakpoint discovery
BREAKPOINT_FOUND=false
BREAKPOINT_USERS=0
# Progressive load testing
for ((users=$START_USERS; users<=$MAX_USERS; users+=$USER_INCREMENT)); do
echo ""
echo "π₯ Testing with $users virtual users..."
# Calculate delay to simulate the user load
delay=$((1000 / users)) # Adjust delay based on user count
# Run test for current user level
newman run "postman/Breakpoint-Tests.postman_collection.json" \
--environment "postman/Performance-Testing.postman_environment.json" \
--iteration-count $ITERATIONS_PER_LEVEL \
--delay-request $delay \
--timeout-request 30000 \
--reporters cli,json \
--reporter-json-export "$RESULT_DIR/breakpoint-${users}users.json" \
--env-var "current_virtual_users=$users" \
--silent
# Analyze results
if [ -f "$RESULT_DIR/breakpoint-${users}users.json" ]; then
# Parse results (simplified - in reality you'd use jq or python)
FAILURES=$(grep -o '"failure"' "$RESULT_DIR/breakpoint-${users}users.json" | wc -l)
TOTAL_TESTS=$ITERATIONS_PER_LEVEL
FAILURE_RATE=$((FAILURES * 100 / TOTAL_TESTS))
echo "π Results for $users users:"
echo " Failures: $FAILURES/$TOTAL_TESTS"
echo " Failure Rate: $FAILURE_RATE%"
# Check if breakpoint reached
if [ $FAILURE_RATE -gt $FAILURE_THRESHOLD ] && [ "$BREAKPOINT_FOUND" = false ]; then
BREAKPOINT_FOUND=true
BREAKPOINT_USERS=$users
echo "π¨ BREAKPOINT DETECTED!"
echo "π₯ API breaks at approximately $users virtual users"
echo "π Failure rate exceeded $FAILURE_THRESHOLD%"
break
fi
fi
# Brief pause between load levels
sleep 5
done
# Generate final report
echo ""
echo "π Breakpoint Test Summary"
echo "=========================="
if [ "$BREAKPOINT_FOUND" = true ]; then
echo "β Breakpoint found: $BREAKPOINT_USERS virtual users"
echo "π‘ Recommended capacity: $((BREAKPOINT_USERS * 70 / 100)) users (70% of breakpoint)"
else
echo "β οΈ No breakpoint found up to $MAX_USERS users"
echo "π‘ API appears stable at tested load levels"
fi
echo "π Detailed results: $RESULT_DIR"
# .github/workflows/performance-tests.yml
name: Performance Testing Pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
# Run performance tests nightly
- cron: '0 2 * * *'
jobs:
performance-test:
runs-on: ubuntu-latest
environment: staging
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install Newman
run: |
npm install -g newman
npm install -g newman-reporter-htmlextra
- name: Deploy to Staging
run: |
# Deploy your API to staging environment
echo "Deploying API to staging..."
# Your deployment commands here
- name: Wait for API to be Ready
run: |
echo "Waiting for API to be ready..."
for i in {1..30}; do
if curl -f "${{ secrets.STAGING_API_URL }}/health"; then
echo "API is ready!"
break
fi
echo "Waiting... ($i/30)"
sleep 10
done
- name: Run Load Tests
run: |
newman run postman/Performance-Tests.postman_collection.json \
--environment postman/Performance-Testing.postman_environment.json \
--iteration-count 50 \
--delay-request 200 \
--timeout-request 30000 \
--reporters cli,junit,htmlextra \
--reporter-junit-export results/load-test-results.xml \
--reporter-htmlextra-export results/load-test-report.html \
--reporter-htmlextra-title "Nightly Load Test Results"
env:
TENANT_ID: ${{ secrets.TENANT_ID }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
- name: Run Breakpoint Tests
run: |
./scripts/breakpoint-test.sh
env:
TENANT_ID: ${{ secrets.TENANT_ID }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
- name: Performance Regression Check
run: |
# Compare with baseline performance metrics
python scripts/performance-regression-check.py \
--current results/load-test-results.xml \
--baseline baseline/performance-baseline.xml \
--threshold 20 # 20% performance degradation threshold
- name: Upload Performance Results
uses: actions/upload-artifact@v3
if: always()
with:
name: performance-test-results
path: results/
- name: Comment PR with Performance Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
// Read performance results and comment on PR
const fs = require('fs');
const path = 'results/load-test-report.html';
if (fs.existsSync(path)) {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'π Performance test results are available in the artifacts section of this workflow run.'
});
}
// Request: Create Test User
// POST {{api_base_url}}/users
// Headers
Authorization: Bearer {{access_token}}
Content-Type: application/json
// Body (JSON)
{
"displayName": "Test User {{$timestamp}}",
"userPrincipalName": "testuser{{$timestamp}}@yourdomain.com",
"mailNickname": "testuser{{$timestamp}}",
"password": "TempPassword123!"
}
// Pre-request Script
console.log("π€ Creating test user...");
// Generate unique username to avoid conflicts
const timestamp = Date.now();
pm.environment.set("test_timestamp", timestamp);
// Tests Script
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test("User created successfully", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.success).to.be.true;
pm.expect(jsonData.user).to.have.property('id');
pm.expect(jsonData.user).to.have.property('displayName');
pm.expect(jsonData.user).to.have.property('userPrincipalName');
});
pm.test("Response time is less than 5000ms", function () {
pm.expect(pm.response.responseTime).to.be.below(5000);
});
// Store user ID for subsequent tests
if (pm.response.code === 200) {
const jsonData = pm.response.json();
pm.environment.set("test_user_id", jsonData.user.id);
pm.environment.set("test_user_upn", jsonData.user.userPrincipalName);
console.log(`β User created: ${jsonData.user.displayName}`);
console.log(`π§ UPN: ${jsonData.user.userPrincipalName}`);
console.log(`π User ID: ${jsonData.user.id}`);
} else {
console.log("β Failed to create user");
}
// Request: Create Test Group
// POST {{api_base_url}}/groups
// Headers
Authorization: Bearer {{access_token}}
Content-Type: application/json
// Body (JSON)
{
"displayName": "Test Group {{$timestamp}}",
"mailNickname": "testgroup{{$timestamp}}",
"description": "Test group created by Postman automation"
}
// Pre-request Script
console.log("π₯ Creating test group...");
// Tests Script
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test("Group created successfully", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.success).to.be.true;
pm.expect(jsonData.group).to.have.property('id');
pm.expect(jsonData.group).to.have.property('displayName');
pm.expect(jsonData.group.securityEnabled).to.be.true;
});
// Store group ID for subsequent tests
if (pm.response.code === 200) {
const jsonData = pm.response.json();
pm.environment.set("test_group_id", jsonData.group.id);
console.log(`β Group created: ${jsonData.group.displayName}`);
console.log(`π Group ID: ${jsonData.group.id}`);
} else {
console.log("β Failed to create group");
}
// Request: Create Temporary Access Pass
// POST {{api_base_url}}/users/{{test_user_id}}/temporary-access-pass
// Headers
Authorization: Bearer {{access_token}}
Content-Type: application/json
// Body (JSON)
{
"userId": "{{test_user_id}}",
"isUsableOnce": true,
"lifetimeInMinutes": 60
}
// Pre-request Script
console.log("π Creating Temporary Access Pass...");
// Verify we have a test user ID
if (!pm.environment.get("test_user_id")) {
throw new Error("No test user ID found. Please run user creation test first.");
}
// Tests Script
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test("TAP created successfully", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.success).to.be.true;
pm.expect(jsonData.temporaryAccessPass).to.have.property('temporaryAccessPass');
pm.expect(jsonData.temporaryAccessPass).to.have.property('createdDateTime');
pm.expect(jsonData.temporaryAccessPass).to.have.property('lifetimeInMinutes');
});
pm.test("TAP has correct properties", function () {
const jsonData = pm.response.json();
const tap = jsonData.temporaryAccessPass;
pm.expect(tap.isUsableOnce).to.be.true;
pm.expect(tap.lifetimeInMinutes).to.eql(60);
pm.expect(tap.temporaryAccessPass).to.be.a('string');
pm.expect(tap.temporaryAccessPass.length).to.be.greaterThan(0);
});
// Store TAP value for potential use in other tests
if (pm.response.code === 200) {
const jsonData = pm.response.json();
pm.environment.set("tap_value", jsonData.temporaryAccessPass.temporaryAccessPass);
console.log("β Temporary Access Pass created successfully");
console.log(`π TAP Value: ${jsonData.temporaryAccessPass.temporaryAccessPass}`);
console.log(`β° Lifetime: ${jsonData.temporaryAccessPass.lifetimeInMinutes} minutes`);
} else {
console.log("β Failed to create Temporary Access Pass");
}
// Request: Get User via Graph API
// GET {{graph_base_url}}/users/{{test_user_id}}
// Headers
Authorization: Bearer {{access_token}}
Content-Type: application/json
// Pre-request Script
console.log("π Getting user directly from Microsoft Graph...");
// Verify we have required data
if (!pm.environment.get("test_user_id")) {
throw new Error("No test user ID found. Please run user creation test first.");
}
// Tests Script
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test("User data retrieved successfully", function () {
const jsonData = pm.response.json();
pm.expect(jsonData).to.have.property('id');
pm.expect(jsonData).to.have.property('displayName');
pm.expect(jsonData).to.have.property('userPrincipalName');
pm.expect(jsonData.accountEnabled).to.be.true;
});
pm.test("User ID matches created user", function () {
const jsonData = pm.response.json();
const expectedUserId = pm.environment.get("test_user_id");
pm.expect(jsonData.id).to.eql(expectedUserId);
});
// Log user information for verification
if (pm.response.code === 200) {
const jsonData = pm.response.json();
console.log("β User retrieved from Graph API successfully");
console.log(`π€ Display Name: ${jsonData.displayName}`);
console.log(`π§ UPN: ${jsonData.userPrincipalName}`);
console.log(`π ID: ${jsonData.id}`);
console.log(`βοΈ Account Enabled: ${jsonData.accountEnabled}`);
} else {
console.log("β Failed to retrieve user from Graph API");
}
# Install Newman globally
npm install -g newman
# Install the HTML reporter for beautiful test reports
npm install -g newman-reporter-htmlextra
# Verify installation
newman --version
# newman/6.0.0
# Check available reporters
newman run --reporters
# Export your Postman collection and environment first
# Then run this beautiful command:
newman run ms-entra-api-tests.json \
--environment ms-entra-env.json \
--reporters cli,htmlextra \
--reporter-htmlextra-export ./reports/test-report.html \
--bail \
--color on
# 1. Basic run with environment
newman run collection.json -e environment.json
# 2. Run with multiple reporters (my daily driver)
newman run collection.json \
-e environment.json \
--reporters cli,json,htmlextra \
--reporter-htmlextra-export ./reports/api-test-$(date +%Y%m%d-%H%M%S).html \
--reporter-json-export ./reports/test-results.json
# 3. Run with global variables (for CI/CD secrets)
newman run collection.json \
-e environment.json \
--global-var "client_secret=$CLIENT_SECRET" \
--global-var "tenant_id=$TENANT_ID"
# 4. Run specific folder only (when debugging one feature)
newman run collection.json \
-e environment.json \
--folder "User Management Tests"
# 5. Stop on first failure (fail fast during development)
newman run collection.json \
-e environment.json \
--bail
# 6. Run with iterations (load testing)
newman run collection.json \
-e environment.json \
--iteration-count 100 \
--delay-request 100
# 7. Run with timeout (prevent hanging tests)
newman run collection.json \
-e environment.json \
--timeout-request 30000 \
--timeout-script 5000
# 8. Run with verbose output (when things go wrong)
newman run collection.json \
-e environment.json \
--verbose \
--color on
# 9. My ultimate testing command (combines everything)
newman run ms-entra-api-tests.json \
-e environments/staging.json \
--global-var "client_secret=$MS_ENTRA_SECRET" \
--global-var "tenant_id=$MS_ENTRA_TENANT" \
--reporters cli,htmlextra,json \
--reporter-htmlextra-export ./reports/test-report-$(date +%Y%m%d-%H%M%S).html \
--reporter-json-export ./reports/results.json \
--bail \
--timeout-request 30000 \
--color on \
--verbose
# Generate the report
newman run collection.json \
-e environment.json \
--reporters htmlextra \
--reporter-htmlextra-export ./reports/test-report.html \
--reporter-htmlextra-title "MS Entra API Test Report" \
--reporter-htmlextra-showEnvironmentData
# Open the report (macOS)
open ./reports/test-report.html
# Or on Linux
xdg-open ./reports/test-report.html
name: MS Entra API Tests
# Trigger on push to main or pull requests
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
# Manual trigger option
workflow_dispatch:
# Environment variables
env:
NODE_VERSION: '18'
NEWMAN_VERSION: '6.0.0'
jobs:
api-tests:
name: Run API Integration Tests
runs-on: ubuntu-latest
# Service container for API (if needed)
services:
api:
image: your-api-image:latest
ports:
- 8000:8000
env:
TENANT_ID: ${{ secrets.MS_ENTRA_TENANT_ID }}
CLIENT_ID: ${{ secrets.MS_ENTRA_CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.MS_ENTRA_CLIENT_SECRET }}
steps:
# Step 1: Checkout code
- name: π₯ Checkout repository
uses: actions/checkout@v4
# Step 2: Setup Node.js
- name: π’ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
# Step 3: Install Newman
- name: π¦ Install Newman and reporters
run: |
npm install -g newman@${{ env.NEWMAN_VERSION }}
npm install -g newman-reporter-htmlextra
newman --version
# Step 4: Wait for API to be ready
- name: β³ Wait for API to be ready
run: |
echo "Waiting for API to be ready..."
timeout 60 bash -c 'until curl -f http://localhost:8000/health; do sleep 2; done'
echo "β API is ready!"
# Step 5: Run smoke tests first
- name: π Run Smoke Tests
run: |
newman run postman/collections/smoke-tests.json \
-e postman/environments/ci-staging.json \
--global-var "tenant_id=${{ secrets.MS_ENTRA_TENANT_ID }}" \
--global-var "client_id=${{ secrets.MS_ENTRA_CLIENT_ID }}" \
--global-var "client_secret=${{ secrets.MS_ENTRA_CLIENT_SECRET }}" \
--reporters cli \
--bail \
--color on
# Step 6: Run full integration tests
- name: π§ͺ Run Integration Tests
run: |
newman run postman/collections/ms-entra-api-tests.json \
-e postman/environments/ci-staging.json \
--global-var "tenant_id=${{ secrets.MS_ENTRA_TENANT_ID }}" \
--global-var "client_id=${{ secrets.MS_ENTRA_CLIENT_ID }}" \
--global-var "client_secret=${{ secrets.MS_ENTRA_CLIENT_SECRET }}" \
--reporters cli,htmlextra,json \
--reporter-htmlextra-export reports/test-report-${{ github.run_number }}.html \
--reporter-htmlextra-title "MS Entra API Tests - Build #${{ github.run_number }}" \
--reporter-json-export reports/test-results.json \
--timeout-request 30000 \
--bail \
--color on
# Step 7: Upload test reports as artifacts
- name: π Upload Test Reports
if: always() # Run even if tests fail
uses: actions/upload-artifact@v4
with:
name: test-reports-${{ github.run_number }}
path: reports/
retention-days: 30
# Step 8: Comment on PR with test results (if PR)
- name: π¬ Comment Test Results on PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const results = JSON.parse(fs.readFileSync('reports/test-results.json', 'utf8'));
const total = results.run.stats.requests.total;
const passed = results.run.stats.assertions.total - results.run.stats.assertions.failed;
const failed = results.run.stats.assertions.failed;
const passRate = ((passed / (passed + failed)) * 100).toFixed(2);
const comment = `## π§ͺ API Test Results
**Build:** #${{ github.run_number }}
**Status:** ${failed === 0 ? 'β PASSED' : 'β FAILED'}
### Summary
- **Total Requests:** ${total}
- **Assertions Passed:** ${passed}
- **Assertions Failed:** ${failed}
- **Pass Rate:** ${passRate}%
- **Avg Response Time:** ${results.run.timings.responseAverage}ms
π [View Full Report](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.name,
body: comment
});
# Step 9: Send Slack notification (optional)
- name: π’ Send Slack Notification
if: always()
uses: slackapi/slack-github-action@v1
with:
payload: |
{
"text": "${{ job.status == 'success' && 'β ' || 'β' }} API Tests - Build #${{ github.run_number }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*API Integration Tests*\n*Status:* ${{ job.status }}\n*Branch:* ${{ github.ref_name }}\n*Build:* #${{ github.run_number }}"
}
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "View Report"
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
# Go to: Repository Settings > Secrets and variables > Actions > New repository secret
# Add these secrets:
MS_ENTRA_TENANT_ID=your-tenant-id-here
MS_ENTRA_CLIENT_ID=your-client-id-here
MS_ENTRA_CLIENT_SECRET=your-client-secret-here
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
# .github/workflows/api-tests-staging.yml
name: Staging API Tests
on:
push:
branches: [ develop ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run tests against staging
run: |
newman run postman/collections/ms-entra-api-tests.json \
-e postman/environments/staging.json \
--global-var "client_secret=${{ secrets.STAGING_CLIENT_SECRET }}"
# .github/workflows/api-tests-production.yml
name: Production Smoke Tests
on:
schedule:
# Run every hour
- cron: '0 * * * *'
workflow_dispatch:
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run smoke tests against production
run: |
newman run postman/collections/smoke-tests.json \
-e postman/environments/production.json \
--global-var "client_secret=${{ secrets.PROD_CLIENT_SECRET }}"
#!/bin/bash
# run-tests-local.sh
set -e # Exit on error
echo "π§ͺ Starting Local API Test Suite"
echo "=================================="
# Load environment variables
source .env
# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Check if Newman is installed
if ! command -v newman &> /dev/null; then
echo "β Newman is not installed. Installing..."
npm install -g newman newman-reporter-htmlextra
fi
# Create reports directory
mkdir -p reports
# Run smoke tests first
echo ""
echo "π Running smoke tests..."
if newman run postman/collections/smoke-tests.json \
-e postman/environments/local.json \
--reporters cli \
--bail \
--color on; then
echo -e "${GREEN}β Smoke tests passed${NC}"
else
echo -e "${RED}β Smoke tests failed${NC}"
exit 1
fi
# Run full test suite
echo ""
echo "π§ͺ Running full integration tests..."
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
if newman run postman/collections/ms-entra-api-tests.json \
-e postman/environments/local.json \
--global-var "tenant_id=$MS_ENTRA_TENANT_ID" \
--global-var "client_id=$MS_ENTRA_CLIENT_ID" \
--global-var "client_secret=$MS_ENTRA_CLIENT_SECRET" \
--reporters cli,htmlextra,json \
--reporter-htmlextra-export "reports/test-report-$TIMESTAMP.html" \
--reporter-json-export "reports/test-results-$TIMESTAMP.json" \
--timeout-request 30000 \
--color on; then
echo -e "${GREEN}β All tests passed!${NC}"
echo ""
echo "π Test report: reports/test-report-$TIMESTAMP.html"
# Open report in browser (macOS)
open "reports/test-report-$TIMESTAMP.html"
exit 0
else
echo -e "${RED}β Tests failed${NC}"
echo ""
echo "π Test report: reports/test-report-$TIMESTAMP.html"
# Open report in browser to see failures
open "reports/test-report-$TIMESTAMP.html"
exit 1
fi
chmod +x run-tests-local.sh
./run-tests-local.sh
// Collection Pre-request Script
// This script runs before every request in the collection
console.log(`π Running request: ${pm.info.requestName}`);
// Function to check if token is expired
function isTokenExpired() {
const expiresAt = pm.environment.get("token_expires_at");
if (!expiresAt) return true;
const expirationTime = new Date(expiresAt);
const now = new Date();
const buffer = 5 * 60 * 1000; // 5 minute buffer
return now >= (expirationTime - buffer);
}
// Function to refresh token if needed
async function refreshTokenIfNeeded() {
const currentToken = pm.environment.get("access_token");
if (!currentToken || isTokenExpired()) {
console.log("π Token expired or missing, refreshing...");
// This would trigger the token refresh request
// In practice, you'd implement automatic token refresh here
console.log("β οΈ Please run 'Get MS Entra Access Token' request first");
} else {
console.log("β Token is valid, proceeding with request");
}
}
// Check token status
refreshTokenIfNeeded();
// Add timestamp for unique test data
pm.environment.set("timestamp", Date.now());
// Helper function to generate test data
function generateTestUserData() {
const timestamp = pm.environment.get("timestamp");
return {
displayName: `Test User ${timestamp}`,
userPrincipalName: `testuser${timestamp}@yourdomain.com`,
mailNickname: `testuser${timestamp}`
};
}
// Make helper functions available globally
pm.globals.set("generateTestUserData", generateTestUserData.toString());
// Collection Post-request Script
// This script runs after every request in the collection
console.log(`β Completed request: ${pm.info.requestName}`);
console.log(`π Response time: ${pm.response.responseTime}ms`);
console.log(`π Response size: ${pm.response.responseSize} bytes`);
// Global tests that should pass for all requests
pm.test("Response time is reasonable", function () {
pm.expect(pm.response.responseTime).to.be.below(10000); // 10 seconds max
});
pm.test("Response has proper headers", function () {
pm.expect(pm.response.headers.get("Content-Type")).to.include("json");
});
// Log any errors for debugging
if (pm.response.code >= 400) {
console.log(`β Request failed with status: ${pm.response.code}`);
console.log(`π Response body: ${pm.response.text()}`);
} else {
console.log(`β Request succeeded with status: ${pm.response.code}`);
}
// Track test results
const testResults = pm.response.json();
if (testResults && testResults.success !== undefined) {
if (testResults.success) {
console.log("π API operation completed successfully");
} else {
console.log("β οΈ API operation reported failure");
}
}
#!/bin/bash
# run-api-tests.sh - The script that runs in my CI/CD pipeline
echo "π§ͺ Starting API Integration Tests"
# Set environment variables
export TENANT_ID="your-tenant-id"
export CLIENT_ID="your-client-id"
export CLIENT_SECRET="your-client-secret"
# Run the collection with Newman
newman run "MS-Entra-API-Tests.postman_collection.json" \
--environment "MS-Entra-Testing.postman_environment.json" \
--reporters cli,junit,htmlextra \
--reporter-junit-export results/junit-report.xml \
--reporter-htmlextra-export results/test-report.html \
--timeout-request 30000 \
--delay-request 1000 \
--bail \
--color on
# Check if tests passed
if [ $? -eq 0 ]; then
echo "β All tests passed!"
exit 0
else
echo "β Some tests failed!"
exit 1
fi
# Save collections and environments to files first
# Then run with Newman:
newman run ms-entra-api-tests.json \
-e local.json \
--reporters cli,htmlextra \
--reporter-htmlextra-export ./test-report.html
