Bird
Raised Fist0
Postmantesting~8 mins

Header assertions in Postman - Framework Patterns

Choose your learning style10 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Framework Mode - Header assertions
Folder Structure for Postman Test Collections
postman-project/
├── collections/
│   ├── user-api.postman_collection.json
│   ├── product-api.postman_collection.json
│   └── auth-api.postman_collection.json
├── environments/
│   ├── dev.postman_environment.json
│   ├── staging.postman_environment.json
│   └── prod.postman_environment.json
├── tests/
│   ├── headerAssertions.test.js
│   └── utils.js
├── scripts/
│   └── pre-request-scripts.js
├── reports/
│   └── test-report.html
└── postman.config.json
Test Framework Layers in Postman Header Assertions
  • Collections: Group API requests logically (e.g., User API, Product API).
  • Environments: Store variables like base URLs, tokens for different setups.
  • Tests: JavaScript code snippets inside Postman to assert response headers and other data.
  • Pre-request Scripts: Setup or modify request data before sending (e.g., auth tokens).
  • Utilities: Helper functions for reusable assertions or data parsing.
  • Reports: Generated test run reports showing pass/fail results.
Configuration Patterns for Header Assertions
  • Environment Variables: Use variables for base URLs, expected header values, and tokens to switch easily between dev, staging, and prod.
  • Global Variables: Store common header names or values used across collections.
  • Collection Variables: Define headers or expected values specific to a collection.
  • Postman Config File: Manage collection and environment references for automated runs.
  • Data-driven Testing: Use CSV/JSON files with different header values to test multiple scenarios.
Test Reporting and CI/CD Integration
  • Newman CLI: Run Postman collections from command line with detailed reports.
  • Reporters: Use HTML, JSON, or JUnit reporters with Newman for readable test results.
  • CI/CD Pipelines: Integrate Newman runs in Jenkins, GitHub Actions, GitLab CI to automate tests on code changes.
  • Failure Alerts: Configure notifications (email, Slack) on test failures.
  • Historical Reports: Store reports for trend analysis and debugging.
Best Practices for Header Assertions in Postman
  1. Use Explicit Assertions: Check exact header names and values using pm.response.headers.get() and pm.expect().
  2. Validate Presence and Value: Assert both that a header exists and that its value matches expected patterns.
  3. Reuse Assertion Code: Create utility functions for common header checks to avoid duplication.
  4. Use Environment Variables: Avoid hardcoding expected header values; use variables for flexibility.
  5. Run Tests in CI/CD: Automate header assertion tests to catch regressions early.
Self Check Question

Where in this folder structure would you add a new test script to assert a custom header X-Custom-Header in the User API responses?

Key Result
Organize Postman collections with environment configs and reusable test scripts to assert response headers effectively.

Practice

(1/5)
1. What does the Postman assertion pm.response.to.have.header('Content-Type') check for?
easy
A. It checks if the response body contains the text 'Content-Type'.
B. It checks if the response includes a header named 'Content-Type'.
C. It verifies the status code of the response is 200.
D. It checks if the request has a header named 'Content-Type'.

Solution

  1. Step 1: Understand the assertion method

    The method pm.response.to.have.header() is used to check response headers.

  2. Step 2: Identify what is being checked

    The argument 'Content-Type' specifies the header name to look for in the response.

  3. Final Answer:

    It checks if the response includes a header named 'Content-Type'. -> Option B

  4. Quick Check:

    Header presence check = It checks if the response includes a header named 'Content-Type'. [OK]
Hint: Look for 'response.to.have.header' to check response headers [OK]
Common Mistakes:
  • Confusing response headers with response body content
  • Checking request headers instead of response headers
  • Assuming it checks status codes
2. Which of the following is the correct syntax to assert that the response header 'Cache-Control' has the value 'no-cache' in Postman?
easy
A. pm.expect(pm.response.headers.get('Cache-Control')).to.eql('no-cache');
B. pm.response.to.have.header('Cache-Control', 'no-cache');
C. pm.expect(response.headers['Cache-Control']).to.equal('no-cache');
D. pm.response.headers('Cache-Control').equals('no-cache');

Solution

  1. Step 1: Recall correct Postman syntax for header value assertion

    Use pm.expect(pm.response.headers.get('Header-Name')).to.eql('value') to check header value.

  2. Step 2: Check each option's syntax

    pm.expect(pm.response.headers.get('Cache-Control')).to.eql('no-cache'); uses correct method headers.get() and assertion to.eql(). Others have syntax errors or incorrect usage.

  3. Final Answer:

    pm.expect(pm.response.headers.get('Cache-Control')).to.eql('no-cache'); -> Option A

  4. Quick Check:

    Use headers.get() with pm.expect() [OK]
Hint: Use headers.get('name') inside pm.expect() for header value checks [OK]
Common Mistakes:
  • Using incorrect method like headers('name')
  • Trying to pass two arguments to to.have.header()
  • Using response.headers as an object without get()
3. Given this Postman test snippet:
pm.test('Check Server header', () => {
  pm.expect(pm.response.headers.get('Server')).to.equal('nginx');
});

What will happen if the response header 'Server' is 'Apache'?
medium
A. The test will be skipped automatically.
B. The test will pass because the header exists.
C. The test will throw a syntax error.
D. The test will fail because the header value is not 'nginx'.

Solution

  1. Step 1: Understand the assertion

    The test expects the 'Server' header value to be exactly 'nginx'.

  2. Step 2: Compare actual header value

    The actual header value is 'Apache', which does not match 'nginx', so assertion fails.

  3. Final Answer:

    The test will fail because the header value is not 'nginx'. -> Option D

  4. Quick Check:

    Value mismatch causes failure [OK]
Hint: Exact value mismatch causes test failure [OK]
Common Mistakes:
  • Assuming header presence is enough to pass
  • Thinking syntax error occurs on value mismatch
  • Believing test skips on assertion failure
4. You wrote this Postman test:
pm.test('Check Content-Length', () => {
  pm.expect(pm.response.headers.get('Content-Length')).to.be('1234');
});

Why does this test fail to run correctly?
medium
A. Because the value '1234' is a number and should not be in quotes.
B. Because 'Content-Length' header does not exist in the response.
C. Because to.be is not a valid assertion method; it should be to.equal or to.eql.
D. Because pm.response.headers.get returns an array, not a string.

Solution

  1. Step 1: Check assertion method correctness

    The method to.be is not a valid Chai assertion method for value equality in Postman.

  2. Step 2: Identify correct assertion method

    Use to.equal or to.eql to compare values correctly.

  3. Final Answer:

    Because to.be is not a valid assertion method; it should be to.equal or to.eql. -> Option C

  4. Quick Check:

    Use to.equal() for value assertions [OK]
Hint: Use to.equal() or to.eql() for value checks, not to.be [OK]
Common Mistakes:
  • Using to.be() instead of to.equal()
  • Assuming header value is numeric without quotes
  • Thinking headers.get() returns array
5. You want to write a Postman test to verify that the response has a header named 'X-Rate-Limit' and its value is a number greater than 1000. Which code snippet correctly achieves this?
hard
A. pm.test('X-Rate-Limit check', () => { const val = Number(pm.response.headers.get('X-Rate-Limit')); pm.expect(val).to.be.above(1000); });
B. pm.test('X-Rate-Limit check', () => { pm.expect(pm.response.headers.get('X-Rate-Limit')).to.be.greaterThan(1000); });
C. pm.test('X-Rate-Limit check', () => { pm.expect(pm.response.headers.has('X-Rate-Limit')).to.equal(true); pm.expect(pm.response.headers.get('X-Rate-Limit') > 1000).to.be.true; });
D. pm.test('X-Rate-Limit check', () => { pm.expect(parseInt(pm.response.headers.get('X-Rate-Limit'))).to.be.greaterThan(1000); });

Solution

  1. Step 1: Extract and convert header value to number

    Use Number() to convert the header string value to a number for comparison.

  2. Step 2: Use correct assertion for numeric comparison

    Use pm.expect(val).to.be.above(1000) to check if the number is greater than 1000.

  3. Final Answer:

    pm.test('X-Rate-Limit check', () => { const val = Number(pm.response.headers.get('X-Rate-Limit')); pm.expect(val).to.be.above(1000); }); -> Option A

  4. Quick Check:

    Convert header to number, then assert with to.be.above() [OK]
Hint: Convert header string to number before numeric assertions [OK]
Common Mistakes:
  • Using to.be.greaterThan() which is not a valid Chai method
  • Not converting header value to number before comparison
  • Trying to compare header string directly to number