Postmantesting~15 mins

Rate limit testing in Postman - Build an Automation Script

Choose your learning style9 modes available

Learn Why Deep Trace Try Challenge Automate Recall Frame

Verify API rate limiting works as expected

Preconditions (2)

Step 1: Send 10 requests to the API endpoint within 1 minute

Step 2: Observe the response status codes and messages for each request

✅ Expected Result: The first N requests (within the allowed limit) return status 200 OK. Requests exceeding the rate limit return status 429 Too Many Requests with an appropriate error message.

Automation Requirements - Postman

Assertions Needed:

Verify response status code is 200 for allowed requests

Verify response status code is 429 for requests exceeding the limit

Verify error message is present in 429 responses

Best Practices:

Use Postman Collection Runner to send multiple requests

Use environment variables to track request count

Add tests in Postman scripts to assert status codes and messages

Add delays if needed to simulate timing between requests

Automated Solution

Postman

/* Postman Pre-request Script */
if (!pm.environment.get('requestCount')) {
    pm.environment.set('requestCount', 1);
} else {
    let count = parseInt(pm.environment.get('requestCount'));
    pm.environment.set('requestCount', count + 1);
}

/* Postman Test Script */
const count = parseInt(pm.environment.get('requestCount'));

if (count <= 10) {
    pm.test('Status code is 200 for allowed requests', function () {
        pm.response.to.have.status(200);
    });
} else {
    pm.test('Status code is 429 for rate limit exceeded', function () {
        pm.response.to.have.status(429);
    });
    pm.test('Response has rate limit error message', function () {
        pm.expect(pm.response.text()).to.include('rate limit');
    });
}

The Pre-request Script initializes and increments a counter stored in Postman environment variables to track how many requests have been sent.

The Test Script checks the current count. For the first 10 requests, it asserts the response status is 200 OK. For requests beyond 10, it asserts the status is 429 Too Many Requests and verifies the response contains a rate limit error message.

This approach simulates sending multiple requests and validates the API's rate limiting behavior automatically within Postman.

Common Mistakes - 3 Pitfalls

{'mistake': 'Not resetting the request count between test runs', 'why_bad': 'The counter keeps increasing across runs, causing false failures or passes.', 'correct_approach': "Reset the environment variable 'requestCount' to 0 or remove it before starting a new test run."}

Not checking for the correct status code for rate limit exceeded

{'mistake': 'Sending all requests too quickly without delay', 'why_bad': 'Some APIs count requests per time window; sending too fast may not simulate real usage.', 'correct_approach': "Add delays between requests if needed using Postman Collection Runner's delay option."}

Bonus Challenge

Now add data-driven testing with 3 different API endpoints to verify rate limiting on each.

Show Hint