NEW CASE STUDY: How we built top-rated shopping apps for Crate & Barrel and CB2
API response validation involves verifying whether an API's response aligns with the specified set of criteria. This process ensures the API functions as intended, returning the correct data in the appropriate format. API response validation helps developers spot problems or mistakes in the API's answer faster, making it easier to fix them.
The validation process involves comparing the API response against predefined rules and standards to check if it meets the expected criteria. These rules and standards can include data types, data formats, response codes, headers, and more.
There are numerous tools and frameworks available for API response validation, including JSON Schema, Swagger, Postman, and more. These tools help to automate the validation process and provide detailed feedback on any errors or issues detected.
✅ Ensures accurate and complete data from your API
✅ Provides consistent API responses
✅ Handles errors in a consistent, predictable manner
✅ Secures your API, preventing sensitive data exposure
✅ Scales your API to handle large data volumes
✅ Guarantees API availability
✅ Makes your API easy to use and understand
✅ Ensures reliable and expected API performance
✅ Guarantees compatibility with other applications and systems
✅ Assists in troubleshooting and improving API quality
Checking the status code: This indicates whether the API is functioning correctly.
Checking the response time: This provides insights into the API's performance.
Checking the data: This validates the accuracy of the data returned by the API.
Validating API response data is critical for preventing errors and unexpected results in your application. You can use online JSON validators or create custom validation code to ensure the correct response data format.
Ensures the API is working correctly
Identifies issues with the request
Improves user experience
Enhances API security
Overall, testing status codes ensures successful projects and better experiences for clients and users.
The origin of API status codes isn’t entirely clear, but they were first popularized by Roy Fielding in his 2000 doctoral dissertation. They provide information about whether a request was successful or if an error occurred. API status codes can be categorized into:
1xx: Informational responses
2xx: Successful responses
3xx: Redirection messages
4xx: Client error responses
5xx: Server Error response
Some commonly seen API responses include:
200 OK - The request was successful.
400 Bad Request - The request wasn't formatted correctly.
401 Unauthorized - The request wasn't authenticated.
403 Forbidden - The user doesn't have necessary permissions.
404 Not Found - The requested resource wasn't found.
500 Internal Server Error - There was a server error.
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
Here is an example schema:
var schema =
{
“type”: “object”,
“properties”: {
“sessionId”: {
“type”: “string”
},
“firstName”: {
“type”: “string”
},
“lastName”: {
“type”: “string”
},
“email”: {
“type”: “string”
},
“phone”: {
“type”: “string”
},
“additionalItems”: false <- If this is false it will validate there are no additional Items expected in response
},
“required”: [ <- The values under required states they are mandatory values
“sessionId”,
“firstName”,
“lastName”,
“email”,
“phone”
],
“additionalItems”: false <- If this is false it will validate there are no additional Items expected in response
}
pm.test("Verify the first name in response", function () {
pm.expect(responseJson.firstName).to.be.equal(pm.collectionVariables.get("firstName"))
});
pm.test("Response time is less than 200ms", function () {
pm.expect(pm.response.responseTime).to.be.below(200);
});
pm.test("Body matches string", function () {
pm.expect(pm.response.text()).to.include("string_you_want_to_search");
});
Our emails are (almost) as cool as our digital products.
Your phone will break before our apps do.
© 2025, Heady LLC.