NEXT LEVEL LAB — DevOps API Testing (AWS + Auth + CI/CD mindset)

🎯 Scenario

You deployed a backend API (FastAPI / Node / Java — doesn’t matter) on:

• AWS ECS / EKS / EC2
• Behind Load Balancer

Example API:














You must:

• Verify it works
• Validate authentication
• Test protected endpoints
• Catch failures BEFORE deployment

🧠 PART 1 — WHERE API IS LOCATED (REAL WORLD)

In real DevOps:


🔹 AWS ECS / ALB













🔹 Kubernetes (Ingress)













🔹 API Gateway













👉 This URL = your entry point





🧠 PART 2 — API STRUCTURE (REAL APP)

Typical endpoints:







🚀 PART 3 — BUILD REAL POSTMAN COLLECTION




📁 ENVIRONMENT





{
"base_url": "http://your-api-alb.amazonaws.com"
}










✅ TEST 1 — HEALTH CHECK (CRITICAL)

Request:





GET {{base_url}}/health







Tests:





pm.test("Service is UP", function () {
pm.response.to.have.status(200);
});

pm.test("Response contains status OK", function () {
const json = pm.response.json();
pm.expect(json.status).to.eql("ok");
});










👉 DevOps meaning:

• Used in Load Balancer health checks
• Used in Kubernetes readiness/liveness probes

✅ TEST 2 — LOGIN (AUTHENTICATION)

Request:





POST {{base_url}}/login







Body:





{
"username": "admin",
"password": "password123"
}










Tests:





const json = pm.response.json();

pm.test("Login success", function () {
pm.response.to.have.status(200);
});

pm.test("Token received", function () {
pm.expect(json.token).to.exist;
});

// Save token globally
pm.environment.set("auth_token", json.token);










👉 DevOps meaning:

• Verifies authentication service
• Detects broken IAM / auth integration

✅ TEST 3 — PROTECTED API (VERY IMPORTANT)

Request:





GET {{base_url}}/users







Headers:





Authorization: Bearer {{auth_token}}










Tests:





pm.test("Authorized access", function () {
pm.response.to.have.status(200);
});

pm.test("Users returned", function () {
const json = pm.response.json();
pm.expect(json.length).to.be.above(0);
});










👉 DevOps checks:

• Token works
• Backend connected to DB
• No 500 errors

❌ TEST 4 — SECURITY TEST (NO TOKEN)

Request:





GET {{base_url}}/users







(no headers)





Tests:





pm.test("Unauthorized access blocked", function () {
pm.response.to.have.status(401);
});










👉 DevOps meaning:

• Security validation
• Prevents open APIs

⚡ TEST 5 — PERFORMANCE CHECK





pm.test("Response time ", function () {
pm.expect(pm.response.responseTime).to.be.below(30 0);
});










👉 DevOps meaning:

• Detect slow deployments
• Catch DB/network issues

💣 TEST 6 — FAILURE SIMULATION

Request:





GET {{base_url}}/crash







Tests:





pm.test("Server should not crash", function () {
pm.expect(pm.response.code).to.not.eql(500);
});










👉 DevOps:

• Catch backend crashes early

🚀 PART 4 — AUTOMATION (REAL PIPELINE)




Export:

• collection.json
• environment.json

Run with Newman:





newman run collection.json -e environment.json










🔥 CI/CD PIPELINE EXAMPLE (REAL)





name: API Tests

on: [push]

jobs:
test-api:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Install Newman
run: npm install -g newman

- name: Run API Tests
run: newman run collection.json -e environment.json










💣 REAL FAILURE SCENARIO

If:

• /health fails → service DOWN
• /login fails → auth broken
• /users fails → DB broken

👉 Pipeline = ❌ FAIL

👉 Deployment = ❌ STOP





🧠 PART 5 — HOW DEVOPS DEBUGS

If test fails:


Step 1:





curl http://api-url/health







Step 2:

Check logs:

• ECS → CloudWatch
• Kubernetes → kubectl logs
• EC2 → /var/log

Step 3:

Check:

• Security groups
• DB connection
• Env variables

🧠 PART 6 — REAL INTERVIEW ANSWER

👉 Question:

"How do you validate API in DevOps?"


Answer:





You now understand:


✔ Where API lives (ALB, EKS, API Gateway)

✔ How to find endpoints

✔ What DevOps tests (NOT QA level)

✔ Auth + security testing

✔ Performance checks

✔ CI/CD automation

✔ Failure handling




More...