π― Scenario
You deployed a backend API (FastAPI / Node / Java β doesnβt matter) on:
- AWS ECS / EKS / EC2
- Behind Load Balancer
Example API:
http://your-api-alb.amazonaws.com
You must:
- Verify it works
- Validate authentication
- Test protected endpoints
- Catch failures BEFORE deployment
π§ PART 1 β WHERE API IS LOCATED (REAL WORLD)
In real DevOps:
πΉ AWS ECS / ALB
http://my-api-123.us-east-1.elb.amazonaws.com
πΉ Kubernetes (Ingress)
http://api.mycompany.com
πΉ API Gateway
https://abc123.execute-api.us-east-1.amazonaws.com/prod
π This URL = your entry point
π§ PART 2 β API STRUCTURE (REAL APP)
Typical endpoints:
| Endpoint | Purpose |
|---|---|
/health |
Health check |
/login |
Auth |
/users |
Data |
/orders |
Business logic |
π PART 3 β BUILD REAL POSTMAN COLLECTION
π ENVIRONMENT
{"base_url":"http://your-api-alb.amazonaws.com"}β TEST 1 β HEALTH CHECK (CRITICAL)
Request:
GET {{base_url}}/health
Tests:
pm.test("Service is UP", function () {
pm.response.to.have.status(200);
});
pm.test("Response contains status OK", function () {
const json = pm.response.json();
pm.expect(json.status).to.eql("ok");
});
π DevOps meaning:
- Used in Load Balancer health checks
- Used in Kubernetes readiness/liveness probes
β TEST 2 β LOGIN (AUTHENTICATION)
Request:
POST {{base_url}}/login
Body:
{"username":"admin","password":"password123"}Tests:
const json = pm.response.json();
pm.test("Login success", function () {
pm.response.to.have.status(200);
});
pm.test("Token received", function () {
pm.expect(json.token).to.exist;
});
// Save token globally
pm.environment.set("auth_token", json.token);
π DevOps meaning:
- Verifies authentication service
- Detects broken IAM / auth integration
β TEST 3 β PROTECTED API (VERY IMPORTANT)
Request:
GET {{base_url}}/users
Headers:
Authorization: Bearer {{auth_token}}
Tests:
pm.test("Authorized access", function () {
pm.response.to.have.status(200);
});
pm.test("Users returned", function () {
const json = pm.response.json();
pm.expect(json.length).to.be.above(0);
});
π DevOps checks:
- Token works
- Backend connected to DB
- No 500 errors
β TEST 4 β SECURITY TEST (NO TOKEN)
Request:
GET {{base_url}}/users
(no headers)
Tests:
pm.test("Unauthorized access blocked", function () {
pm.response.to.have.status(401);
});
π DevOps meaning:
- Security validation
- Prevents open APIs
β‘ TEST 5 β PERFORMANCE CHECK
pm.test("Response time < 300ms", function () {
pm.expect(pm.response.responseTime).to.be.below(300);
});
π DevOps meaning:
- Detect slow deployments
- Catch DB/network issues
π£ TEST 6 β FAILURE SIMULATION
Request:
GET {{base_url}}/crash
Tests:
pm.test("Server should not crash", function () {
pm.expect(pm.response.code).to.not.eql(500);
});
π DevOps:
- Catch backend crashes early
π PART 4 β AUTOMATION (REAL PIPELINE)
Export:
collection.jsonenvironment.json
Run with Newman:
newman run collection.json -e environment.json
π₯ CI/CD PIPELINE EXAMPLE (REAL)
name: API Tests
on: [push]
jobs:
test-api:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Newman
run: npm install -g newman
- name: Run API Tests
run: newman run collection.json -e environment.json
π£ REAL FAILURE SCENARIO
If:
-
/healthfails β service DOWN -
/loginfails β auth broken -
/usersfails β DB broken
π Pipeline = β FAIL
π Deployment = β STOP
π§ PART 5 β HOW DEVOPS DEBUGS
If test fails:
Step 1:
curl http://api-url/health
Step 2:
Check logs:
- ECS β CloudWatch
- Kubernetes β
kubectl logs - EC2 β
/var/log
Step 3:
Check:
- Security groups
- DB connection
- Env variables
π§ PART 6 β REAL INTERVIEW ANSWER
π Question:
"How do you validate API in DevOps?"
Answer:
I validate API using Postman collections with automated tests for health checks, authentication, authorization, and response validation. Then I run them using Newman in CI/CD pipelines to ensure deployments do not break backend services.
You now understand:
β Where API lives (ALB, EKS, API Gateway)
β How to find endpoints
β What DevOps tests (NOT QA level)
β Auth + security testing
β Performance checks
β CI/CD automation
β Failure handling