Postman is the most popular tool for testing APIs, but you still need an API to test against. ReqRes gives you a free, hosted REST API with real endpoints, authentication, and persistent data - no backend setup required. This guide walks you through a complete Postman workflow from first request to CI automation.
What you'll need
- Postman (free desktop app or web version)
- A free ReqRes API key (takes 10 seconds at reqres.in)
- That's it. No servers, no databases, no Docker.
How do I set up Postman with a test API?
Setting up Postman with ReqRes takes under two minutes.
1. Get your API key
Create a free ReqRes account and grab your API key from the dashboard:
https://app.reqres.in/?next=/api-keys
2. Create a Postman environment
In Postman, click Environments in the sidebar and create a new environment called "ReqRes".
Add these variables:
| Variable | Initial Value |
|---|---|
| base_url | https://reqres.in |
| api_key | your-api-key-here |
3. Use the environment in requests
In your request headers, add:
x-api-key: {{api_key}}
Your request URL becomes:
{{base_url}}/api/users
cURL equivalent
For terminal users, every request in this guide works with curl:
curl "https://reqres.in/api/users?page=2" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY"
How do I test CRUD operations with Postman?
Here's each operation with the request and expected response.
GET - List users with pagination
Request:
GET {{base_url}}/api/users?page=2
Headers:
x-api-key: {{api_key}}
cURL:
curl "https://reqres.in/api/users?page=2" \
-H "x-api-key: YOUR_API_KEY"
Expected status: 200 OK
Response:
{
"page": 2,
"per_page": 6,
"total": 12,
"total_pages": 2,
"data": [
{
"id": 7,
"email": "[email protected]",
"first_name": "Michael",
"last_name": "Lawson",
"avatar": "https://reqres.in/img/faces/7-image.jpg"
}
]
}
GET - Single user
Request:
GET {{base_url}}/api/users/2
cURL:
curl "https://reqres.in/api/users/2" \
-H "x-api-key: YOUR_API_KEY"
Expected status: 200 OK
POST - Create a user
Request:
POST {{base_url}}/api/users
Headers:
Content-Type: application/json
x-api-key: {{api_key}}
Body:
{
"name": "Jane",
"job": "QA Engineer"
}
cURL:
curl -X POST "https://reqres.in/api/users" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"name": "Jane", "job": "QA Engineer"}'
Expected status: 201 Created
Response:
{
"name": "Jane",
"job": "QA Engineer",
"id": "123",
"createdAt": "2026-02-06T10:30:00.000Z"
}
PUT - Update a user
Request:
PUT {{base_url}}/api/users/2
Body:
{
"name": "Jane Updated",
"job": "Senior QA Engineer"
}
cURL:
curl -X PUT "https://reqres.in/api/users/2" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"name": "Jane Updated", "job": "Senior QA Engineer"}'
Expected status: 200 OK
PATCH - Partial update
Request:
PATCH {{base_url}}/api/users/2
Body:
{
"job": "Lead QA Engineer"
}
cURL:
curl -X PATCH "https://reqres.in/api/users/2" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"job": "Lead QA Engineer"}'
Expected status: 200 OK
DELETE - Remove a user
Request:
DELETE {{base_url}}/api/users/2
cURL:
curl -X DELETE "https://reqres.in/api/users/2" \
-H "x-api-key: YOUR_API_KEY"
Expected status: 204 No Content
How do I test authentication flows?
ReqRes supports two authentication modes. This is what sets it apart from JSONPlaceholder and other fake APIs.
API key authentication (for /api/* endpoints)
Use the x-api-key header for admin and API-level operations:
curl "https://reqres.in/api/users" \
-H "x-api-key: YOUR_API_KEY"
This works for all /api/* endpoints including collections, users, and management operations.
App user authentication (for /app/* endpoints)
For user-scoped endpoints, you need a session token. Here's the flow:
Step 1: Create a magic link request
curl -X POST "https://reqres.in/api/auth/magic-link" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"email": "[email protected]"}'
Step 2: Get the session token
In development, the magic link token is returned directly. Use it to get a session:
curl -X POST "https://reqres.in/api/auth/verify" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"token": "MAGIC_LINK_TOKEN"}'
Step 3: Use the session token
curl "https://reqres.in/app/collections/todos/records" \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
Common mistake
Using x-api-key on /app/* paths returns 401 Unauthorized. App paths require a Bearer token from a user session.
| Path | Header Required |
|---|---|
/api/* |
x-api-key: YOUR_API_KEY |
/app/* |
Authorization: Bearer <token> |
How do I add Postman tests and assertions?
Postman lets you write JavaScript tests in the Tests tab. Here are practical examples.
Check status code
pm.test("Status code is 200", () => {
pm.response.to.have.status(200);
});
Validate response structure
pm.test("Response has user data", () => {
const json = pm.response.json();
pm.expect(json.data).to.be.an("array");
pm.expect(json.data.length).to.be.greaterThan(0);
});
Check required fields
pm.test("User has required fields", () => {
const user = pm.response.json().data[0];
pm.expect(user).to.have.property("id");
pm.expect(user).to.have.property("email");
pm.expect(user).to.have.property("first_name");
});
Validate response time
pm.test("Response time is under 500ms", () => {
pm.expect(pm.response.responseTime).to.be.below(500);
});
Save values for chaining requests
pm.test("Save user ID for next request", () => {
const json = pm.response.json();
pm.environment.set("user_id", json.data[0].id);
});
How do I run Postman collections in CI?
Running your Postman tests in CI ensures your API integration stays healthy.
Export your collection
- In Postman, right-click your collection
- Select Export
- Choose Collection v2.1
- Save as
reqres-tests.json
Export your environment the same way.
Install Newman
Newman is Postman's CLI runner:
npm install -g newman
Run locally
newman run reqres-tests.json -e reqres-environment.json
GitHub Actions workflow
name: API Tests
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Newman
run: npm install -g newman
- name: Run Postman tests
run: newman run reqres-tests.json -e reqres-environment.json
env:
REQRES_API_KEY: ${{ secrets.REQRES_API_KEY }}
Why this works: ReqRes is always available, returns stable payloads, and requires no mock setup. Your CI tests hit a real API and catch real integration issues.
For avoiding rate limits and handling retries in CI, see our QA automation guide.
Why use a real API instead of mocking everything?
Mocks give false confidence. Your tests pass, but your integration might not. You're testing your mock, not your code's ability to handle real HTTP responses.
Real APIs catch issues mocks miss: network errors, auth failures, payload validation, rate limiting, and response timing. These are the bugs that slip through to production when you only test against hardcoded responses.
ReqRes bridges the gap. It's as easy to use as a mock - no servers, no database setup, no DevOps. But it returns real HTTP responses with real status codes, headers, and response times.
For a deeper comparison, see when to stop faking APIs.
Get a free API key at https://reqres.in/signup and try these examples in under 2 minutes.
For more on ReqRes endpoints and capabilities, check the API docs. For a complete overview of QA workflows with ReqRes, see API Testing for QA Engineers. If you're comparing options, see our JSONPlaceholder alternatives guide.