🎯 Scenario
You deployed a backend API (FastAPI / Node / Java — doesn’t matter) on:
- AWS ECS / EKS / EC2
- Behind Load Balancer
Example API:
http://your-api-alb.amazonaws.com
You must:
- Verify it works
- Validate authentication
- Test protected endpoints
- Catch failures BEFORE deployment
🧠 PART 1 — WHERE API IS LOCATED (REAL WORLD)
In real DevOps:
🔹 AWS ECS / ALB
http://my-api-123.us-east-1.elb.amazonaws.com
🔹 Kubernetes (Ingress)
http://api.mycompany.com
🔹 API Gateway
https://abc123.execute-api.us-east-1.amazonaws.com/prod
👉 This URL = your entry point
🧠 PART 2 — API STRUCTURE (REAL APP)
Typical endpoints:
| Endpoint | Purpose |
|---|---|
/health |
Health check |
/login |
Auth |
/users |
Data |
/orders |
Business logic |
🚀 PART 3 — BUILD REAL POSTMAN COLLECTION
📁 ENVIRONMENT
{
"base_url": "http://your-api-alb.amazonaws.com"
}
✅ TEST 1 — HEALTH CHECK (CRITICAL)
Request:
GET {{base_url}}/health
Tests:
pm.test("Service is UP", function () {
pm.response.to.have.status(200);
});
pm.test("Response contains status OK", function () {
const json = pm.response.json();
pm.expect(json.status).to.eql("ok");
});
👉 DevOps meaning:
- Used in Load Balancer health checks
- Used in Kubernetes readiness/liveness probes
✅ TEST 2 — LOGIN (AUTHENTICATION)
Request:
POST {{base_url}}/login
Body:
{
"username": "admin",
"password": "password123"
}
Tests:
const json = pm.response.json();
pm.test("Login success", function () {
pm.response.to.have.status(200);
});
pm.test("Token received", function () {
pm.expect(json.token).to.exist;
});
// Save token globally
pm.environment.set("auth_token", json.token);
👉 DevOps meaning:
- Verifies authentication service
- Detects broken IAM / auth integration
✅ TEST 3 — PROTECTED API (VERY IMPORTANT)
Request:
GET {{base_url}}/users
Headers:
Authorization: Bearer {{auth_token}}
Tests:
pm.test("Authorized access", function () {
pm.response.to.have.status(200);
});
pm.test("Users returned", function () {
const json = pm.response.json();
pm.expect(json.length).to.be.above(0);
});
👉 DevOps checks:
- Token works
- Backend connected to DB
- No 500 errors
❌ TEST 4 — SECURITY TEST (NO TOKEN)
Request:
GET {{base_url}}/users
(no headers)
Tests:
pm.test("Unauthorized access blocked", function () {
pm.response.to.have.status(401);
});
👉 DevOps meaning:
- Security validation
- Prevents open APIs
⚡ TEST 5 — PERFORMANCE CHECK
pm.test("Response time < 300ms", function () {
pm.expect(pm.response.responseTime).to.be.below(300);
});
👉 DevOps meaning:
- Detect slow deployments
- Catch DB/network issues
💣 TEST 6 — FAILURE SIMULATION
Request:
GET {{base_url}}/crash
Tests:
pm.test("Server should not crash", function () {
pm.expect(pm.response.code).to.not.eql(500);
});
👉 DevOps:
- Catch backend crashes early
🚀 PART 4 — AUTOMATION (REAL PIPELINE)
Export:
collection.jsonenvironment.json
Run with Newman:
newman run collection.json -e environment.json
🔥 CI/CD PIPELINE EXAMPLE (REAL)
name: API Tests
on: [push]
jobs:
test-api:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Newman
run: npm install -g newman
- name: Run API Tests
run: newman run collection.json -e environment.json
💣 REAL FAILURE SCENARIO
If:
-
/healthfails → service DOWN -
/loginfails → auth broken -
/usersfails → DB broken
👉 Pipeline = ❌ FAIL
👉 Deployment = ❌ STOP
🧠 PART 5 — HOW DEVOPS DEBUGS
If test fails:
Step 1:
curl http://api-url/health
Step 2:
Check logs:
- ECS → CloudWatch
- Kubernetes →
kubectl logs - EC2 →
/var/log
Step 3:
Check:
- Security groups
- DB connection
- Env variables
🧠 PART 6 — REAL INTERVIEW ANSWER
👉 Question:
“How do you validate API in DevOps?”
Answer:
I validate API using Postman collections with automated tests for health checks, authentication, authorization, and response validation. Then I run them using Newman in CI/CD pipelines to ensure deployments do not break backend services.
You now understand:
✔ Where API lives (ALB, EKS, API Gateway)
✔ How to find endpoints
✔ What DevOps tests (NOT QA level)
✔ Auth + security testing
✔ Performance checks
✔ CI/CD automation
✔ Failure handling