1

Complete Guide to Payment Gateway API

Automation in Postman

Table of Content

1. Setting Up the Environment

2. Authentication Setup
3. Creating Test Data Collections
4. API Request Examples
5. Creating Test Suites
6. Error Handling and Validation
7. Monitoring and Reporting
8. Best Practices

Introduction
Payment gateway integration is a critical component of any e-commerce or financial
application. Ensuring its reliability and functionality through comprehensive testing is
paramount for maintaining secure and successful financial transactions. This guide
provides a detailed walkthrough of automating payment gateway API testing using
Postman, one of the most popular API testing tools in the industry.

Purpose and Scope

This comprehensive guide is designed for QA engineers, developers, and technical
professionals who need to:

●​ Implement automated testing for payment gateway integrations

●​ Validate payment processing workflows
●​ Ensure secure transaction handling
●​ Maintain consistent API testing practices
●​ Generate reliable test reports for compliance

Why Automate Payment Gateway Testing?

Payment gateway testing automation offers several crucial benefits:
 2
1.​ Risk Mitigation: Automated tests help identify potential issues before they
impact real transactions, reducing financial risks and maintaining customer
trust.
2.​ Compliance Assurance: Regular automated testing helps maintain
compliance with financial regulations and security standards like PCI DSS by
ensuring consistent validation of security measures.
3.​ Time Efficiency: Manual testing of payment flows can be time-consuming
and error-prone. Automation significantly reduces testing time while
increasing accuracy and coverage.
4.​ Regression Prevention: Automated tests can quickly verify that new code
changes haven't broken existing payment functionality, ensuring system
stability.

Prerequisites
Before proceeding with this guide, ensure you have:

●​ Postman application installed (latest version recommended)

●​ Basic understanding of REST APIs
●​ Access to payment gateway API credentials (test environment)
●​ Understanding of payment processing workflows
●​ Familiarity with JavaScript for writing test scripts

What This Guide Covers

This guide will walk you through:

1.​ Setting up your testing environment in Postman

2.​ Configuring authentication and security measures
3.​ Creating comprehensive test suites for payment flows
4.​ Implementing error handling and validation
5.​ Generating test reports and monitoring results
6.​ Best practices for maintaining test automation
7.​ Troubleshooting common issues
8.​ Advanced testing scenarios and optimizations

Testing Approach
Our approach focuses on:

●​ End-to-End Testing: Complete coverage of payment workflows from

authorization to settlement
●​ Security-First Mindset: Emphasis on secure handling of sensitive payment
data
●​ Scalable Architecture: Building maintainable and reusable test suites
●​ Real-World Scenarios: Testing both successful flows and error cases
●​ Performance Considerations: Monitoring and optimizing API response times
 3
1. Setting Up the Environment
Environment Variables Configuration

Before starting with payment gateway automation, you need to set up

your environment variables in Postman. This is crucial for maintaining
different configurations for development, staging, and production
environments.

{
"BASE_URL": "https://api.payment-gateway.com/v1",
"API_KEY": "your_api_key_here",
"API_SECRET": "your_api_secret_here",
"MERCHANT_ID": "your_merchant_id",
"CURRENCY": "USD",
"TIMEOUT": 30000
}

Dynamic Variables

Create pre-request scripts to generate dynamic data for each request:

// Generate unique transaction ID

pm.environment.set('TRANSACTION_ID', 'TXN_' + Date.now());

// Generate timestamp in ISO format

pm.environment.set('TIMESTAMP', new Date().toISOString());

2. Authentication Setup
Most payment gateways use either OAuth 2.0 or API Key authentication.
Here's how to implement both:

OAuth 2.0 Authentication

// Pre-request Script for OAuth Token Generation

pm.sendRequest({
url: pm.environment.get('BASE_URL') + '/oauth/token',
method: 'POST',
header: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: {
mode: 'urlencoded',
urlencoded: [
 4
{key: 'grant_type', value: 'client_credentials'},
{key: 'client_id', value: pm.environment.get('API_KEY')},
{key: 'client_secret', value: pm.environment.get('API_SECRET')}
]
}
}, function (err, response) {
if (err) {
console.error(err);
} else {
pm.environment.set('ACCESS_TOKEN', response.json().access_token);
}
});

API Key Authentication

// Pre-request Script for HMAC Authentication

const timestamp = new Date().toISOString();
const payload = pm.environment.get('MERCHANT_ID') + '|' + timestamp;
const signature = CryptoJS.HmacSHA256(payload,
pm.environment.get('API_SECRET')).toString();

pm.environment.set('API_SIGNATURE', signature);
pm.environment.set('TIMESTAMP', timestamp);

3. Creating Test Data Collections

Payment Card Test Data

// Test Data Collection

const testCards = {
visa: {
valid: '4111111111111111',
expired: '4111111111111111',
insufficient_funds: '4111111111111111'
},
mastercard: {
valid: '5555555555554444',
expired: '5555555555554444',
insufficient_funds: '5555555555554444'
}
};
pm.environment.set('TEST_CARDS', JSON.stringify(testCards));
 5
4. API Request Examples
Payment Authorization Request

// Request Body
{
"transaction_id": "{{TRANSACTION_ID}}",
"amount": 100.00,
"currency": "{{CURRENCY}}",
"card": {
"number": "{{CARD_NUMBER}}",
"expiry_month": "12",
"expiry_year": "2025",
"cvv": "123"
},
"customer": {
"email": "test@example.com",
"ip_address": "192.168.1.1"
}
}

// Tests
pm.test("Payment Authorization Successful", function () {
pm.response.to.have.status(200);
const responseData = pm.response.json();

pm.expect(responseData.status).to.eql("authorized");
pm.expect(responseData.transaction_id).to.exist;
pm.environment.set('AUTH_CODE', responseData.authorization_code);
});

Payment Capture Request

// Request Body
{
"transaction_id": "{{TRANSACTION_ID}}",
"authorization_code": "{{AUTH_CODE}}",
"amount": 100.00,
"currency": "{{CURRENCY}}"
}

// Tests
pm.test("Payment Capture Successful", function () {
pm.response.to.have.status(200);
const responseData = pm.response.json();
 6

pm.expect(responseData.status).to.eql("captured");
pm.expect(responseData.capture_id).to.exist;
});

5. Creating Test Suites

Complete Payment Flow Test Suite

// Collection Runner Script

{
"name": "Payment Gateway E2E Tests",
"items": [
{
"name": "Authorization Test",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test('Authorization successful', function() {",
" pm.response.to.have.status(200);",
" const response = pm.response.json();",
" pm.expect(response.status).to.eql('authorized');",
" pm.environment.set('AUTH_CODE',
response.authorization_code);",
"});"
]
}
}
]
},
{
"name": "Capture Test",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test('Capture successful', function() {",
" pm.response.to.have.status(200);",
" const response = pm.response.json();",
" pm.expect(response.status).to.eql('captured');",
"});"
]
 7
}
}
]
}
]
}

6. Error Handling and Validation

Response Validation Schema

const schema = {
type: 'object',
required: ['status', 'transaction_id', 'amount', 'currency'],
properties: {
status: {
type: 'string',
enum: ['authorized', 'captured', 'failed']
},
transaction_id: {
type: 'string',
pattern: '^TXN_[0-9]{13}$'
},
amount: {
type: 'number',
minimum: 0
},
currency: {
type: 'string',
pattern: '^[A-Z]{3}$'
}
}
};

pm.test('Response schema is valid', function() {

pm.expect(tv4.validate(pm.response.json(), schema)).to.be.true;
});

Error Handling Tests

pm.test("Error handling for invalid card", function() {

if (pm.response.code === 400) {
const responseData = pm.response.json();
pm.expect(responseData).to.have.property('error');
pm.expect(responseData.error).to.have.property('code');
 8
pm.expect(responseData.error).to.have.property('message');

// Log error details for debugging

console.log('Error Code:', responseData.error.code);
console.log('Error Message:', responseData.error.message);
}
});

7. Monitoring and Reporting

Response Time Monitoring

pm.test("Response time is acceptable", function() {

pm.expect(pm.response.responseTime).to.be.below(
parseInt(pm.environment.get('TIMEOUT'))
);

// Log response time for monitoring

console.log('Response Time:', pm.response.responseTime + 'ms');
});

HTML Report Generation

// Newman HTML Reporter Configuration

{
"reporter": {
"html": {
"export": "./payment-gateway-tests.html",
"template": "template.hbs",
"browserTitle": "Payment Gateway API Test Report",
"title": "Test Results",
"showOnlyFails": false,
"showEnvironmentData": true
}
}
}

8. Best Practices
1.​ Version Control Integration
○​ Export collections and environments regularly
○​ Store them in version control
○​ Maintain a changelog
2.​ Security Considerations
○​ Never commit sensitive data to version control
 9
○​ Use environment variables for all sensitive information
○​ Rotate test cards and credentials regularly
3.​ Maintenance Tips
○​ Update test data regularly
○​ Monitor API version changes
○​ Keep documentation in sync with tests
○​ Regular cleanup of test data

9. Troubleshooting Guide
Common Issues and Solutions

1.​ Authentication Failures

// Pre-request Script for Authentication Debugging

console.log('Request Headers:', request.headers);
console.log('Authentication Token:', pm.environment.get('ACCESS_TOKEN'));

2.​ API Timeout Issues

// Timeout Handling
pm.test("Handle timeout gracefully", function() {
if (pm.response.responseTime > pm.environment.get('TIMEOUT')) {
console.error('Request timed out after ' + pm.response.responseTime +
'ms');
// Implement retry logic
pm.environment.set('RETRY_COUNT',
(parseInt(pm.environment.get('RETRY_COUNT') || 0) + 1)
);
}
});

10. Advanced Features

Parallel Request Execution

// Running Multiple Requests in Parallel

const requests = [
{
url: pm.environment.get('BASE_URL') + '/payments',
method: 'POST',
header: {
'Authorization': 'Bearer ' + pm.environment.get('ACCESS_TOKEN')
 10
},
body: {
mode: 'raw',
raw: JSON.stringify({
amount: 100,
currency: 'USD'
})
}
}
];

Promise.all(requests.map(request =>
new Promise((resolve, reject) => {
pm.sendRequest(request, (error, response) => {
if (error) reject(error);
else resolve(response);
});
})
)).then(responses => {
console.log('All requests completed');
}).catch(error => {
console.error('Error in parallel execution:', error);
});

Important Notes
●​ All examples use test credentials and sandbox environments
●​ No actual financial transactions are processed
●​ Sensitive data handling follows industry best practices
●​ Test data should never include real payment information
●​ Regular updates to test cases are recommended as payment
gateway APIs evolve

Conclusion
Throughout this comprehensive guide, we've covered the essential
aspects of automating payment gateway API testing using Postman. The
implementation of these practices enables organizations to:

●​ Create robust, repeatable test suites for payment workflows

●​ Establish reliable automation frameworks for continuous testing
●​ Implement secure testing practices for sensitive payment data
●​ Generate comprehensive reports for compliance and monitoring
●​ Maintain consistency across different testing environments
11