30 Days of API Testing Day 21: Complete Exercise 3

Welcome to exercise three, for day twenty-one of 30 days of API Testing.


Execute an API call that returns some data, then use some/all of that data is a subsequent call.


  1. Send a GET/POST request to an API that returns some data, extract that data and use it in a subsequent call.
  2. Chaining API calls together
  3. Gain exposure to many some API testing automation frameworks or tools that support API automation.


Choose an API testing automation framework or tool, some suggestions below:

Complete a GET/POST call on an API that reurns some data. Extract that data from the response and use it in a subsequent GEt/POST call. Many test APIs have been posted for challenge 5. A common scenario is having to get authenticated to use some APIs, then send a key/token is all subsequent calls to the APIs.


Using https://automationintesting.online created by Mark Winteringham and myself, do the following:

	"username": "admin",
	"password": "password"
  • Extract the token and store it
  • Do a GET call against https://automationintesting.online/room/, you should get 1-N rooms returned. Extract a room ID from one of the rooms
  • Do a POST call against the booking API to make a booking for the room, https://automationintesting.online/booking/. The JSON should look like this, changing the data as you like and ensuring you map to the roomid you stored earlier. You’ll also need to send your token as a cookie.
  "bookingdates": {
    "checkin": "2018-11-01T09:48:25.469Z",
    "checkout": "2018-11-01T09:48:25.469Z"
  "depositpaid": true,
  "firstname": "string",
  "lastname": "string",
  "roomid": <<roomid>>,
  "totalprice": 0


Post your experiences with the tools you use below.
If you used a different API post the calls you did so others can try them.


Hi @friendlytester,

I tried to complete this exercise using your example but I got stuck at step making a booking for the room. I followed your instruction:

  1. Get a token
  2. Get room ID
  3. Book the room using the room ID at step 2

But the status of the request #3 always return 403 Forbidden

I tried to use PostMan and get the same issue:

Finally, I tried to use jMeter to record all steps which I perform on https://automationintesting.online, re-ran this script and I still got 403 status code:

Could you please help to check if I miss any step or the issue come from your API.



Hey Duong,
I think some of your data types are wrong. Have a look at Dates, RoomID and totalprice.
I noticed I had RoomId as a string, I’ve edited that, but have a look at the others.

1 Like

Hi @friendlytester,

Thank for your quick reply. My post has attachments include the sent data. Could you please take a look on these attachments and let me know should I update any data.

Many Thanks!

1 Like

yep I saw them, hence my suggestion to take a closer look at the data types you are sending. Specifically your dates and your total price.

Hi @friendlytester, I copied the whole your example JSON and just updated the correct roomid but I still got the 403 Forbidden status.

Could you please help to double check from your testing tool.

1 Like

Hey Duong,

You need to set the token as a cookie in order to do a POST, the cookie you acquired in step one.

That is the problem here I think.



Hi @friendlytester,

You are correct. After setting the token as a cookie I could get status code 200

I just suggest you update the line

Extract the token and store it


Extract the token and store it as a cookie

So the newbie members like me will not disturb you :sweat_smile:

Thank you for your quick support.


I completed this exercise using Katalon Studio.


Yes I used postman and able to parameterise the request run time by setting the token and roomid as env variables. And request are successful.
But if we use Same checkin and checkout time (time&date) then the request will give 409 (Conflict).
We need to handle timestamp in a generic way.


Let try to use Chakram API Testing Framework and Mocha - I have finished this challenges using my own API

Step 1: Get full candidates list, this API will return a list of candidates in the system
Step 2: From the response in step 1, try to get the first candidate’s id and then pass it as the query string for step 3
Step 3: Call API to get specific candidate by candidate id


How do you extract the token and store it as a cookie in Postman? I’m new to this and have tried to Google it but can’t find the information.

1 Like

Used advanced rest client

  1. retrieved a token from login endpoint
  2. performed a get against the room endpoint
  3. performed a post against the booking endpoint


Hi @helena, you can use environment variables or global variable to parameterize the the request. For below example, I use “json()” method to extract the token then set it to an environment variale “eToken”, after running test, we will see an “eToken” variable would be created:

Hope it might help you :blush:


Thank you! Will try this at once :smiley:

1 Like

I completed the exercise using Postman&Newman.



I use my own framework to complete the exercise 3 with the steps below:

  1. Get a token by doing a POST against the auth API at https://automationintesting.online/auth/login endpoint
  2. Save the token to the request headers
  3. Extract a room ID from one of the rooms by performing a GET call against https://automationintesting.online/room/
  4. Do a POST call against the booking API to make a booking for the room, https://automationintesting.online/booking/
  5. Verify the booking info


My exercise 3 with Katalon is:

  1. Login https://automationintesting.online/auth/login to get token
  2. Set Global Variable =token to use for booking
  3. Setting cookie= token Global Variable
  4. Do a POST call against the booking API to make a booking for the room, https://automationintesting.online/booking/

I use Postman for this exercise.

My Solution:

  • Create a Environment Variable to store the value
  • Create a Postman collections and save all request below:
    – GET room request. And save any roomid of any room.
    – POST login. and save the token to env variable
    – POST booking. Using the token and roomid above to get the request

Here is my result


Post method to login and store the token to env variable


Get method to get room and story a room_id to env variable

Post method to booking

Here is the result when running the collection

I will do this exercise again on Katalon when I have free time.


I completed exercise 3 by Katalon:

  • Login to the room:

  • GET call against:

  • POST call:

  • TCs: