Request Parameters & Headers

Real APIs need more than just URLs - they need parameters for filtering, pagination, and headers for authentication.

Types of Parameters

https://api.shop.com/products/123?category=electronics&limit=10
└──────────────────┬──────────┬───────────────┬─────────────────┘
              Base URL    Path Param      Query Parameters

---

Query Parameters

Query parameters filter, sort, and paginate results.

Adding Query Params in Postman

• Enter base URL: https://fakestoreapi.com/products
• Click Params tab
• Add key-value pairs:

Postman auto-builds: https://fakestoreapi.com/products?limit=5&sort=desc

Common E-commerce Query Parameters

# Pagination
GET /api/products?page=2&limit=20

# Filtering
GET /api/products?category=electronics&minPrice=50&maxPrice=200

# Sorting
GET /api/products?sort=price&order=asc

# Search
GET /api/products?search=headphones

# Date range (orders)
GET /api/orders?startDate=2024-01-01&endDate=2024-01-31

Practice: Filter Products

Try these requests:

GET https://fakestoreapi.com/products?limit=3

GET https://fakestoreapi.com/products?sort=desc

GET https://fakestoreapi.com/products/category/jewelery

---

Path Parameters

Path parameters identify specific resources.

URL Pattern

/products/{id}
/users/{userId}/orders/{orderId}
/categories/{categoryName}/products

In Postman

For URL: https://fakestoreapi.com/products/:id

• Use :paramName syntax
• Postman shows Path Variables section
• Enter value for id: 5

GET /api/products/5           → Product with ID 5
GET /api/users/10/orders      → All orders for user 10
GET /api/orders/99/items      → All items in order 99

---

Request Headers

Headers provide metadata about the request.

Common Headers

Setting Headers in Postman

• Go to Headers tab
• Add key-value pairs:

Content-Type Header

Tells the server what format your request body is in:

---

Authentication Headers

Most real APIs require authentication.

Bearer Token (JWT)

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

API Key

X-API-Key: your-api-key-here

Or sometimes:

Authorization: ApiKey your-api-key-here

Setting Auth in Postman

• Go to Authorization tab
• Select Type: Bearer Token
• Enter your token

Postman automatically adds the Authorization header!

Login to Get a Token

POST https://fakestoreapi.com/auth/login

Body:

{
  "username": "mor_2314",
  "password": "83r5^_"
}

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Use this token in subsequent requests.

---

Complete Example: Authenticated Request

Step 1: Login

POST https://fakestoreapi.com/auth/login

Body:
{
  "username": "mor_2314",
  "password": "83r5^_"
}

Step 2: Use Token

GET https://fakestoreapi.com/users/1

Headers:
Authorization: Bearer eyJhbGciOiJIUzI1...

---

Hidden Headers

Postman sends some headers automatically:

User-Agent: PostmanRuntime/7.32.3
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Click hidden link in Headers tab to see them.

---

Practice: Build a Product Search

Create a request that:

• Searches electronics
• Limits to 5 results
• Sorts by price descending
• Includes proper headers

Save as: Search Electronics (Sorted)

---

Testing Header Scenarios

Test: Missing Auth Token

Try accessing a protected endpoint without authentication:

GET https://api.example.com/users/me

# No Authorization header

Expected: 401 Unauthorized

---

Postman Tips

1. Bulk Edit Headers

Click Bulk Edit to paste multiple headers:

Content-Type: application/json
Accept: application/json
X-Custom-Header: value

2. Header Presets

Save commonly used header combinations:

• Click Presets → Manage Presets
• Create "JSON API" preset with standard headers
• Apply with one click

3. Disable Headers Temporarily

Uncheck the checkbox next to any header to disable it without deleting.

---

Key Takeaways

• Query params go after ? and are separated by &
• Path params are part of the URL path
• Headers are key-value metadata
• Always set Content-Type for POST/PUT requests

Next up: Working with JSON - mastering request and response data!