Testing Zedu's Backend
I recently completed Stage 2 of the QA Engineering Track, and it was my first hands-on experience testing backend APIs. Here's what happened:
📋 The Task: Test 5 authenticated endpoints on the Zedu platform's REST API using Postman, validate responses, and document findings.
🔧 What I Did Step-by-Step:
Explored the Swagger Documentation
Identified all available endpoints
Noted which ones required Bearer token authentication
Planned positive, negative, and boundary test cases
Registered a Test Account
Used POST /auth/register to create credentials
Received a valid JWT access_token
This token became my "key" for all other tests
Built 28 Test Scenarios
Positive cases: Valid login, profile fetch, logout
Negative cases: Missing tokens, wrong passwords, expired tokens
Boundary cases: Extremely long inputs, empty bodies
Security cases: XSS payloads, unauthorized access attempts
Created a Postman Collection
Organized into 5 folders matching endpoint groups
Added JavaScript assertions to validate status codes
Used collection variables for token management
Retested a Previously Reported Bug
The login endpoint was previously returning 200 OK without a token
I verified it now returns the access_token correctly
Marked as FIXED & VERIFIED in my report
💡 What I Learned:
How to read Swagger API documentation
Difference between 200, 201, 400, 401, and 404 status codes
How Bearer tokens authenticate requests
Writing test assertions in Postman
Documenting bugs with proper severity levels
⚠️ Skills I Practiced:
Backend testing without touching the UI
JSON response validation
Structured test case documentation
Security awareness (IDOR risks, email verification gaps)
This assessment showed me that QA is about understanding the contract between frontend and backend — making sure what the API promises in documentation is what it actually delivers.
#APITesting #QABeginner #Postman #SoftwareTesting #Zedu #TechLearning
