Request Headers, Query Params, and Request Body
HTTP headers, Content-Type, Accept header, Authorization header, query parameters, form-data, x-www-form-urlencoded, raw JSON body, Postman variables
Request Headers, Query Params, and Request Body
Mastering HTTP request headers, query parameters, and request bodies is essential for professional REST API testing with Postman. These three components control how data is sent to the server and how the server interprets your request. A single incorrectly formatted header or missing Content-Type can cause a perfectly valid request to fail.
Request Headers
Headers are key-value pairs sent with every HTTP request to provide metadata about the request or the client. In Postman, you manage headers in the Headers tab of the request builder.
The most important headers in REST API testing:
| Header | Purpose | Common Values |
|---|---|---|
| Content-Type | Format of the request body | application/json, application/xml |
| Accept | Desired response format | application/json, */* |
| Authorization | Authentication credentials | Bearer token, Basic base64 |
| X-API-Key | API key authentication | Your API key string |
| User-Agent | Client identification | PostmanRuntime/7.x.x |
| Cache-Control | Caching directives | no-cache, max-age=3600 |
Postman automatically adds some headers like User-Agent and Content-Length. You can see all sent headers (including auto-generated ones) by expanding the Headers tab after sending a request, or checking the Postman Console.
Query Parameters
Query parameters filter, sort, paginate, or customize the response. They are appended to the URL after a ? with key=value pairs separated by &. In Postman, add them in the Params tab — Postman handles the URL encoding automatically.
Base URL: https://api.example.com/products
Params:
category = electronics
minPrice = 1000
maxPrice = 50000
sort = price_asc
page = 1
limit = 20
Full URL: https://api.example.com/products?category=electronics&minPrice=1000&maxPrice=50000&sort=price_asc&page=1&limit=20You can enable and disable individual params using the checkbox next to each row in the Params tab — useful for quickly testing different combinations.
Request Body Types
Postman supports five body types for POST, PUT, and PATCH requests:
- none: No body — use for GET and DELETE.
- form-data: Multipart form encoding — used for file uploads and HTML form submissions.
- x-www-form-urlencoded: URL-encoded key-value pairs — used for traditional form submissions.
- raw: Free-form text — select JSON, XML, HTML, or plain text format. This is what you use for REST API JSON bodies.
- binary: Send a file directly — for APIs that accept raw file uploads.
JSON Body Best Practices
{
"username": "ashish_kumar",
"email": "ashish@scriptvalley.com",
"password": "securepassword123",
"role": "developer",
"preferences": {
"theme": "dark",
"notifications": true
},
"tags": ["javascript", "nodejs", "api"]
}Always validate your JSON before sending — a trailing comma or unclosed bracket will cause the request to fail with a 400 Bad Request. Postman highlights JSON syntax errors in the editor.
Using Variables in Headers and Params
Instead of hardcoding values, use Postman variables with double curly brace syntax: {{variable_name}}. This makes your requests reusable across environments and avoids exposing secrets in the URL or headers.
Header: Authorization = Bearer {{access_token}}
Param: userId = {{current_user_id}}Key Takeaways
- Always set Content-Type: application/json for JSON request bodies — Postman does this automatically for raw JSON.
- Use the Params tab for query parameters — Postman handles URL encoding automatically.
- Use raw JSON body for REST API testing. Use form-data for file uploads.
- Replace hardcoded values with {{variable_name}} syntax to make requests environment-aware.