Use Postman to test the API routes and integrations you build in Bolt.new by sending requests to your deployed app's URL — Bolt's WebContainer has no public URL during development, so you must deploy to Netlify or Bolt Cloud first. Import your API route structure as a Postman collection, set environment variables for dev and prod URLs, and use Postman's test runner to validate your Bolt app's backend before shipping.
Testing Bolt.new API Routes and Integrations with Postman
Every time you build an API integration in Bolt — connecting to Supabase, creating a payment route for Stripe, calling an external service through a server-side proxy — you create API routes that need testing before users depend on them. Bolt's preview shows the UI behavior, but it does not tell you whether your API routes return the right data, handle errors correctly, or respond within acceptable time limits. Postman fills this gap.
The workflow has one key constraint to understand: Bolt's WebContainer runs entirely inside your browser tab and has no public internet address. There is no URL you can put into Postman to reach a Bolt preview. This is a fundamental characteristic of the WebContainer architecture — it virtualizes a network stack inside the browser, which means Postman (running on your computer or in the cloud) cannot connect to it. The workaround is simple and takes under a minute: deploy your Bolt app to Netlify or Bolt Cloud to get a stable public URL, then test that URL in Postman.
Once you have a deployed URL, Postman becomes extremely useful for Bolt development. You can organize all your API routes into a collection, test each endpoint with different inputs, verify authentication requirements, check response shapes, and write automated tests that run before each deployment. Postman's code generation feature also creates a bidirectional bridge: copy the auto-generated JavaScript fetch code from any working Postman request and paste it into a Bolt prompt to generate the corresponding frontend component.
Integration method
Postman connects to your Bolt.new app after deployment, not during development in Bolt's browser preview. Since Bolt's WebContainer runs inside a browser tab with no stable public URL, Postman cannot reach it directly. The workflow is: build API routes in Bolt, deploy to Netlify or Bolt Cloud, then test those endpoints in Postman using the deployed URL. Postman can also generate client-side fetch/axios code from your tested requests, which you can paste back into Bolt prompts to build frontend integrations.
Prerequisites
- A Bolt.new project with at least one API route (Next.js API route or equivalent) that you want to test
- The Bolt project deployed to Netlify, Bolt Cloud, or another hosting platform with a public URL
- Postman installed (download at postman.com, or use the web version at web.postman.co — no installation required)
- The API route paths from your Bolt project (e.g., /api/users, /api/payments, /api/weather/[city])
- Any authentication credentials needed to test the routes (API keys, bearer tokens, or cookies)
Step-by-step guide
Deploy Your Bolt App to Get a Public URL
Deploy Your Bolt App to Get a Public URL
Before you can use Postman to test anything, your Bolt app needs to be publicly accessible. Bolt's WebContainer environment during development runs inside a browser tab with a temporary internal URL that is only accessible within that browser session. Postman cannot reach this URL — it has no internet address. The fastest path to a testable URL is Bolt's built-in publish feature. In the top-right corner of the Bolt editor, click the 'Publish' button. Bolt builds your project and deploys it to Bolt Cloud (*.bolt.host) or, if you have connected Netlify in Settings > Applications, to Netlify (*.netlify.app). The build and deploy process takes 30-90 seconds. Once complete, Bolt shows you the live URL. Alternatively, if you have already connected Bolt to GitHub (via the Git panel) and set up Netlify to watch that repository, every push from Bolt automatically creates a new deployment. The Netlify URL is stable between deployments and is the URL you will use throughout your Postman testing. After deployment, do a quick browser check first: open the deployed URL and click through the app to verify the UI loads correctly and the basic functionality works. This is a sanity check before you start API-level testing. If the app does not load, there is likely a build or environment variable issue to resolve before Postman testing is useful. Important note: if your Bolt app uses environment variables (Supabase URL, API keys), you need to add these to the hosting platform's environment settings — not just the .env file in Bolt. For Netlify: Site Settings > Environment Variables. For Bolt Cloud: the Secrets tab in Bolt's editor. Variables missing from the production environment are the single most common cause of API routes failing in deployment while working in Bolt's preview.
Pro tip: Bolt Cloud deployments (*.bolt.host) are the fastest option for getting a testable URL — just click Publish. Netlify deployments persist even if you close Bolt, making them better for ongoing testing sessions that span multiple days.
Expected result: Your Bolt app is live at a public URL (*.bolt.host or *.netlify.app). You can open it in a browser and see the deployed application. API routes are accessible at paths like https://your-app.bolt.host/api/your-route.
Create a Postman Collection for Your Bolt App
Create a Postman Collection for Your Bolt App
A Postman collection is an organized folder of API requests. Creating one for your Bolt app gives you a reusable test suite that you can run after every deployment to verify everything still works correctly. In Postman, click 'New' in the top-left sidebar, then select 'Collection.' Name it after your Bolt app (e.g., 'My Bolt App API'). Inside the collection, you will create one request for each API route in your Bolt project. For each API route: right-click the collection and select 'Add request.' Set the HTTP method to match the route handler (GET for data fetching, POST for data submission, PUT/PATCH for updates, DELETE for deletions). Enter the full URL to your deployed endpoint — for example, https://your-app.netlify.app/api/weather/London for a weather route. For routes that require authentication (an Authorization header with a bearer token, or API key headers), add these in the Headers tab of the request. If your Bolt app uses Supabase Auth, the frontend sends a JWT token in the Authorization header — you can get a test token from Supabase's auth dashboard or by logging in to your deployed app and extracting the token from browser DevTools (Network tab > any authenticated request > Authorization header). Send the first request and look at the response. Postman shows the HTTP status code (200, 401, 404, 500), the response time in milliseconds, and the full response body. Verify that the response matches what your Bolt component expects to receive. If the response is incorrect or the status is an error, use this information to go back to Bolt and debug the API route.
1// Example: testing a Bolt Next.js API route in Postman2// Route: GET https://your-app.netlify.app/api/users3//4// Expected request in Postman:5// Method: GET6// URL: https://your-app.netlify.app/api/users7// Headers:8// Authorization: Bearer {{jwt_token}}9// Content-Type: application/json10//11// Expected successful response (200 OK):12// {13// "users": [14// { "id": "uuid", "email": "user@example.com", "created_at": "..." }15// ],16// "count": 117// }18//19// Expected error response (401 Unauthorized) when no auth header:20// { "error": "Unauthorized" }Pro tip: Use Postman's 'Save Response' feature after getting a successful response. This creates a sample response that serves as documentation for your Bolt API — useful when you need to prompt Bolt to build a frontend component around the API shape.
Expected result: A Postman collection exists with requests for each Bolt API route. At least one request returns a 200 status with the expected response body.
Set Up Postman Environments for Dev and Production
Set Up Postman Environments for Dev and Production
Postman environments let you switch between different URL configurations without editing each request manually. For Bolt development, you will typically have at least two environments: a staging environment pointing to your Netlify preview URL, and a production environment pointing to your production domain (if you have a custom domain configured). To create environments in Postman: click the 'Environments' icon in the left sidebar (gear icon), then 'Create Environment.' Create one environment named 'Bolt Dev/Staging' and another named 'Bolt Production.' In each environment, add a variable named BASE_URL with the corresponding deployment URL as the value. Update your collection requests to use the variable: replace the hardcoded URL prefix (https://your-app.netlify.app) with {{BASE_URL}} in each request URL. For example, GET {{BASE_URL}}/api/weather/London. When you select 'Bolt Dev/Staging' as the active environment, {{BASE_URL}} resolves to the staging URL; switch to 'Bolt Production' and the same request tests the production URL. Also add authentication tokens and API keys as environment variables. An apiKey variable and jwtToken variable in the environment let you store these sensitive values outside the collection itself — Postman environments can be kept private and not exported with collection sharing, keeping credentials separate from test logic. For Bolt's WebContainer limitation: you cannot create a 'Bolt Preview' environment with a local preview URL — that URL only exists within the browser tab running Bolt. The closest equivalent is running the exported project locally with npm run dev (after exporting via GitHub) and using http://localhost:5173 as the base URL for a 'Local Dev' environment.
1// Postman environment variables to set up:2// Environment: 'Bolt Dev (Netlify)'3// BASE_URL = https://your-app.netlify.app4// API_KEY = your-api-key-for-testing5// JWT_TOKEN = (copy from browser DevTools after logging into the dev app)67// Environment: 'Bolt Production'8// BASE_URL = https://your-custom-domain.com9// API_KEY = your-production-api-key10// JWT_TOKEN = (copy from browser DevTools after logging into the prod app)1112// In request URLs, use:13// GET {{BASE_URL}}/api/users14// POST {{BASE_URL}}/api/payments1516// In request Headers, use:17// Authorization: Bearer {{JWT_TOKEN}}18// X-API-Key: {{API_KEY}}Pro tip: Postman's 'Initial Value' for environment variables is shared when you export the environment, while 'Current Value' is kept private. Use Current Value for actual secrets and Initial Value for placeholder descriptions — this way you can share the environment template without exposing credentials.
Expected result: Two Postman environments exist. Switching environments changes which deployment URL the collection tests. Requests use {{BASE_URL}} variables instead of hardcoded URLs.
Write Postman Tests and Generate Bolt Frontend Code
Write Postman Tests and Generate Bolt Frontend Code
Postman's Tests tab (part of each request's configuration) lets you write JavaScript assertions that run automatically when the request completes. These automated tests check the response structure, status codes, and data values — turning your Postman collection into a regression test suite for your Bolt app. Basic tests to add to every Bolt API route request: verify the status code is 200 (or whatever the expected success code is), verify the response time is under an acceptable threshold (e.g., 2000ms for most endpoints), and verify the response body contains the expected fields. For routes that return arrays, verify the array is not null and contains the expected structure. For routes that require authentication, add a second request with no auth header and verify it returns 401. After building and testing your API routes in Postman, you can use the code generation feature to create frontend code that connects to these verified endpoints. In any Postman request, click the '</>' (Code snippet) button in the top-right area of the request. Select 'JavaScript - Fetch' or 'JavaScript - Axios' from the dropdown. Postman generates the exact fetch call with the correct URL, headers, method, and body parameters. Copy this generated code and use it in a Bolt prompt. For example: 'Build a React component using this exact API call: [paste Postman code]. The API returns this response shape: [paste sample response from Postman Tests]. Create a form for user input and display the results in a styled card grid.' This workflow eliminates guesswork about API shapes — you have verified data from Postman tests driving the Bolt component generation.
Build a weather dashboard component that displays current conditions for any city. Here is the working API call to use (already tested and verified): fetch('/api/weather/' + encodeURIComponent(city), { method: 'GET' }). The API returns this JSON: { "city": "London", "temp_f": 65, "humidity": 78, "description": "Partly cloudy", "wind_mph": 12 }. Create a search input, fetch on submit, and display results in a styled card with all five fields.
Paste this in Bolt.new chat
1// Postman test script (paste in the Tests tab of each request):2pm.test('Status is 200', () => {3 pm.response.to.have.status(200);4});56pm.test('Response time under 2 seconds', () => {7 pm.expect(pm.response.responseTime).to.be.below(2000);8});910pm.test('Response has expected fields', () => {11 const json = pm.response.json();12 pm.expect(json).to.have.property('data');13 pm.expect(json.data).to.be.an('array');14});1516pm.test('No error field in successful response', () => {17 const json = pm.response.json();18 pm.expect(json).to.not.have.property('error');19});2021// Save response data for use in other requests:22pm.environment.set('last_response', JSON.stringify(pm.response.json()));Pro tip: Use Postman's Collection Runner to run all requests in your collection sequentially with a single click. This makes it easy to verify all Bolt API routes after each deployment — run the collection, see green checkmarks, and you know everything is working.
Expected result: Postman tests run automatically with each request and show pass/fail status. Code snippets generated from working requests can be pasted into Bolt prompts to generate verified frontend components.
Common use cases
Testing a Bolt App's API Routes After Deployment
After building a Bolt app with API routes (Supabase queries, payment processing, external API calls), deploy to Netlify and import the API endpoint structure into a Postman collection. Test each route with different inputs, verify authentication headers are required, and check that error responses return appropriate status codes and messages.
Copy this prompt to try it in Bolt.new
Debugging a Failing Integration Before Opening Bolt
When a Bolt app integration stops working in production, use Postman to isolate whether the problem is in the API route (backend) or the frontend component. Send a direct request from Postman — if Postman gets a correct response, the API route is working and the problem is in the frontend code. If Postman gets an error, the issue is in the server-side logic.
Copy this prompt to try it in Bolt.new
Generating Frontend Code for a Bolt Component
After testing an API endpoint in Postman and confirming the response structure, use Postman's code generation (Code snippet icon) to create the JavaScript fetch call. Copy this code, paste it into a Bolt prompt describing the UI you want built around it, and Bolt generates a complete component with the correct API call pre-populated.
Build a React component that calls this API and displays the results. Here is the working fetch call: [paste Postman-generated code]. The API returns: [paste sample response from Postman]. Create a card grid showing each result with the title, description, and a clickable action button.
Copy this prompt to try it in Bolt.new
Troubleshooting
Postman returns 'Could not get any response' when testing a Bolt app API route
Cause: The Bolt preview URL (the URL visible in Bolt's preview panel) is not publicly accessible — it is only available within the browser running Bolt's WebContainer. Postman cannot reach it.
Solution: Deploy the Bolt app to Netlify or Bolt Cloud first to get a public URL. Click the 'Publish' button in Bolt's top-right corner and wait for the deployment to complete. Use the *.bolt.host or *.netlify.app URL in Postman, not the preview URL from Bolt's editor panel.
Postman gets a 500 Internal Server Error response for API routes that work in Bolt's preview
Cause: Missing environment variables in the production deployment. API routes that worked in Bolt's preview had access to the .env file values; the deployed version does not have these variables configured on the hosting platform.
Solution: Add all required environment variables to the hosting platform. For Netlify: go to Site Settings > Environment Variables in the Netlify dashboard and add all variables from the Bolt .env file (with real values, not placeholders). Trigger a redeploy after adding variables. The 500 error should resolve once the deployment includes the configured variables.
1// Check what variables your API route needs:2// In the Bolt editor, look for process.env.VARIABLE_NAME references3// in your API route files. Each one must be added to Netlify/Bolt Cloud settings.4//5// Common missing variables:6// SUPABASE_URL, SUPABASE_ANON_KEY (or SERVICE_ROLE_KEY for admin routes)7// STRIPE_SECRET_KEY8// OPENAI_API_KEY9// Any third-party API keys used in server-side routesPostman returns 401 Unauthorized for routes that work when tested in the browser
Cause: The browser automatically includes cookies and session tokens when you test in the browser, but Postman does not have these tokens. The API route requires authentication that Postman's request is not providing.
Solution: Get a test authentication token by logging into the deployed Bolt app in a browser, opening DevTools (F12) > Network tab, making any authenticated request, and copying the Authorization header value. Add this token to a Postman environment variable (JWT_TOKEN) and include it in the request: Authorization: Bearer {{JWT_TOKEN}}. For long-running test suites, consider creating a Postman pre-request script that automatically fetches a fresh token.
1// Postman pre-request script to auto-fetch an auth token:2pm.sendRequest({3 url: pm.environment.get('BASE_URL') + '/api/auth/token',4 method: 'POST',5 header: { 'Content-Type': 'application/json' },6 body: {7 mode: 'raw',8 raw: JSON.stringify({9 email: pm.environment.get('TEST_EMAIL'),10 password: pm.environment.get('TEST_PASSWORD')11 })12 }13}, (err, res) => {14 if (!err) {15 pm.environment.set('JWT_TOKEN', res.json().token);16 }17});Best practices
- Always test API routes on the deployed URL rather than trying to test Bolt's preview — the deployed environment catches issues with missing environment variables and production build differences that Bolt's preview hides.
- Create a Postman collection for each Bolt project and keep it in sync as you add new API routes — treat the collection as living documentation that always reflects the current API surface.
- Use Postman environments with BASE_URL variables instead of hardcoding deployment URLs, making it easy to switch between Netlify preview deploys and production domains without editing each request.
- Write at least one negative test per API route — verify that missing authentication returns 401, invalid input returns 400, and non-existent resources return 404, not just that valid requests return 200.
- Use Postman's code generation feature to create the frontend fetch calls for Bolt prompts — testing the API first and generating code from working requests produces more accurate component generation than describing the API from memory.
- Run the full Postman collection after every Bolt deployment to verify no regressions — Postman's Collection Runner shows a pass/fail summary across all tests in seconds.
- Store Postman collections in the same GitHub repository as your Bolt project by exporting them as JSON files — this keeps API test coverage versioned alongside the API implementation.
Alternatives
RapidAPI is for discovering and consuming third-party APIs from a marketplace, while Postman is for testing APIs you build yourself — they serve complementary purposes and are often used together.
VS Code with the REST Client extension allows testing API routes directly in the editor with .http files, providing a lighter-weight alternative to Postman for developers already working in VS Code.
Export Postman collections as JSON files and commit them to the same GitHub repository as your Bolt project, versioning your API tests alongside the implementation code.
Integrate Postman's Newman CLI into a CircleCI pipeline to run automated API tests on every Bolt deployment, catching regressions before they reach users.
Frequently asked questions
Why can't I test my Bolt app's API routes directly from the Bolt preview URL in Postman?
Bolt's preview runs inside a WebContainer — a Node.js environment virtualized inside your browser tab using WebAssembly. The preview URL (shown in Bolt's preview panel) is only accessible from within that browser session; it is not a public internet address. Postman, running as a desktop app or in the cloud, cannot connect to this internal URL. You must deploy the app to Netlify, Bolt Cloud, or another hosting platform to get a public URL that Postman can reach.
Can I use Postman to test a Bolt app running locally after exporting?
Yes — if you export the Bolt project locally and run npm run dev, the local dev server at http://localhost:5173 (Vite) or http://localhost:3000 (Next.js) is accessible from Postman. Create a 'Local Dev' environment in Postman with BASE_URL=http://localhost:3000. This is useful for testing API routes without deploying, especially during active debugging sessions.
How do I test Stripe webhook endpoints built in Bolt using Postman?
Webhook endpoints require testing with the correct payload format and signature header. For Stripe webhooks specifically, Postman can send test payloads but cannot generate the Stripe-Signature header with valid HMAC signatures (which Bolt's route validates using stripe.webhooks.constructEvent). Use the Stripe CLI's 'stripe listen --forward-to your-url' command for accurate webhook testing. Postman is better suited for testing the happy-path API routes that your frontend calls directly.
Can I share my Bolt app's Postman collection with my team?
Yes — Postman collections can be shared in multiple ways. You can export the collection as a JSON file and commit it to the GitHub repository alongside your Bolt code. You can use Postman Workspaces to share collections directly with team members (free for up to 3 users in personal workspaces). You can also publish the collection as a public API documentation page using Postman's 'Publish Documentation' feature, which generates a hosted reference page for your Bolt app's API.
How do I generate Bolt prompt text from a Postman request?
In any Postman request, click the '</>' Code Snippet button (on the right side of the request editor), select 'JavaScript - Fetch' or 'JavaScript - Axios' as the language, and copy the generated code. Then craft a Bolt prompt: 'Build a React component using this API call: [paste code]. The response looks like: [paste a sample response from running the request in Postman]. Create [describe the UI you want].' This approach ensures Bolt generates a component with the exact API call structure that you have already verified works.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation