First read the documentation (functional requirement) 
of the application understand each endpoints including 
authentication authorization and other relevant information 
like query params, headers, expected status codes and response body, 
response headers. Test it out manually in Postman to 
get results for both positive negatives responses. 
Write test scenarios and assertions around those expected 
outcomes according to the doc. I can write both in Postman 
and RestAssured. Latest project I worked on RestAssured 
Maven project