PostMan allows you to send any query to a server. When building an API, you expect some required parameters (ie. "login" being a string) but postman can send or not send the required login parameter and it might or might not be a non-empty string as expected. On the other hand your web form will consistently send the login parameter and check it is a non-empty string before sending to to the server. So it's straightforward to implement the API assuming your required parameter will always be sent but in practice it's not always the case.
The point here is great engineers make sure the API answers correctly even if the query is messed up.
The point here is great engineers make sure the API answers correctly even if the query is messed up.