How do you validate API status codes, payload structures, and authentication tokens using tools like Postman or SoapUI?