If you use Postman to test your APIs, you’re already saving time, but there’s an easy way to make it even more powerful. With a few lightweight scripts, you can automate repetitive tasks, chain requests together, and focus more on building.
In this article, you'll see how to supercharge your API testing with Postman's lightweight scripting environment.
It all lies in the scripts tab of your request.
Environment Variables
Just like in code, you can use environment variables within each Postman collection to hold values that are frequently used or used in multiple requests.
Common use cases include base URLs, IDs, and auth tokens/JWTs. So, instead of using full endpoints for each request, you can use base_url like in the image above. This is especially useful if you run a microservice architecture with different base URLs for different services. It is also very useful if you often need to test with multiple user IDs or auth tokens. Realistically, your collection could then look like this:
To create a new environment, click on the dropdown highlighted in black in the image, and to view the variables in your environment, click on the icon highlighted in red.
You can mark environment variables as sensitive, so the values are masked and your teammates know to be careful with them. You can also share variable values with your teammates in real time.
Now, let's talk about scripts.
Postman provides a lightweight environment that allows you to modify, automate, and transform your requests and responses using JavaScript. The scripts can either be Pre-request or Post-response.
Pre-request Scripts
Pre-request scripts are JavaScript (or TypeScript-like) snippets that execute before your request goes out.
Example: Signing Requests (HMAC or SHA256)
Some APIs require you to sign your requests with a secret key. Doing this manually is a pain, but a pre-request script makes it easy:
// Pre-request script for signing request body
const crypto = require('crypto-js');
const body = pm.request.body.raw;
const secret = pm.environment.get("API_SECRET");
const signature = crypto.HmacSHA256(body, secret).toString();
pm.environment.set("signature", signature); // Do this if you have the signed secret key as a separate environment variable
// Add signature header dynamically
pm.request.headers.add({
key: "X-Signature",
value: signature
});
Now, each outgoing request is securely signed without any manual step.
Post-response Scripts
Post-response scripts allow you to validate responses, store values for future requests, and even automate multi-step workflows.
// Test script
pm.test("Login successful", () => {
pm.response.to.have.status(200);
});
// Sets an environment variable with the token and user's ID from the login response
const response = pm.response.json();
pm.environment.set("USER_1_AUTH_TOKEN", response.token);
pm.environment.set("USER_1_ID", response.id);
Now, the token and user ID are automatically stored in your environment and ready to use in any future request.
Bonus
Postman provides auto-generated dynamic variables that you can drop right into your request body without writing any script. Here are a few examples:
{{$guid}} → Generates a random UUID
{{$timestamp}} → Current UNIX timestamp
{{$randomInt}} → Random integer
{{$randomEmail}} → Random email address
{{$randomPassword}} → Random email address
{{$randomUsername}} → Random email address
{{$isoTimestamp}} → ISO timestamp
{
"username": "{{$randomUsername}}",
"timestamp": "{{$isoTimestamp}}",
"email": "{{$randomEmail}}",
"randomPassword": "{{$randomPassword}}"
}
These are especially useful when you need mock data for testing your endpoints, and there are so many options. You can find them out here, or simply start typing {{$ in a request body value to see the options.
So, Postman offers a wide range of tools to make API testing easier, and I hope I've been able to help you see some, and that you're encouraged to explore even more to make your testing workflow easier.
Cheers.
Top comments (0)