Postman is one of the popular tools to make API requests. It allows to user to work with HTTP, GraphQL, WebSocket, Socket.IO, MCP, etc. We are going to cover Postman’s Pre-request and Post-response (tests) scripts for Restful API (HTTP).

With Postman, it has been very much easier to make HTTP requests. Most developers also use it to test the APIs in dev stage or verify the production APIs. Sometimes, we might miss out on the details for testing or verifying. This is where HTTP pre-requests and post-response scripts come into play.

Basic breakdown:

1. Pre-request script:
   • JS script that is run before API request
   • helpful when we need to inject a dynamic value in the request body, header or params.
     
     
2. Post-response script (test):
   • JS script that is run after getting the API response
   • helpful to test if the response is valid. This can be valid status code, valid response body, desired response header, etc.
     

Let's see how it's done in visuals. For this test example, I've used a DummyJson - Free Fake REST API.

Here, I will cover:

1. Login:
   

   - Inject dynamic value in the request body using Pre-request script 
   - Test if the response is success and automatically set environment variable using post-response script.
   
   

2. Get current user:
   

   - Get current user using the derived access token from login
   - Test and validate the response as per our need
   
   

Login

• • Pre-request Script
    
    

    // Payload body:
    
    {
        "username": "emilys",
        "password": "emilyspass",
        "expiresInMins": {{expiresIn}} // dynamic variable we will be injecting using Pre-request script
    }
    
    // Pre-request script. Click on Scripts > Pre-request (on the left panel)
    
    pm.environment.set("expiresIn", 300);
    

     

  • Post-request Script
    
    Here, we have tested if the success response has code 200, if the response has accessToken, refreshToken that are not null and gender is female. If any one of the test case fails, the whole test is considered failed.
    

    pm.test("Status code is 200", function () {
        pm.response.to.have.status(200); // test if the response is success and has 200 status code
    })
    
    const response = pm.response.json();
    pm.test("Necessary tokens are available", function () {
        pm.expect(response.accessToken).to.not.be.null // test that accessToken is not null
        pm.expect(response.refreshToken).to.not.be.null // test that refreshToken is not null
        pm.expect(response.gender).equals('female') // test that gender is female
    });
    
    // set environment variables
    pm.environment.set("accessToken", response.accessToken);
    pm.environment.set("refreshToken", response.refreshToken);
    

    
    When we hit send, we can see something like this:

    
    
    On clicking the `Test Results` tab:
    
    
    

Get current user

• • Set access token as bearer token:
    
    The value of the accessToken is set from the post-response script used in login. 
    
    
    
  • Post-response script:
    
    Here, we have tested if the success response has code 200, phone number and date of birth are valid.
    

    pm.test("Status code is 200", function () {
        pm.response.to.have.status(200); // test if the response status is 200
    })
    
    const response = pm.response.json();
    pm.test("Phone number format is valid", function () {
        const regex = /^\+\d{1,3}\s\d{2,4}-\d{3}-\d{4}$/;
        pm.expect(response.phone).to.match(regex); // phone number validity check using Regex
    })
    
    pm.test("Valid DOB", function () {
        const dateFromResponse = new Date(response.birthDate)
        pm.expect(dateFromResponse.getTime()).lessThan((new Date()).getTime()) // D.O.B validity check. Date should be less than today
    })

    
    On sending the request, we should get success response and all the test should also pass. If the test fails, it will show something like below: