How can I change variable value in runtime in Postman test?
I'm trying to use postman for some basic API security tests and I have this URL:
http://example.com/api/v1/users/{{userID}}
{{userID}} is set to some user on site, and I want to set three tests that check if request is valid, if request has IDOR and if request has SQL injection.
This is the idea:
// userID is set to 20 ( valid user )
pm.test("Initial valid request", function () {
pm.expect(pm.response.text()).to.include("Peter"); });
*CHANGE THE VALUE OF {{userID}} to 30 to test for IDOR*
* URL should be set to http://example.com/api/v1/users/30 *
pm.test("IDOR protection valid", function () {
pm.expect(pm.response.text()).to.include("User not found."); });
*CHANGE THE VALUE OF {{userID}} to 20'or'1 to test for SQL injection*
* URL should be set to http://example.com/api/v1/users/20'or'1 *
pm.test("SQL injection test", function () {
pm.expect(pm.response.text()).to.include("You have an error"); });
My question is how do I change the values of {{userID}} so that next request uses changed value and not the one from environment variables.
Thanks
Tests will execute after the request runs
So each test will run based on the one request. So doing something like the following in your test
pm.collectionVariables.set('userID', 'IDOR*')
// or
pm.variables.set('userID', 'IDOR*')
Won't have the effect you're after as it doesn't make a request per test.
One potential way to solve this would be to have multiple requests, all of which have set the different variable values in the Pre-request Script. As an example, you might have a request that looks like this:
And then the related test:
- How to add current datetime in POST API request?
- How to authorize when sending email with Mailgun?
- Postman show up infinite "Sending request..." on my nodeJS MongoDB application
- How do i set up a bearer token in postman from an environment variable?
- Restful FedEx Trade Document Upload API - Can't upload signature or letterhead images
- Published on webserver core8 api works from POSTMAN and from weserver published frontend but ERR_CONNECTION_RESET from client browser
- How to Set Up and Test Firebase Cloud Messaging (FCM) Push Notifications with HTTP v1 API Using Postman?
- Postman Invalid characters in native dialog on Snap
- Postman - collect variable
- ReferenceError: b87b is not defined at HTMLButtonElement.onclick
- Global Function access in Postman
- Why do I get this error: Postman Error: Malformed part header?
- Postman: add header in a pre-request script
- How do I set express multer to accept images from nested fields and test it in postman?
- Why my ASP.NET Core app complains about invalid certificate?
- Microsoft Ads SubmitGenerateReport operation as AdPerformanceReportRequest returns RequiredColumnsNotSelected
- Post man retuning null file, even file is uploaded
- Pass array as query parameter in Postman
- Using django with postman {"detail":"CSRF Failed: CSRF token missing or incorrect."}
- WhatsApp template name does not exist in the translation
- Call a Rest API without FE application for every 10mins
- HTTP Request Returns 200 OK but No Content in Response in Spring Boot
- POSTMAN not sending anything in the body in POST requests
- Spring File Upload - 'Required request part is not present'
- upload file springboot Required request part 'file' is not present
- Postman: Required request part 'file' is not present
- Signature expired: is now earlier than error : InvalidSignatureException
- When using Jenkins/Newman/Postman how do you protect the client_id/client_secret credentials?
- I am getting 404 error in postman with post method in laravel
- UserNotFound Error for Existing Role in WSO2 IS 7.0.0 XACML Policy