There aren’t concrete plans for scripting at this time but it’s not out of the question.
Many cases for scripting can already be solved with things like Request Chaining or custom Plugins.
Let me know if there’s something you’re trying to do that requires scripting.
Esben Bach·9 months ago
@Greg Schier before postman became a beast, we started using it for integration/system testing. So most of our requests have response “assertions” to verify the correct output, and often we do a series of “GET” requests after the main test sequence so that we can check the side-effect of the tests.
Reading the plugin docs and the request chaining docs, i am not sure that either would solve our particular use case.
It should be noted that we are more interrested in “assertions” (like soapui) than we are in scripting, its just that the common “catch all” solution to assertions are based on post-request scripting. SoapUI have a different setup that allows custom assertion steps as well as just doing post-request scripts/asserts. Both approaches would help us (and I am sure there are other ways to achieve the same).
Gregory Schier·8 months ago
Are you looking to run these tests from within the app, or from a CLI in a CI environment?
Esben Bach·8 months ago
CLI in a CI environment mostly. But we typically run the tests interactively during development of them and during troubleshooting when stuff fails….to determine if the API is broken or the test is broken mostly.
Gregory Schier·8 months ago
That’s great info, thanks!
Awe Ayomidipupo·6 months ago
Allow scripting of yaak workspaces
Gregory Schier·4 months ago
I’m not sure I understand. That sounds like the perfect use for request chaining, no?
Mihai Damaschin·4 months ago
So it's going to sound weird but I reread your comment and I have no idea what I initially understood or what I thought I initially understood from your comment. I have no explanation but I guess I'm severely lacking sleep.
Apologies, please ignore the first reply. 😭
Riaan van Rooyen·3 months ago
I’ve been using request chaining and it works for simple scenarios where the API i’m querying is well formed JSON, but I’ve ran into a subpar API (to say the least) where some of the endpoints return JSON and others return HTML 🥲
I think scripting to could be useful if I could extract some information from that response which can be a variable to inject into a subsequent request.
Thoughts how I could achieve this?
Gregory Schier·3 months ago
Yes, there are definitely differences between clients, so importing from any source will never be 100% compatible. I’d love to hear what sort of flows you’re using scripting for.
Patrick Diligent·3 months ago
Our core field of expertise is CIAM, we need full control of the Authentication/Authorization flows as it is one of the things that we test - not only acquiring tokens to call an api. Pre-request scripts are useful, it is needed to prefill the request with such things as the request parameter in a PAR request (OAuth2 flow), or for implementing the JWT profile scheme, to name the least. And as for post request scripting, it offers capabilities for checking response content that can’t be achieved with request chaining.
Gregory Schier·3 months ago
Thanks for the info! Just to follow up, does creating custom auth plugins also not help with some of the Auth flows?
Patrick Diligent·3 months ago
A custom auth plugin is more for authenticating with the api you want to interact with. It is not that useful when it is the authentication flow you’re testing. And it would not be as flexible as dropping a script. Chaining requests would still cover a part of it, such as propagating a jwt along the flow. However there are some required transformations that chaining requests would not cover.
There aren’t concrete plans for scripting at this time but it’s not out of the question.
Many cases for scripting can already be solved with things like Request Chaining or custom Plugins.
Let me know if there’s something you’re trying to do that requires scripting.
@Greg Schier before postman became a beast, we started using it for integration/system testing. So most of our requests have response “assertions” to verify the correct output, and often we do a series of “GET” requests after the main test sequence so that we can check the side-effect of the tests.
Reading the plugin docs and the request chaining docs, i am not sure that either would solve our particular use case.
It should be noted that we are more interrested in “assertions” (like soapui) than we are in scripting, its just that the common “catch all” solution to assertions are based on post-request scripting. SoapUI have a different setup that allows custom assertion steps as well as just doing post-request scripts/asserts. Both approaches would help us (and I am sure there are other ways to achieve the same).
Are you looking to run these tests from within the app, or from a CLI in a CI environment?
CLI in a CI environment mostly. But we typically run the tests interactively during development of them and during troubleshooting when stuff fails….to determine if the API is broken or the test is broken mostly.
That’s great info, thanks!
I’m not sure I understand. That sounds like the perfect use for request chaining, no?
So it's going to sound weird but I reread your comment and I have no idea what I initially understood or what I thought I initially understood from your comment. I have no explanation but I guess I'm severely lacking sleep.
Apologies, please ignore the first reply. 😭
I’ve been using request chaining and it works for simple scenarios where the API i’m querying is well formed JSON, but I’ve ran into a subpar API (to say the least) where some of the endpoints return JSON and others return HTML 🥲
I think scripting to could be useful if I could extract some information from that response which can be a variable to inject into a subsequent request.
Thoughts how I could achieve this?
Yes, there are definitely differences between clients, so importing from any source will never be 100% compatible. I’d love to hear what sort of flows you’re using scripting for.
Our core field of expertise is CIAM, we need full control of the Authentication/Authorization flows as it is one of the things that we test - not only acquiring tokens to call an api. Pre-request scripts are useful, it is needed to prefill the request with such things as the request parameter in a PAR request (OAuth2 flow), or for implementing the JWT profile scheme, to name the least. And as for post request scripting, it offers capabilities for checking response content that can’t be achieved with request chaining.
Thanks for the info! Just to follow up, does creating custom auth plugins also not help with some of the Auth flows?
A custom auth plugin is more for authenticating with the api you want to interact with. It is not that useful when it is the authentication flow you’re testing. And it would not be as flexible as dropping a script. Chaining requests would still cover a part of it, such as propagating a jwt along the flow. However there are some required transformations that chaining requests would not cover.
Got it! I appreciate the clarification