Scripting

Impostor runs JavaScript before and after a request using an embedded engine, with a Postman-compatible pm.* API. This lets you prepare requests, extract values from responses, chain requests, and assert on results.

Pre- and post-request scripts

Each request has a Pre and a Post script tab:

• Pre-request scripts run before the request is sent — set up variables, compute signatures, or tweak the request.
• Post-request scripts run after the response arrives — extract tokens, set variables for the next request, and run tests.

Folders can carry scripts too; descendant requests inherit them.

The pm.* API

A familiar subset of the Postman API is available:

• pm.variables.get(key) — read any in-scope variable.
• pm.environment.set(key, value) — set a variable for subsequent requests (persisted to the active environment on send).
• pm.request.method, pm.request.url — inspect the outgoing request.
• pm.response.code, pm.response.status, pm.response.responseTime — response metadata.
• pm.response.text(), pm.response.json() — the response body.
• pm.response.headers.get(name) — a response header.
• console.log(...) — write to the Console tab.

// Post-request: capture an auth token for later requests.
const body = pm.response.json();
pm.environment.set("token", body.access_token);

Tests and assertions

Write assertions with pm.test and a chai-style pm.expect:

pm.test("status is 200", () => {
  pm.expect(pm.response.code).to.equal(200);
});

pm.test("returns a user id", () => {
  pm.expect(pm.response.json()).to.have.property("id");
});

pm.expect supports the common matchers (equal/eql, a, above/below, least/most, include, property, match, ok, true/false/null) and .not. Results show in the Tests tab, and are aggregated by the collection runner.

The sandbox

Scripts run in a fast, embedded JavaScript engine (QuickJS) that is sandboxed — no filesystem or network access by default. Each script has a hard time limit and a memory cap, so a runaway script can’t hang the app.