Scripts
Overview
Each request has a Pre-script and a Post-script. Scripts run in a QuickJS sandbox: isolated, synchronous JavaScript with no access to the filesystem or network. They share a context object (ic) to read and modify the request, environment, response, and cookies.
Execution order for a single request:
- Folder pre-scripts (outermost to innermost)
- Request pre-script
- HTTP request
- Request post-script
- Folder post-scripts (innermost to outermost)
If a pre-script throws, the request is aborted. A failing assertion in a post-script is recorded but does not abort the run.
Each script is bound by the sandbox limits: 64 MiB of memory and a 2-second wall-clock budget. A script that exceeds either limit is terminated and the request is marked as failed.
ic.env
Read and write environment variables. Changes propagate to subsequent requests in a collection run.
const base = ic.env.get("base_url"); // read: returns string or null
ic.env.set("auth_token", body.token); // write
ic.request
A snapshot of the outgoing request. In a pre-script, mutations to ic.request.url and ic.request.headers override the interpolated values before the HTTP call is made. A URL you assign is used verbatim; it is not interpolated again.
// Read (available in pre and post scripts)
ic.request.url // string
ic.request.method // "GET", "POST", ...
ic.request.headers["content-type"] // string or undefined
// Mutate (pre-script only)
ic.request.url = "https://override.example.com/api";
ic.request.headers["x-trace-id"] = "abc-123";
Mutations to ic.request have no effect in post-scripts.
ic.response
Available in post-scripts only. ic.response is null in pre-scripts.
ic.response.status // 200
ic.response.statusText // "OK"
ic.response.headers // object, lowercase keys
ic.response.body // raw response string
ic.response.json() // parsed JSON; throws if body is not valid JSON
ic.response.duration_ms // round-trip time in milliseconds
Example: extract a token and store it for subsequent requests:
const body = ic.response.json();
ic.env.set("auth_token", body.data.token);
ic.cookies
Read and modify the cookie jar shared across a collection run. Available in pre and post scripts. See Cookies & sessions for the full API and how the jar is populated.
const session = ic.cookies.get("session_id"); // string or null
ic.cookies.set("session_id", "abc123"); // add or update
ic.test & ic.expect
Write assertions in post-scripts. Test results appear per-request in the response panel and in the collection runner output. A failing test does not stop the run; remaining tests still execute.
ic.test("returns 200", () => {
ic.expect(ic.response.status).toBe(200);
});
ic.test("body has id", () => {
const body = ic.response.json();
ic.expect(body.id).toBeDefined();
ic.expect(body.id).toBeGreaterThan(0);
});
Available matchers
| Matcher | Description |
|---|---|
.toBe(x) |
Strict equality (===) |
.toEqual(x) |
Deep equality (objects and arrays) |
.toBeGreaterThan(n) |
value > n |
.toBeGreaterThanOrEqual(n) |
value >= n |
.toBeLessThan(n) |
value < n |
.toBeLessThanOrEqual(n) |
value <= n |
.toContain(str) |
String or array contains str |
.toMatch(pattern) |
String matches a regular expression |
.toBeDefined() |
Not null and not undefined |
.toBeUndefined() |
Strictly undefined |
.toBeNull() |
Strictly null |
.not.toBe(x) |
Negation; .not is also available for toEqual, toContain, and toBeDefined |
Folder scripts
Folders have their own pre-script and post-script, applied to every request they contain. Folder pre-scripts run before the request's own pre-script, from the outermost folder inward. Header and URL overrides accumulate across folder and request pre-scripts.
This is useful for shared setup such as authentication, base URL construction, or logging, all without duplicating code across requests.
// Folder pre-script: inject an auth header for all requests in this folder
const token = ic.env.get("auth_token");
if (!token) throw new Error("auth_token is not set in the active environment");
ic.request.headers["Authorization"] = "Bearer " + token;