Skip to main content
LiteClient supports pre-request and post-response scripts using a Postman-compatible pm API. Write JavaScript code that runs before sending a request or after receiving a response to automate workflows, set variables dynamically, and validate responses.

Overview

Scripts enable advanced automation and testing workflows:
  • Pre-request scripts: Run before a request is sent (set dynamic headers, compute signatures, etc.)
  • Post-response scripts: Run after receiving a response (validate data, extract values, run tests)
Scripts run in a sandboxed Node.js vm environment with a 2-second timeout and 100KB size limit.

The pm Object

The pm object provides the scripting API. It’s available globally in all scripts.

pm.environment

Access and modify environment variables.
pm.environment.get
function
Get the value of an environment variable.Signature: pm.environment.get(name: string): string | undefined
const apiKey = pm.environment.get('API_KEY');
console.log('Using API key:', apiKey);
pm.environment.set
function
Set or create an environment variable. Changes are persisted to storage.Signature: pm.environment.set(name: string, value: string): void
// Extract token from response and save to environment
const token = pm.response.json().access_token;
pm.environment.set('AUTH_TOKEN', token);
If the variable doesn’t exist, it will be created automatically in the current environment.
pm.environment.unset
function
Remove an environment variable.Signature: pm.environment.unset(name: string): void
pm.environment.unset('TEMP_TOKEN');

pm.globals

Access and modify global variables (shared across all environments).
pm.globals.get
function
Get the value of a global variable.Signature: pm.globals.get(name: string): string | undefined
const baseUrl = pm.globals.get('BASE_URL');
pm.globals.set
function
Set or create a global variable. Changes are persisted to storage.Signature: pm.globals.set(name: string, value: string): void
pm.globals.set('REQUEST_COUNT', '42');
pm.globals.unset
function
Remove a global variable.Signature: pm.globals.unset(name: string): void
pm.globals.unset('TEMP_VALUE');

pm.variables

Read-only access to resolved variables (combines globals, collection, and environment).
pm.variables.get
function
Get the resolved value of a variable following precedence order.Signature: pm.variables.get(name: string): string | undefinedResolution order: Globals → Collection → Environment (narrowest wins)
// Gets the most specific value
const apiUrl = pm.variables.get('API_URL');
Use pm.variables.get() when you don’t care which scope the variable comes from. Use pm.environment.get() or pm.globals.get() when you need a specific scope.

pm.request

Access request data (available in both pre-request and post-response scripts).
pm.request.url
string
The request URL (after variable substitution).
console.log('Sending request to:', pm.request.url);
pm.request.method
string
The HTTP method (GET, POST, PUT, DELETE, etc.).
if (pm.request.method === 'POST') {
  // Add special header for POST requests
  pm.request.headers.add('X-Request-Type', 'mutation');
}
pm.request.headers
object
Request headers collection.Methods:
  • get(name: string): string | undefined - Get header value
  • add(name: string, value: string): void - Add header
  • remove(name: string): void - Remove header
// Add authentication header
const token = pm.environment.get('TOKEN');
pm.request.headers.add('Authorization', `Bearer ${token}`);

// Check existing header
const contentType = pm.request.headers.get('Content-Type');
pm.request.body
object
Request body content.Methods:
  • raw() - Get body as string
  • json() - Parse body as JSON (throws if invalid)
// Modify request body
const body = pm.request.body.json();
body.timestamp = new Date().toISOString();
pm.request.body = JSON.stringify(body);

pm.response

Access response data (only available in post-response scripts).
pm.response.code
number
HTTP status code.
pm.test('Status is 200', () => {
  pm.expect(pm.response.code).to.equal(200);
});
pm.response.status
string
HTTP status text (e.g., “OK”, “Not Found”).
console.log('Response status:', pm.response.status);
pm.response.headers
object
Response headers collection.Methods:
  • get(name: string): string | undefined - Get header value
  • has(name: string): boolean - Check if header exists
const contentType = pm.response.headers.get('Content-Type');
pm.test('Response is JSON', () => {
  pm.expect(contentType).to.include('application/json');
});
pm.response.body
string
Raw response body as string.
console.log('Response length:', pm.response.body.length);
pm.response.json
function
Parse response body as JSON.Signature: pm.response.json(): any
const data = pm.response.json();
pm.test('Has user ID', () => {
  pm.expect(data.user.id).to.be.a('number');
});
Throws an error if the response body is not valid JSON.
pm.response.time
number
Response time in milliseconds.
pm.test('Response time is acceptable', () => {
  pm.expect(pm.response.time).to.be.below(500);
});

pm.test()

Define a test assertion (post-response scripts only).
pm.test
function
Create a named test with an assertion function.Signature: pm.test(name: string, fn: () => void): void
pm.test('User has valid email', () => {
  const user = pm.response.json();
  pm.expect(user.email).to.match(/@/);
});
Test results are displayed in the “Tests” tab of the response panel.

pm.expect()

ChaiJS-style assertions for testing.
pm.expect
function
Create an assertion using Chai’s expect syntax.Signature: pm.expect(actual): AssertionCommon assertions:
pm.expect(actual).to.equal(expected);
pm.expect(actual).to.eql(expected); // deep equality
pm.expect(actual).to.not.equal(value);

console

Log messages and debugging output.
console.log
function
Log informational messages.Signature: console.log(...args: any[]): void
console.log('Token extracted:', token);
console.log('User data:', user.name, user.email);
console.error
function
Log error messages.Signature: console.error(...args: any[]): void
console.error('Failed to parse response:', error.message);
console.warn
function
Log warning messages.Signature: console.warn(...args: any[]): void
console.warn('Deprecated API endpoint used');
Console output is displayed in the “Tests” tab with a 200-entry limit. Logs are cleared between requests.

Script Examples

Pre-Request Script Examples

Add computed headers before sending the request:
// Add timestamp header
pm.request.headers.add('X-Request-Time', new Date().toISOString());

// Add HMAC signature
const secret = pm.environment.get('API_SECRET');
const payload = pm.request.body.raw();
const signature = computeHMAC(secret, payload);
pm.request.headers.add('X-Signature', signature);

Post-Response Script Examples

Extract authentication token from response:
const response = pm.response.json();

if (response.access_token) {
  pm.environment.set('AUTH_TOKEN', response.access_token);
  console.log('Token saved to environment');
  
  // Calculate expiration time
  const expiresIn = response.expires_in || 3600;
  const expiresAt = Date.now() + (expiresIn * 1000);
  pm.globals.set('TOKEN_EXPIRES_AT', expiresAt.toString());
}

Script Limits

Scripts run in a sandboxed environment with the following limits:
  • Timeout: 2 seconds maximum execution time
  • Size: 100KB maximum script size
  • Console output: 200 entries maximum
  • Test results: 200 tests maximum
  • No external modules: Cannot use require() or import
  • No file system access: Cannot read/write files
  • No network access: Cannot make HTTP requests (except via pm.sendRequest() - coming soon)
Scripts that exceed the timeout or size limit will be terminated and an error will be displayed in the Tests tab.

Postman Compatibility

LiteClient’s scripting API is compatible with Postman Collection v2.1:
  • Import: Pre-request and test scripts are preserved when importing Postman collections
  • Export: Scripts are included when exporting to Postman format
  • Limitations: Collection-level and folder-level scripts are not supported (request-level only)
When importing a collection with collection-level or folder-level scripts, a warning will be displayed. You’ll need to manually copy those scripts to individual requests.

Best Practices

Script Organization

  • Keep scripts focused on a single responsibility
  • Use comments to explain complex logic
  • Extract common logic to environment variables (as JSON strings)
  • Use meaningful test names that describe what’s being validated

Performance

  • Avoid expensive operations in pre-request scripts (they delay request sending)
  • Cache computed values in variables instead of recalculating
  • Use console.log() sparingly in production scripts

Error Handling

  • Always wrap JSON parsing in try-catch blocks
  • Check for variable existence before using them
  • Provide descriptive error messages in console output
  • Use tests to validate assumptions about response structure

Variable Management

  • Use globals for values shared across all requests (base URLs, API keys)
  • Use environment variables for values specific to an environment (dev/prod tokens)
  • Use descriptive variable names (avoid single letters)
  • Clean up temporary variables with unset() when done