Skip to content
Postman API Testing Tips

How To Use Cookie In Postman

API Testing Blog

Understanding Cookies in Postman

Cookies are small pieces of data that websites store on a user’s computer to remember information about them. This information can include login details, preferences, and shopping cart items. Cookies are often crucial in API testing, as they can store authentication tokens, session IDs, and other data necessary for successful API interactions.

Setting and Retrieving Cookies in Postman

Postman offers several methods for working with cookies, making it easy to manage them during your API testing.

1. Setting Cookies Manually

  • Open the “Cookies” tab: In the Postman interface, navigate to the “Cookies” tab, usually located to the right of the request details.
  • Add new cookies: Click on the “Add cookie” button and provide the following information:
    • Name: The unique identifier for the cookie.
    • Value: The data associated with the cookie.
    • Domain: The website or domain where the cookie is valid.
    • Path: The directory path where the cookie applies.
    • Secure: Check this box if the cookie should only be transmitted over HTTPS.
    • HTTPOnly: Check this box to prevent JavaScript from accessing the cookie.
    • Expires: Optional; set an expiry date for the cookie.
  • Save the cookies: Once you have provided all the necessary information, click on the “Save” button to store the cookies.

Sample code:

[
  {
    "name": "session_id",
    "value": "1234567890abcdef",
    "domain": "example.com",
    "path": "/",
    "secure": false,
    "httpOnly": false,
    "expires": "2024-01-01T00:00:00.000Z"
  }
]

2. Setting Cookies with a Request

You can also set cookies directly within the request headers. This is particularly useful when testing API responses that contain Set-Cookie headers.

  • Add a header: Go to the “Headers” tab and add a new header named Cookie.
  • Format the cookie string: Inside the value field, format the cookie string as follows: name=value; name2=value2; ....
  • Send the request: When you send the request, the server will parse the Cookie header and set the specified cookies.

Sample code:

Cookie: session_id=1234567890abcdef; auth_token=xyz123

3. Retrieving Cookies from Responses

Postman allows you to extract cookies from API responses that contain Set-Cookie headers. This is helpful when you want to use cookies set by the server in subsequent requests.

  • Go to the “Cookies” tab: After sending a request, navigate to the “Cookies” tab.
  • View cookies: Postman automatically parses and displays the Set-Cookie headers from the response, including cookie details.
  • Use in subsequent requests: You can directly use these retrieved cookies in subsequent requests, either manually or using Postman’s variables and environment variables.

4. Using Cookies in Tests

You can include assertions about cookies within your Postman tests. This allows you to verify that cookies are being set, modified, and deleted as expected during API interactions.

pm.test("Verify cookie is set", function () {
  pm.expect(pm.cookies.has('session_id')).to.be.true;
});


pm.test("Verify cookie value", function () {
  pm.expect(pm.cookies.get('session_id')).to.equal('1234567890abcdef');
});

1. Using Postman Variables for Cookies

For dynamic and reusable cookie management, consider using Postman variables. Store cookie values in variables and reference them in request headers or tests. This makes managing your cookies more organized and flexible.

Sample code:

// Set a variable for session ID
pm.environment.set("sessionID", "1234567890abcdef");


// Use the variable in the request header
pm.sendRequest('https://example.com/api/users', function (err, res) {
    if (err) {
        console.log(err);
    } else {
        console.log(res.headers.get('Set-Cookie'));
    }
});

2. Working with Cookies across Multiple Requests

When testing workflows that involve multiple API calls, using cookies effectively is essential. Postman lets you manage cookies persistently between requests:

  • Global cookies: Defined in the “Global” environment, these cookies are available across all your Postman collections.
  • Environment cookies: Defined in the specific environment being used, these cookies are accessible within that environment.
  • Collection cookies: Defined in the “Collection Variables” section, these cookies are specific to the collection and persist within it.

3. Cleaning Cookies

It’s often necessary to clear cookies after a test to ensure a clean slate for subsequent requests. Postman provides several ways to do this:

  • Delete specific cookies: Use pm.cookies.remove('cookieName') to remove a specific cookie.
  • Clear cookies for a domain: Use pm.cookies.clear('https://example.com') to clear all cookies for the specified domain.
  • Clear all cookies: Use pm.cookies.clearAll() to remove all cookies related to the current environment.

Summary

Postman offers a powerful and versatile set of tools for working with cookies during API testing. Mastering its features for setting, retrieving, managing, and cleaning cookies will streamline your testing workflows, improving efficiency and accuracy. By understanding and leveraging these capabilities, you can effectively handle cookie-dependent API interactions and ensure comprehensive test coverage.

API Testing Blog