How To Use Cookies In Postman

Understanding Cookies in Postman

Cookies are small pieces of data that websites store on a user’s computer to remember information about them, such as login details, preferences, and shopping cart items. In the context of API testing, cookies can be vital for:

Authenticating requests: Some APIs require cookies for authentication, allowing you to access protected resources after a successful login.
Tracking user sessions: Cookies can be used to maintain a consistent user session across multiple API requests.
Personalizing responses: Cookies can store user preferences, allowing APIs to tailor responses based on individual preferences.

How to Set Cookies in Postman

1. Setting Cookies Manually

Open the Postman interface: Create a new request or edit an existing one.
Navigate to the “Cookies” tab: This tab is located within the “Headers” section of the request builder.
Add cookies: Enter the name and value of the cookie you want to set. You can add multiple cookies by clicking the ”+” button.

Example:

Name:  sessionID
Value: 1234567890abcdef

2. Setting Cookies Using Pre-Request Scripts

Pre-request scripts allow you to execute JavaScript code before sending a request. This provides greater flexibility and control over cookie management.

Example:

pm.cookies.set("sessionID", "1234567890abcdef");

This script will set a cookie named “sessionID” with the value “1234567890abcdef” before sending the request.

3. Setting Cookies Using Environment Variables

Define environment variables: Go to the “Environments” tab and create a new environment or edit an existing one.
Add cookie variables: Define variables with the names and values of your cookies.

Example:

sessionID: 1234567890abcdef

Using the environment variable in a request:

pm.cookies.set("{{sessionID}}", "{{sessionID}}");

This script will use the value of the “sessionID” environment variable to set the cookie.

How to Retrieve Cookies in Postman

1. Retrieving Cookies Using Postman’s Response Object

After sending a request, Postman’s pm object provides access to the response headers, which include any cookies returned from the server.

Example:

const cookies = pm.response.cookies;

for (const cookie of cookies) {
  console.log(`Name: ${cookie.name}, Value: ${cookie.value}`);
}

This script iterates through the list of received cookies and logs their names and values.

2. Retrieving Cookies Using Pre-Request Scripts

You can also access cookies set by previous requests in your pre-request scripts using the pm.cookies.get() method.

Example:

const sessionID = pm.cookies.get("sessionID");
console.log(`Session ID: ${sessionID}`);

This script retrieves the value of the “sessionID” cookie and logs it to the console.

How to Delete Cookies in Postman

1. Deleting Cookies Manually

Under the “Cookies” tab, you can delete specific cookies by clicking the garbage bin icon next to their name.

2. Deleting Cookies Using Pre-Request Scripts

You can remove cookies before sending a request using the pm.cookies.delete() method.

Example:

pm.cookies.delete("sessionID");

This script will delete the cookie named “sessionID”.

3. Deleting All Cookies

You can clear all cookies set in Postman using the following code:

pm.cookies.clear();

How to Use Cookies in Postman for API Testing

Example: Authenticating and Accessing a Protected API Endpoint

Obtain an auth token: Send a POST request to the API endpoint responsible for login. Use the “Authorization” tab to include your credentials (username and password) in the request.
Set the cookie: Extract the “sessionID” cookie returned in the response and set it as an environment variable or use a pre-request script.
Send a request to a protected endpoint: Use the “Headers” tab to include the cookie in the request, either manually or using an environment variable.

Example code:

1. Login request:

pm.test("Successful login", function () {
  pm.response.to.have.status(200);
  pm.expect(pm.response.text()).to.include("Login successful");
});

2. Set the cookie:

pm.environment.set("sessionID", pm.response.cookies.get("sessionID").value);

3. Request to the protected endpoint:

pm.test("Successful access to protected endpoint", function () {
  pm.response.to.have.status(200);
  pm.expect(pm.response.text()).to.include("Welcome, user!");
});

This example demonstrates the basic workflow of using cookies for authentication and accessing protected resources. Adapt this code and request headers to your specific API and its requirements. Remember to be mindful of security when storing sensitive information like authentication tokens in environment variables, especially in shared environments.