Skip to content
Postman API Testing Tips

How To Use Session Id In Postman

API Testing Blog

How to Use Session IDs in Postman for API Testing

Session IDs are essential for interacting with APIs that require authentication and maintaining state across multiple requests. Postman provides several ways to manage session IDs, allowing you to seamlessly integrate them into your API testing workflows.

1. Storing Session IDs in Environment Variables

One common approach is to store session IDs in Postman’s Environment Variables. This method offers flexibility and reusability.

Steps:

  1. Create a new environment: Go to Environments and click Add.
  2. Define a variable: Name the variable (e.g., SESSION_ID) and set its initial value to an empty string or a placeholder if you have an existing session ID.
  3. Set the session ID: In your request, send a login request to the API.
  4. Parse the response: Use Postman’s Test tab to extract the session ID from the response body using JSON/XML parsers or regular expressions.
  5. Update the environment variable: Set the extracted session ID to the SESSION_ID variable using pm.environment.set("SESSION_ID", sessionID);.
  6. Use the variable in subsequent requests: In all following API requests that require session ID authentication, include the {{SESSION_ID}} variable in the request headers or body.

Example:

Request:

{
  "username": "testuser",
  "password": "testpassword"
}

Test Script:

pm.test("Login Successful", function () {
  pm.response.to.have.status(200);
});


const sessionID = pm.response.json().session_id; // Assuming the session ID is in the "session_id" field
pm.environment.set("SESSION_ID", sessionID);

Subsequent Request Headers:

Authorization: Bearer {{SESSION_ID}}

2. Passing Session IDs in Request Headers

For APIs that accept the session ID directly in the request headers, use this method:

Steps:

  1. Send the login request: Make the initial login request to the API.
  2. Get the session ID: Extract the session ID from the response using Postman’s Test script.
  3. Set the session ID in subsequent requests: In following requests that require session authentication, include the extracted session ID as a header parameter with a key like Authorization or Session-Id.

Example:

Request Headers:

Authorization: Bearer {{session_token}}

Test Script:

pm.test("Login Successful", function () {
  pm.response.to.have.status(200);
});


const session_token = pm.response.json().session_token;
pm.environment.set("session_token", session_token);

3. Using Pre-request Scripts to Set Session IDs

For scenarios where you need to set the session ID before each request, Pre-request Scripts offer a convenient method.

Steps:

  1. Create a pre-request script: In the Pre-request Script tab of your request, write JavaScript code.
  2. Fetch the session ID: Use Postman’s pm.environment.get() or pm.variables.get() functions to retrieve the session ID stored in an environment variable or global variable.
  3. Set the session ID in the request headers: Use pm.request.headers.add() to set the session ID as a header parameter.

Example:

Pre-request Script:

pm.request.headers.add('Authorization', 'Bearer ' + pm.environment.get('SESSION_ID'));

4. Managing Session IDs with Collections

Organize API requests into collections and use pre-request scripts and test scripts to manage session IDs efficiently.

Steps:

  1. Create a collection: Group related API requests into a collection for easier organization.
  2. Set global variables: Add global variables to the collection, such as SESSION_ID, for storing session IDs.
  3. Use pre-request scripts: Add pre-request scripts to each request that needs the session ID to retrieve it and set it in the headers.
  4. Update session ID after each login: Include test scripts that update the global variable SESSION_ID after successful login requests.

Example:

Collection Global Variables:

  • SESSION_ID: Empty string (or initial session ID if known)

Pre-request Script:

pm.request.headers.add('Authorization', 'Bearer ' + pm.collectionVariables.get('SESSION_ID'));

Test Script:

pm.test("Login Successful", function () {
  pm.response.to.have.status(200);
});


const sessionID = pm.response.json().session_id;
pm.collectionVariables.set("SESSION_ID", sessionID);

5. Using Cookies for Session Management

Some APIs rely on cookies for session management. Postman’s Cookie Jar allows you to manage cookies effectively.

Steps:

  1. Enable the Cookie Jar: Navigate to Settings > General and enable the Cookie Jar option.
  2. Send login request: Make the initial login request to the API.
  3. Capture cookies: Postman’s Cookie Jar will automatically capture the cookies set by the server.
  4. Use cookies in subsequent requests: Subsequent requests will automatically include the captured cookies by default.

6. Using Session Storage in Browsers

For running API tests within a browser environment, you can leverage browser session storage.

Steps:

  1. Create a web browser request: Select Web Browser from the Request type dropdown.
  2. Access session storage: Use Postman’s pm.request.sessionStorage object to access the browser’s session storage.
  3. Store session ID: Use pm.request.sessionStorage.setItem('SESSION_ID', sessionID) to store the session ID after login.
  4. Retrieve session ID: Use pm.request.sessionStorage.getItem('SESSION_ID') to retrieve the session ID in subsequent requests.

Conclusion

By understanding and implementing these methods, you can effectively manage session IDs in Postman and ensure that your API tests interact with authenticated systems correctly. Choose the strategy that best suits your API and testing environment to maintain state and authenticate your requests consistently. Remember to keep your session ID management secure and update session IDs regularly as needed.

API Testing Blog