How to use a synced cookie as a request parameter variable in Postman API Testing

How to use a synced cookie as a request parameter variable in Postman API Testing

This article might be interesting when you use Postman for API testing. I'll explain you how you can use a synced cookie from a site or web application and use it as a parameter value in a POST request using a pre-request script

Let us start from the beginning

Let's start with a kind of let down (maybe)

Big Alert
The following will only work on non-secure cookies. This is an Postman issue in the current version (november 2022). Hopefully this will be corrected in the upcoming version.
  1. The request
  2. The Cookies tab
  3. The column that shows if the cookie in the row is secure or not. This has to be false (non-secure)
  4. The main cookie used as a sample in the following description.

postman-non-secure-cookies.png Click on the image for a bigger picture

Preparing cookie management in Postman

Starting from here I assume that the requirements mentioned in the former paragraph are settled and that all the cookies which have to become values in the requests are non-secure.

!! During the process the Google Chrome extension Postman interceptor is required. So I assume that you are using the Google Chrome web browser when reading the remainder of the article.

Let's get started

We start by clicking on the Cookies button just below the Send button.

postman-cookies-button.png Click on the image for a bigger picture

Now the window titled Cookies pops up containing 2 tabs:

  1. Manage cookies
  2. Sync Cookies

By default it will open up displaying the Sync Cookies tab because there is no cookie intercepter installed in Google Chrome. When you just follow the link labeled interceptor extension, it will open the extension page in Google Chrome from which you install the Postman interceptor plugin with a single click.

postman-no-interceptor-dialog.png Click on the image for a bigger picture

After that is done Postman will immediately notice that the extension is installed by showing a green CONNECTED and a small lock symbol. Now you can add domains of which you want to intercept changes to the cookies.

!!! When you enter a domain name without www or a subdomain prefix, it will intercept all cookies of sites with the entered domain, that is including any subdomains.

  1. Goto the Sync Cookies tab (if not already active)
  2. Enter the domain name
  3. Click on Add Domain (repeat step 2 and 3 for any other domains)
  4. Conclude by clicking Start Syncing


After the sync is initiated and started we can see the effect of what we just have done.

  1. Click on the Manage Cookies tab.
  2. Click on the cookie you want to investigate. You can make changes here, but that doesn't make any sense if you have an auto sync in place.

postman-synced-cookies-dialog.png Click on the image for a bigger picture

In the webbrowser you can open the developer tools by pressing F12.

  1. Click on Application tab/menu, positioned after Memory and before Security.
  2. Find your domain in the Cookies section on the left side.
  3. The cookie that we want to check, this should be the same as the value in Postman, as seen in the former step.

postman-chrome-dev-tools.png Click on the image for a bigger picture

To use the values in our scripts you have to add the domain(s) to a so called Allowlist. On the Cookies window there is a button labeled Domains Allowlist. Simply click on this.

postman-domains-allowlist.png Click on the image for a bigger picture

Now you have to enter the domains of which you would like the cookie values in your scripts. You can add a many as you require.

postman-whitelist-domains.png Click on the image for a bigger picture

Pre-request Script for intercepting the cookie variable(s)

Now it is time to create a little script that will run on any request in our collection. When you do this on the highest level, it will run a Pre-request Script on every request lower in the hierarchy. In the sample image the script will be executed previous to all requests within subfolders below the collection where it has been defined.

!! If you have a collection on the same level, you have to copy the code to this collection as well. There is no such thing as a global Pre-request Script.

  1. Goto the Collections on the left side.
  2. Select the collection or folder or even a single request where you want to apply the code.
  3. Select the Pre-request Script tab and enter the code.

What is done here, is that the cookie values are taken from the cookie jar and when found placed on the collection variables for easy access. When nothing is found, nothing is done. There is no intensive error handling, simply because you are the developer and hopefully know what to expect.

postman-pre-request-script.png Click on the image for a bigger picture

Sample Code

const jar = pm.cookies.jar();

jar.get('www.zap-suite.local', 'gateway_token', (err, cookie) => {
    if (err === null) {
        pm.collectionVariables.set('gateway_token', cookie); 

A sample request

Now it is time to use what we have prepared in the earlier steps.

We are creating a sample request.

  1. The request
  2. It is a POST request
  3. In the form-data tab we enter the parameters to be sent to the server
  4. Special attention for the token variable which has the value {{gateway_token}} (5), as initiated by the Pre-request Script

When the request is executed the gateway_token will be sent with the proper current value from the synchronized cookies by the Postman interceptor.

postman-sample-request.png Click on the image for a bigger picture

When you hover over {{gateway_token}} you will see that Postman recognizes the variable as a collectionVariable.



More from same category