Docs
Powered by

# Request Manipulation and Advanced Features

# Overview

Advanced pre-run script features provide powerful capabilities for dynamic request manipulation, conditional script execution, and sophisticated test automation. These features enable complex testing scenarios including HMAC signature computation, dynamic authentication, and request-specific modifications.

# Configuration Options

# Script Enable/Disable Toggle

Control whether pre-run scripts execute for your test suite:

  • Location: Test Suite Settings → Pre-Run Script section
  • Default: Enabled
  • Purpose: Allows you to quickly enable or disable script execution without deleting your script code

# Run Frequency Control

The "Should run on every test case" toggle determines script execution frequency:

# Disabled (Default - Run Once)

  • Script executes once per test execution session
  • Ideal for session setup, global variable initialization

# Enabled (Run Per Test Case)

  • Script executes before each individual test case
  • Receives specific test case request object
  • Ideal for request-specific modifications like signatures

# Request Object Access

# Complete Request Structure

When "Should run on every test case" is enabled, your script receives the full request object for each test accessible using the request variable.

Sample request object available in pre-run script:

{
  method: "POST",
  url: "https://api.example.com/users/{userId}",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer "
  },
  json_body: {
    name: "John Doe",
    email: "john@example.com",
    metadata: {}
  },
  query_params: {
    include: "profile",
    format: "json"
  },
  path_params: {
    userId: "123"
  }
}

# Request Manipulation Examples

# 1. Adding Dynamic Headers 

// Add timestamp header
request.headers['X-Timestamp'] = Date.now().toString();

// Add correlation ID for request tracking
request.headers['X-Correlation-ID'] = `req-${Date.now()}`;

// Add environment-specific headers
if (getVariable('environment') === 'production') {
    request.headers['X-Priority'] = 'high';
}

# 2. Modifying Request Body 

// Add metadata to request body
request.json_body.metadata = {
    source: 'automated-test',
    timestamp: new Date().toISOString()
};

// Conditionally modify body based on test type
if (request.url.includes('/secure/')) {
    request.json_body.security_level = 'high';
}

# 3. Dynamic URL and Parameter Manipulation 

// Modify base URL based on environment
const environment = getVariable('environment');
if (environment === 'staging') {
    request.url = request.url.replace('api.', 'staging-api.');
}

// Add version parameter
request.query_params.v = '2.1';
request.query_params.client = 'test-suite';

// Update path parameters dynamically
const currentUserId = getVariable('current_user_id');
request.path_params.userId = currentUserId;

# Example: Computing HMAC Signature

This example shows how to compute an HMAC signature using request data and add it to request headers:

const crypto = require('crypto');

// Get the secret key from variables
const secret = getVariable('hmac_secret');

// Create signature payload using request components
const signaturePayload = [
    request.method,                           // HTTP method (GET, POST, etc.)
    request.url,                             // Request URL
    JSON.stringify(request.json_body || {}), // Request body as JSON string
    Date.now().toString()                    // Current timestamp
].join('|');

// Compute HMAC SHA256 signature
const signature = crypto
    .createHmac('sha256', secret)
    .update(signaturePayload)
    .digest('hex');

// Add the computed signature to request headers
request.headers['X-API-Signature'] = signature;
request.headers['X-Signature-Method'] = 'HMAC-SHA256';

Key Points:

  • Only the request object is available from the test case in pre-run scripts
  • The signature is computed using request method, URL, body, and timestamp
  • The computed signature is added to the X-API-Signature header
  • The request object is modified and returned to be used in the actual API call
  • This runs before each test case when "Should run on every test case" is enabled

# Key Features

The pre-run script request manipulation feature provides:

  • Toggle Control: Enable or disable scripts without deleting code
  • Execution Frequency: Choose between running once per session or before every test case
  • Full Request Access: Complete access to modify headers, body, URL, and parameters
  • Variable Integration: Set and retrieve variables for use across test cases
  • Dynamic Modifications: Compute values like signatures based on request content

© Copyright Kusho, Inc. 2025. All rights reserved.