Skip to main content
Requestly scripts let you add logic to your API requests using JavaScript. You write scripts in two places:
  • Pre-request scripts run before a request is sent. Use them to set variables, build a signature, fetch a token, or skip the request.
  • Post-response scripts run after the response arrives. Use them to validate the response, extract values, and write tests.
Inside both, everything you need is on the global rq object. This reference documents every part of it.

The rq object

rq is the entry point for reading request and response data, managing variables, sending requests, and writing tests. The cards below link to the reference page for each part.

rq.request

Read and modify the request: method, URL, headers, body, query parameters.

rq.response

Read the response: status, headers, body, and parsed JSON.

rq.sendRequest

Send an HTTP request from a script and read its response.

rq.execution

Skip a request, control collection-run order, and run another saved request.

rq.environment

Read and write environment variables.

rq.collectionVariables

Read and write variables scoped to a collection.

rq.globals

Read and write variables available everywhere.

rq.vault

Read secrets stored securely in your vault.

rq.test

Define tests that pass or fail based on the response.

rq.expect

Write assertions inside your tests.

rq.iterationData

Read the current row of data during a collection run.

rq.info

Read information about the current execution.

Script execution modes

Requestly runs your scripts in one of two modes. You pick the mode per request from the mode menu in the Scripts editor toolbar, next to the pre-request and post-response toggle.

Safe Mode

Safe Mode is the default. Scripts run in an isolated sandbox with no access to your system. This is the right choice for almost every script: reading and writing variables, building requests, sending requests with rq.sendRequest, and writing tests all work in Safe Mode. For security, Safe Mode does not allow a script to:
  • load a package that needs a native add-on,
  • read or write your file system, or
  • use asymmetric cryptography such as RS256, ES, or PS (use HS256 instead).
If a script tries to use a package that needs one of these, Requestly shows a message that names the package and explains how to proceed, for example: Package 'some-package' cannot be used in Safe mode.

Developer Mode

Developer Mode runs scripts with full access to your system, including files, the network, and processes. Use it only for scripts you trust, and only when a script needs a capability that Safe Mode does not allow (for example a package with a native add-on). To switch a request to Developer Mode, open the mode menu in the Scripts toolbar and select Developer. Requestly asks you to confirm, because Developer Mode gives scripts full system access. Switching back to Safe Mode takes effect immediately.
Only use Developer Mode for scripts you trust. A script in Developer Mode can read your files, make network connections, and run processes on your machine.
The mode you pick applies to that request for your current session and is not saved with the request.