> ## Documentation Index
> Fetch the complete documentation index at: https://docs.requestly.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Overview of the Requestly scripting reference: the rq object, pre-request and post-response scripts, and the Safe and Developer sandbox modes.

Requestly scripts let you add logic to your API requests using JavaScript. You write scripts in two places:

* **Pre-request scripts** run before a request is sent. Use them to set variables, build a signature, fetch a token, or skip the request.
* **Post-response scripts** run after the response arrives. Use them to validate the response, extract values, and write tests.

Inside both, everything you need is on the global **`rq`** object. This reference documents every part of it.

## The rq object

`rq` is the entry point for reading request and response data, managing variables, sending requests, and writing tests. The cards below link to the reference page for each part.

<CardGroup cols={2}>
  <Card title="rq.request" href="/api-client/rq-api-reference/rq-request">
    Read and modify the request: method, URL, headers, body, query parameters.
  </Card>

  <Card title="rq.response" href="/api-client/rq-api-reference/rq-response">
    Read the response: status, headers, body, and parsed JSON.
  </Card>

  <Card title="rq.sendRequest" href="/api-client/rq-api-reference/rq-send-request">
    Send an HTTP request from a script and read its response.
  </Card>

  <Card title="rq.execution" href="/api-client/rq-api-reference/rq-execution">
    Skip a request, control collection-run order, and run another saved request.
  </Card>

  <Card title="rq.environment" href="/api-client/rq-api-reference/rq-environment">
    Read and write environment variables.
  </Card>

  <Card title="rq.collectionVariables" href="/api-client/rq-api-reference/rq-collection-variables">
    Read and write variables scoped to a collection.
  </Card>

  <Card title="rq.globals" href="/api-client/rq-api-reference/rq-globals">
    Read and write variables available everywhere.
  </Card>

  <Card title="rq.vault" href="/api-client/rq-api-reference/rq-vault">
    Read secrets stored securely in your vault.
  </Card>

  <Card title="rq.test" href="/api-client/rq-api-reference/rq-test">
    Define tests that pass or fail based on the response.
  </Card>

  <Card title="rq.expect" href="/api-client/rq-api-reference/rq-expect">
    Write assertions inside your tests.
  </Card>

  <Card title="rq.iterationData" href="/api-client/rq-api-reference/rq-iteration-data">
    Read the current row of data during a collection run.
  </Card>

  <Card title="rq.info" href="/api-client/rq-api-reference/rq-info">
    Read information about the current execution.
  </Card>
</CardGroup>

## Script execution modes

Requestly runs your scripts in one of two modes. You pick the mode per request from the mode menu in the **Scripts** editor toolbar, next to the pre-request and post-response toggle.

### Safe Mode

**Safe Mode is the default.** Scripts run in an isolated sandbox with no access to your system. This is the right choice for almost every script: reading and writing variables, building requests, sending requests with `rq.sendRequest`, and writing tests all work in Safe Mode.

For security, Safe Mode does not allow a script to:

* load a package that needs a native add-on,
* read or write your file system, or
* use asymmetric cryptography such as RS256, ES, or PS (use HS256 instead).

If a script tries to use a package that needs one of these, Requestly shows a message that names the package and explains how to proceed, for example: `Package 'some-package' cannot be used in Safe mode`.

### Developer Mode

Developer Mode runs scripts with full access to your system, including files, the network, and processes. Use it only for scripts you trust, and only when a script needs a capability that Safe Mode does not allow (for example a package with a native add-on).

To switch a request to Developer Mode, open the mode menu in the Scripts toolbar and select **Developer**. Requestly asks you to confirm, because Developer Mode gives scripts full system access. Switching back to Safe Mode takes effect immediately.

<Warning>
  Only use Developer Mode for scripts you trust. A script in Developer Mode can read your files, make network connections, and run processes on your machine.
</Warning>

The mode you pick applies to that request for your current session and is not saved with the request.

## Related Documentation

* [Pre-request & Post-response Scripts](/api-client/scripts)
* [Import Packages into Your Scripts](/api-client/import-packages-into-your-scripts)
* [rq.request Object](/api-client/rq-api-reference/rq-request)
* [rq.sendRequest Object](/api-client/rq-api-reference/rq-send-request)
* [rq.execution Object](/api-client/rq-api-reference/rq-execution)
