Variables

Variables are used for avoiding unnecessary data duplication in requests or for providing an easy way of switching between environments. They can be used inside request line, header fields, request body or in variable definitions. Each variable is represented by a case-sensitive identifier surrounded by double curly braces.

@foo=bar
GET https://httpbin.org/anything?q={{foo}} HTTP/1.1

Inline Variables

Inline Variables can be easily created with the following scheme. Variable Substitution is supported.

@foo=bar
@fooExtended={{foo}}_Extendend
GET https://httpbin.org/anything?q={{fooExtended}} HTTP/1.1

Inline Variables in global scripts are set for each request in the file

@host=https://httpbin.org
###
GET /post HTTP/1.1

GET /post HTTP/1.1

For variables, a distinction is made between fixed and lazy variables. The fixed variables are evaluated directly at definition (request result would query ?foo=foobar).

@bar=bar
@foo=foo{{bar}}
###
GET https://httpbin.org/anything?foo={{foo}} HTTP/1.1

###
# @name result
@bar=bar2
GET https://httpbin.org/anything?foo={{foo}} HTTP/1.1

Lazy variables are only evaluated before a request or NodeJS execution (request result would query ?foo=foobar2). .

@bar=bar
@foo:=foo{{bar}}
###
GET https://httpbin.org/anything?foo={{foo}} HTTP/1.1

###
# @name=result
@bar=bar2
GET https://httpbin.org/anything?foo={{foo}} HTTP/1.1

TIP

If a required variable is not yet defined, it will also be set lazy

Import Variables

The variables are also imported from other files using @import.

# @import ./variablesInit.http
GET https://httpbin.org/anything?q={{fooExtended}} HTTP/1.1
 

You can also reference (@ref) named responses (@name) from other files.

# @import ./name.http
# @ref json
POST https://httpbin.org/anything HTTP/1.1
{{json.slideshow.author}}
 
 


# @name json
GET https://httpbin.org/json HTTP/1.1

###
# @ref json
POST https://httpbin.org/anything HTTP/1.1
{{json.slideshow.author}}
 






Variable Substitution in Request

Before the request is sent, all variables in the request (request line, headers, request body) are replaced with the value of the variable.

TIP

If the replacement is not desired, this can be prevented using \{\{...\}\}. This is replaced by {{...}}

POST https://httpbin.org/anything HTTP/1.1
{
  "template": "My \{\{someVerb\}\} template!!"
}

NodeJs Script

All entries of the form {{...}} are interpreted as NodeJS Javascript which returns exactly one value. Since all variables can be easily accessed on the global scope, this allows for simple substitution.

@foo = test

GET https://www.httpbin.org/anything?bar={{foo}}&q={{new Date().toString()}}

TIP

It is possible to create more complex scripts, but this is not recommended and you should use a separate script block instead.

Host

If the url starts with / and a variable host is defined the URL of this host will be pre pended

@host=https://httpbin.org
###
GET /anything?q=1 HTTP/1.1
GET /anything?q=2 HTTP/1.1

Input, Password and QuickPick

Dynamic Variable Resolution with input field, password field or quick pick is supported.


@query = {{$input input app? $value: foo}}
GET https://httpbin.org/json?q={{query}} HTTP/1.1

@query = {{$password input app? $value: foo}}
GET https://httpbin.org/json?q={{query}} HTTP/1.1
@query = {{$pick select app? $value: foo,bar}}

GET https://httpbin.org/anything?q={{query}} HTTP/1.1

OAuth2 / OpenID Connect

The following Open ID Connectopen in new window flows are supported.

  • Authentication (or Basic) Flow with or without PKCE (grant_type = authorization_code)
  • Implicit (or Hybrid) Flow (grant_type = implicit)
  • Resource Owner Password Grant (grant_type = password)
  • Client Credentials Grant (grant_type = client_credentials)
  • Device Authorization Grant (grant_type = device_code)
GET /secured_service
Authorization: openid {{grant_type}} {{prefix}}

TIP

If no grant_type is provided client_credentials flow is used. If no prefix is provided value oauth2 is used.

To configure the flow, the following variables must be specified

variabledescriptionauthorization_codeimplicitpasswordclient_credentialsdevice_code
{{prefix}}_tokenEndpointToken Endpoint URIxxxxx
{{prefix}}_clientIdOAuth 2.0 Client Identifierxxxxx
{{prefix}}_clientSecretOAuth 2.0 Client Secretxxxx-
{{prefix}}_authorizationEndpointAuthorization Endpoint URIxx---
{{prefix}}_redirectUriRedirection URI to which the response is sentx (default: localhost:3000)x (default: localhost:3000)---
{{prefix}}_scopeScopex (default: openid)x (default: openid)xxx
{{prefix}}_resourceResource Indicators (RFC8707)xxxxx
{{prefix}}_responseTyperesponse type of auth server-x (default: code)---
{{prefix}}_audienceaudiencexx---
{{prefix}}_usernameusername--x--
{{prefix}}_passwordpassword--x--
{{prefix}}_keepAliveAccessToken is automatically renewed in the background, if request_token is provided (default: false)x-xx-
{{prefix}}_useAuthorizationHeaderuse Authorization Header for request (default: true)xxxx-
{{prefix}}_usePkceenable PKCE supportx (default: false)----
{{prefix}}_deviceCodeEndpointDevice Code Endpoint URI----x

WARNING

To get the code from the Open ID server, a http server is started for the Authorization Flow and Implicit Flow on port of the redirection Uri (default Port 3000). The server is stopped after receiving the code (delay 2 minutes). You need to configure your OpenId Provider to allow redirectUri as valid redirection uri


@keycloakHost = http://127.0.0.1:8080
@local_tokenEndpoint = {{keycloakHost}}/auth/realms/local/protocol/openid-connect/token
@local_clientId = httpyac
@local_clientSecret = 936DA01F-9ABD-4D9D-80C7-02AF85C822A8
@local_scope = openid profile

GET /secured_service HTTP/1.1
Authorization: openid client_credentials local
@job_clientId=c003a37f-024f-462a-b36d-b001be4cd24a
@job_clientSecret=32a39620-32b3-4307-9aa1-511e3d7f48a8
@job_tokenEndpoint=https://api-con.arbeitsagentur.de/oauth/gettoken_cc
@job_useAuthorizationHeader=false

###

GET https://api-con.arbeitsagentur.de/prod/jobboerse/jobsuche-service/pc/v2/app/jobs?FCT.AKTUALITAET=100&FCT.ANGEBOTSART=ARBEIT
Authorization: oauth2 client_credentials job

It is possible to convert the generated token into a token of another realm using Token Exchangeopen in new window

GET /secured_service HTTP/1.1
Authorization: openid client_credentials local token_exchange realm_auth
Examples
  • .env The following examples use the following values as variables.
oauth2_clientId=httpyac
oauth2_clientSecret=SdGck7R97N64j1Fw07MrU2vRaHTbLnJc
oauth2_tokenEndpoint=http://localhost:8080/realms/demo/protocol/openid-connect/token
oauth2_authorizationEndpoint=http://localhost:8080/realms/demo/protocol/openid-connect/auth
oauth2_deviceCodeEndpoint=http://localhost:8080/realms/demo/protocol/openid-connect/auth/device
oauth2_username=john
oauth2_password=doe

pkce_clientId=httpyac_pkce
pkce_clientSecret=G7cC7pFBmTj2GMHhLNscQBjAx4j8WPD3
pkce_usePkce=true

device_clientId=httpyac_device
device_deviceCodeEndpoint=http://localhost:8080/realms/demo/protocol/openid-connect/auth/device
  • Authorization Code Flow

GET https://httpbin.org/anything
Authorization: oauth2 code
  • Authorization Code Flow with PKCE

GET https://httpbin.org/anything
Authorization: oauth2 code pkce
  • Implicit Flow

GET https://httpbin.org/anything
Authorization: oauth2 implicit
  • Client Credentials Flow

GET https://httpbin.org/anything
Authorization: openid
  • Device Code Flow
GET https://httpbin.org/anything
Authorization: oauth2 device_code device
  • Password Flow

GET https://httpbin.org/anything
Authorization: oauth2 password

AWS Signature v4

AWS Signature v4 authenticates requests to AWS services.

@accessId = doe
@accessKey = 12345678
@token = token
@region = eu-central-1
@service = cognito-idp

###
GET https://cognito-idp.eu-central-1.amazonaws.com HTTP/1.1
Authorization: AWS {{accessId}} {{accessKey}} token:{{token}} region:{{region}} service:{{service}}
GET https://cognito-idp.eu-central-1.amazonaws.com HTTP/1.1
Authorization: AWS {{accessId}} {{accessKey}} token:{{token}}
GET https://cognito-idp.eu-central-1.amazonaws.com HTTP/1.1
Authorization: AWS {{accessId}} {{accessKey}}



SSL Client Certificate

To use SSL Client Certificates, the clientCertificates setting must be set. This contains the certificate to be used for each host. For each host either the certificate/ key or pfx/ passphrase must be maintained.

  • cert: Path of public x509 certificate
  • key: Path of private key
  • pfx: Path of PKCS #12 or PFX certificate
  • passphrase: Optional passphrase for the certificate if required
{
  "clientCertificates": {
    "example.com": {
      "cert": "./client.crt",
      "key": "./client.key"
    },
    "client.badssl.com": {
      "pfx": "./badssl.com-client.p12",
      "passphrase": "badssl.com"
    }
  }
}
GET https://client.badssl.com/ HTTP/1.1

path should be absolute or relative to workspace root

It is also possible to attach the certificate using (X-)ClientCert header. The header will be removed.

GET https://client.badssl.com/ HTTP/1.1
ClientCert: pfx: ./badssl.com-client.p12 passphrase: badssl.com
GET https://client.badssl.com/ HTTP/1.1
X-ClientCert: pfx: ./badssl.com-client.p12 passphrase: badssl.com

Basic Authentication

A support method is provided for using Basic Authentication. Just specify the username and password separated by spaces and the base64 encoding will be applied automatically

@user = doe
@password = 12345678
###
GET /basic-auth/{{user}}/{{password}} HTTP/1.1
Authorization: Basic {{user}} {{password}}

If the username or password contains spaces, a : can be used alternatively.


@user = john doe
@password = 12345678

###
GET /basic-auth/{{user}}/{{password}} HTTP/1.1
Authorization: Basic {{user}}:{{password}}

Digest Authentication

A support method is provided for using Digest Authentication. Just specify the username and password separated by spaces and the digest access authentication will be applied automatically


@host = https://httpbin.org
@user = doe
@password = 12345678

GET /digest-auth/auth/{{user}}/{{password}} HTTP/1.1
Authorization: Digest {{user}} {{password}}

If the username or password contains spaces, a : can be used alternatively.


@host = https://httpbin.org
@user = john doe
@password = 12345678

GET /digest-auth/auth/{{user.replace(' ', '+')}}/{{password}} HTTP/1.1
Authorization: Digest {{user}}:{{password}}

Intellij Dynamic Variables

Intellij dynamic variablesopen in new window are supported.

NameDescription
$uuidgenerates a universally unique identifier (UUID-v4)
$timestampgenerates the current UNIX timestamp
$randomIntgenerates a random integer between 0 and 1000.
GET https://httpbin.org/anything?time={{$timestamp}}&uuid={{$uuid}}&random={{$randomInt}} HTTP/1.1

Rest Client Dynamic Variables

Rest Client dynamic variablesopen in new window are partially supported.

NameDescription
$guidgenerates a universally unique identifier (UUID-v4)
$randomInt min maxgenerates a random integer between min and max.
$timestamp [offset option]generates the current UNIX timestamp
$datetime rfc1123|iso8601|"custom format"|'custom format' [offset option]generates a datetime string in either ISO8601, RFC1123 or a custom display format
$localDatetime rfc1123|iso8601|"custom format"|'custom format' [offset option]generates a local datetime string in either ISO8601, RFC1123 or a custom display format
GET /anything?q={{$guid}} HTTP/1.1

GET /anything?q={{$randomInt 100 200}} HTTP/1.1

GET /anything?q={{$randomInt -100 100}} HTTP/1.1

GET /anything?q={{$randomInt -100 -50}} HTTP/1.1

GET /anything?q={{$randomInt -50 -100}} HTTP/1.1

GET /anything?q={{$timestamp}} HTTP/1.1

GET /anything?q={{$timestamp 2 h}} HTTP/1.1

GET /anything?q={{$datetime rfc1123}} HTTP/1.1

GET /anything?q={{$datetime rfc1123 2 h}} HTTP/1.1

GET /anything?q={{$datetime iso8601}} HTTP/1.1

GET /anything?q={{$datetime iso8601 2 h}} HTTP/1.1

GET /anything?q={{$datetime "DD.MM.YYYY"}} HTTP/1.1

GET /anything?q={{$datetime "DD.MM.YYYY" 2 d}} HTTP/1.1

GET /anything?q={{$datetime 'DD.MM.YYYY'}} HTTP/1.1

GET /anything?q={{$datetime 'DD.MM.YYYY' 3 d}} HTTP/1.1

GET /anything?q={{$localDatetime rfc1123}} HTTP/1.1

GET /anything?q={{$localDatetime rfc1123 2 h}} HTTP/1.1

GET /anything?q={{$localDatetime iso8601}} HTTP/1.1

GET /anything?q={{$localDatetime iso8601 2 h}} HTTP/1.1

GET /anything?q={{$localDatetime "DD.MM.YYYY HH:mm"}} HTTP/1.1

GET /anything?q={{$datetime "DD.MM.YYYY HH:mm" 2 d}} HTTP/1.1

GET /anything?q={{$datetime 'DD.MM.YYYY HH:mm'}} HTTP/1.1

GET /anything?q={{$datetime 'DD.MM.YYYY HH:mm' 3 d}} HTTP/1.1
Last Updated: