Skip to content

Environment and authentication variables in the Postman collection are not being set properly via scripts. #62

New issue
New issue
Open
Open
Environment and authentication variables in the Postman collection are not being set properly via scripts.#62
@zyr1on

Description

@zyr1on
zyr1on
opened on Jul 29, 2025

Hi,

The imported vApi configurations in Postman are not working properly.
The first thing you need to do is select a specific environment from the top-right corner of Postman.
Then, navigate to the Environments section in the left sidebar, double-click on the desired environment, click the three dots on the right side, and choose Set Active to activate it.

Another issue is in the Scripts tab — some scripts are not compatible with the latest versions of Postman.
For example, the function postman.setEnvironmentVariable() is deprecated and may not work as expected. Instead, you should use the updated method: pm.environment.set().

Here is a working example script for api1

let jsonData = pm.response.json(); // changed
let api1_id = jsonData.id;
console.log("API 1 User ID : " + api1_id);

pm.environment.set("api1_id", api1_id); // changed

let requestBody = pm.request.body.raw; // changed
let reqData = JSON.parse(requestBody);

let api1_username = reqData.username;
let api1_password = reqData.password;

let api1_auth = btoa(api1_username + ":" + api1_password); //base64 encode of "username:password"
console.log("API 1 Auth : " + api1_auth);

pm.environment.set("api1_auth", api1_auth); // changed

In this script, the username and password are combined in the format username:password, converted into Base64, and saved to the environment as api1_auth.

You can view the output by going to View > Show Postman Console.

After completing these steps, the variable api1_auth should be set in the environment.

If you want to use Burp Suite for testing without enabling Postman's default proxy, open Burp Suite first. Then, in Postman, go to File > Settings > Proxy, enable "Use custom proxy", and configure it to match Burp Suite's proxy settings. This will allow you to run requests through Burp Suite for inspection and testing.

example get request

GET /vapi/api1/user/10 HTTP/1.1
Authorization-Token: dGVzdDEyMzQ6dGVzdDEyMzQ=
Content-Type: application/json
User-Agent: PostmanRuntime/7.44.1
Accept: */*
Host: 0.0.0.0:8000
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

In the header line
Authorization-Token: dGVzdDEyMzQ6dGVzdDEyMzQ=,
if you decode the value "dGVzdDEyMzQ6dGVzdDEyMzQ=",
it becomes:
test1234:test1234.

And no need for postman token.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions