🌐 Connection
baseUrl
Base URL for all requests. Used with
{{baseUrl}} in request URLs.Default:""
// hephaestus.defaults { "baseUrl": "https://api.example.com" } // per-request override (different server) const override = { baseUrl: "https://auth.example.com" };
defaultProtocol
Auto-prepended if
baseUrl has no protocol. Values: https | http.Default:"https"
httpshttp
✅ Response Validation
expectedStatus
Expected HTTP status codes. Request passes if response code is in the list. Use for negative testing (e.g. assert 400).
Default:[200, 201, 202]
// Single status const override = { expectedStatus: 204 }; // Multiple statuses const override = { expectedStatus: [200, 201] }; // Negative testing const override = { expectedStatus: 422 };
contentType
Expected response content type. Determines how the body is parsed.
Default:"json"
jsonxmltext
expectEmpty
Set to
true for requests that return an empty body (e.g. 204 No Content). Skips body parsing.Default:false
const override = { expectedStatus: 204, expectEmpty: true };
maxResponseTime
Maximum allowed response time in milliseconds. Fails the test if response takes longer.
Default:1000
const override = { maxResponseTime: 3000 }; // 3 seconds
🔐 Authentication
auth.enabled
Master switch for authentication. When
false, the auth block is ignored entirely.Default:false
auth.type
Authentication mechanism to use. Each type has its own sub-config keys.
nonebasicbearerheadersvariablesoauth2cc
// Basic auth const override = { auth: { enabled: true, type: "basic", user: "{{login}}", pass: "{{password}}" } }; // Bearer const override = { auth: { enabled: true, type: "bearer", token: "{{prod.token}}" } }; // OAuth2 client_credentials — auto-refresh const override = { auth: { enabled: true, type: "oauth2cc", oauth2cc: { tokenUrl: "https://auth.example.com/oauth/token", clientId: "{{oauth_client_id}}", clientSecret: "{{oauth_client_secret}}", scope: "api:read api:write" } } };
📅 Date Utilities
dateFormat
Format string for
{{currentDate}} and custom date variables. Tokens: yyyy MM dd hh mm ss.Default:"yyyy-MM-dd"
yyyy-MM-dddd.MM.yyyyyyyy-MM-dd'T'hh:mm:ss
Built-in variables (always available): {{currentDate}}, {{monthsAgo1}}, {{monthsAgo3}}, {{monthsAgo6}}, {{monthsAgo12}}
dates
Custom date variables computed at request time. Expressions:
today, today+7d, today-1m, startOfMonth, etc.const override = { dates: { "dateFrom": "startOfMonth", "dateTo": "endOfMonth", "nextWeek": "today+7d", } }; // Use {{dateFrom}}, {{dateTo}}, {{nextWeek}} in request URL/body
Expressions: today · yesterday · tomorrow · startOfMonth · endOfMonth · startOfNextMonth · startOfPrevMonth · startOfYear · today±Nd · today±Nw · today±Nm · today±Ny
🔬 Assertions
assertions
Shorthand map of JSONPath assertions. Operators per field:
exists, absent, eq, ne, gt/gte/lt/lte, type, minLen/maxLen, includes, matches, soft, when.const override = { assertions: { "data.id": { exists: true }, "data.status": { eq: "active" }, "data.count": { gte: 1, lte: 100 }, "data.items": { type: "array", minLen: 1 }, "data.email": { matches: "@" }, "meta.error": { absent: true }, "data.token": { exists: true, soft: true }, "data.extra": { exists: true, when: "ctx.api.status === 200" }, } };
assertEach
Validates every element of an array against a rule set. Same operators as
assertions map. Violations are aggregated into a single test.const override = { assertEach: { path: "data.items", minCount: 1, maxCount: 100, rules: { "id": { type: "number", gt: 0 }, "status": { eq: "active" }, "email": { matches: "@", soft: true }, } } };
assertShape
Quick structural type check — one line per field. Types:
string | number | boolean | object | array | null | any | absent.const override = { assertShape: { "data": "object", "data.id": "number", "data.name": "string", "data.items": "array", "data.active": "boolean", "meta": "any", // exists, any type "error": "absent", // must NOT be present } };
assertOrder
Asserts an array is sorted by a given field. Checks consecutive pairs.
const override = { assertOrder: { path: "data.items", by: "createdAt", direction: "desc", // "asc" | "desc" type: "date" // "string" | "number" | "date" } };
keysToFind
Array of field checks with optional
expect, transform, filter, ignoreCase, soft, when.const override = { keysToFind: [ { path: "data.id", name: "User ID" }, { path: "data.status", expect: "active" }, { path: "data.score", expect: v => v >= 0 }, { path: "data.role", soft: true, when: "ctx.api.status !== 404" }, ] };
varsToSave
Extract values from response and save to Postman variables.
const override = { varsToSave: { token: { path: "data.accessToken", scope: "collection", name: "prod.token" }, userId: { path: "data.user.id", scope: "environment", name: "USER_ID" }, } };
Scope values: collection (default) · environment · local
📨 Header Assertions
assertHeaders
Assert response headers — existence, content match, exact value, absence, or custom predicate.
const override = { assertHeaders: [ { name: "X-Request-Id" }, // exists { name: "Content-Type", expect: "application/json" }, // contains { name: "X-Version", equals: "v2" }, // exact { name: "X-Deprecated", absent: true }, // must be absent { name: "X-Rate-Limit", label: "Rate limit > 0", expect: v => Number(v) > 0 }, // predicate ] };
📸 Snapshot Regression
snapshot
Regression testing by comparing responses against saved baselines. Baseline saved automatically on first run.
const override = { snapshot: { enabled: true, mode: "non-strict", // "strict" | "non-strict" autoSaveMissing: true, // save on first run checkPaths: ["data.status", "data.items[*].id"], ignorePaths: ["data.timestamp", "data.requestId"], } };
strict — full deep-equal comparison (with ignorePaths). non-strict — all baseline keys must be present in current response (allows new keys).
Stored in hephaestus.snapshots collection variable. View with Snapshot Viewer or 📋 snapshot-view request.
🔬 JSON Schema Validation
schema
Validate response body against a JSON Schema (draft-07) using the built-in
tv4 library.const override = { schema: { enabled: true, definition: { type: "object", required: ["id", "status"], properties: { id: { type: "number" }, status: { type: "string", enum: ["active", "inactive"] }, } } } };
🧩 Plugin System
hephaestus.plugins (collection variable)
JSON array of plugin descriptors. Each plugin is a self-contained JS function executed after the main pipeline. See docs/plugins/ for ready-to-use examples.
// Set in collection Pre-request Script: pm.collectionVariables.set('hephaestus.plugins', JSON.stringify([ { name: 'slack-notifier', code: pm.collectionVariables.get('hephaestus.plugin.slack') }, { name: 'custom-assertions', code: pm.collectionVariables.get('hephaestus.plugin.custom') }, ])); // Plugin receives (ctx) with: // ctx.api.body, ctx.api.status, ctx.api.headers, ctx.api.responseTime // ctx.config, ctx.request, ctx.iteration, ctx._meta
🔒 Security & CI
envRequired
List of environment variable names that must be set before the request fires. Prevents cryptic failures from empty variables.
Default:[]
// In hephaestus.defaults (all requests): { "envRequired": ["BASE_URL", "OAUTH_CLIENT_ID"] } // Per-request override: const override = { envRequired: ["PAYMENT_API_KEY"] };
secrets
List of key substrings to mask in logs. Any variable whose name contains one of these strings is replaced with
*** in console output.Default:["token", "password", "pass", "secret", "key", "authorization", "session"]
ci
When
true, emits a structured [HEPHAESTUS_CI] {json} line to console after each request. Used by scripts/ci-to-junit.js and CI pipelines.Default:false
// Enable in defaults for CI runs: { "ci": true } // Or via Newman --env-var: newman run col.json --env-var ci=true