Challenge - 5 Problems

🎖️

Token Mastery in Postman

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Understanding Token Storage Scope in Postman

In Postman, you want to store an authentication token so it is available only during the current session and not saved permanently. Which variable scope should you use?

AEnvironment variable

BTemporary variable (using pm.variables.set())

CCollection variable

DGlobal variable

Attempts:

2 left

❓ Predict Output

intermediate

2:00remaining

Output of Token Retrieval from Environment Variable

Given this Postman test script snippet, what will be the console output if the environment variable authToken is not set?

Postman

const token = pm.environment.get('authToken');
console.log(token ?? 'No token found');

Aundefined

Bnull

CNo token found

DError: Variable not found

Attempts:

2 left

❓ assertion

advanced

2:00remaining

Correct Assertion for Token Presence in Global Variable

Which assertion correctly verifies that a global variable accessToken exists and is a non-empty string in Postman test scripts?

Apm.expect(pm.globals.get('accessToken')).to.be.a('string').and.not.empty;

Bpm.expect(pm.globals.get('accessToken')).to.be.ok.and.to.have.length.above(0);

Cpm.expect(pm.globals.get('accessToken')).to.exist.and.not.equal('');

Dpm.expect(pm.globals.get('accessToken')).to.be.a('string').and.not.undefined;

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Debugging Token Expiry Handling in Pre-request Script

Consider this pre-request script snippet that refreshes a token if expired. What is the main reason this script might fail to update the token properly?

const expiry = pm.environment.get('tokenExpiry');
const now = Date.now();
if (now > expiry) {
  pm.sendRequest({
    url: 'https://api.example.com/refresh',
    method: 'POST',
    header: { 'Content-Type': 'application/json' },
    body: { mode: 'raw', raw: JSON.stringify({ refreshToken: pm.environment.get('refreshToken') }) }
  }, (err, res) => {
    if (!err && res.code === 200) {
      const json = res.json();
      pm.environment.set('authToken', json.token);
      pm.environment.set('tokenExpiry', Date.now() + json.expiresIn * 1000);
    }
  });
}

AThe pm.environment.set calls are inside the callback and will not persist after the script finishes.

BThe tokenExpiry variable is stored as a string and cannot be compared with now (number).

CThe refreshToken is not included in the request body correctly, causing the refresh to fail.

DThe asynchronous pm.sendRequest callback does not block the request, so the token is not updated before the main request runs.

Attempts:

2 left

❓ framework

expert

3:00remaining

Designing a Secure Token Management Strategy in Postman Collections

You want to design a Postman collection that securely manages tokens for multiple environments, automatically refreshes tokens when expired, and avoids token leakage in logs. Which approach best meets these requirements?

AStore tokens in environment variables, refresh tokens in pre-request scripts using pm.sendRequest, and disable console logging of tokens.

BStore tokens in global variables, refresh tokens manually before running requests, and use console.log to verify tokens.

CStore tokens in collection variables, refresh tokens in test scripts after requests, and avoid logging tokens anywhere.

DStore tokens in environment variables, refresh tokens in pre-request scripts with synchronous calls, and mask tokens in console logs.

Attempts:

2 left