Bird
Raised Fist0
Postmantesting~20 mins

Token management in variables in Postman - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Token Mastery in Postman
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Token Storage Scope in Postman

In Postman, you want to store an authentication token so it is available only during the current session and not saved permanently. Which variable scope should you use?

AEnvironment variable
BTemporary variable (using pm.variables.set())
CCollection variable
DGlobal variable
Attempts:
2 left
💡 Hint

Think about which variable scope does not persist after the session ends.

Predict Output
intermediate
2:00remaining
Output of Token Retrieval from Environment Variable

Given this Postman test script snippet, what will be the console output if the environment variable authToken is not set?

Postman
const token = pm.environment.get('authToken');
console.log(token ?? 'No token found');
Aundefined
Bnull
CNo token found
DError: Variable not found
Attempts:
2 left
💡 Hint

Consider what the nullish coalescing operator ?? does when the variable is undefined.

assertion
advanced
2:00remaining
Correct Assertion for Token Presence in Global Variable

Which assertion correctly verifies that a global variable accessToken exists and is a non-empty string in Postman test scripts?

Apm.expect(pm.globals.get('accessToken')).to.be.a('string').and.not.empty;
Bpm.expect(pm.globals.get('accessToken')).to.be.ok.and.to.have.length.above(0);
Cpm.expect(pm.globals.get('accessToken')).to.exist.and.not.equal('');
Dpm.expect(pm.globals.get('accessToken')).to.be.a('string').and.not.undefined;
Attempts:
2 left
💡 Hint

Check which assertion chain correctly tests type and non-empty string.

🔧 Debug
advanced
2:00remaining
Debugging Token Expiry Handling in Pre-request Script

Consider this pre-request script snippet that refreshes a token if expired. What is the main reason this script might fail to update the token properly?

const expiry = pm.environment.get('tokenExpiry');
const now = Date.now();
if (now > expiry) {
  pm.sendRequest({
    url: 'https://api.example.com/refresh',
    method: 'POST',
    header: { 'Content-Type': 'application/json' },
    body: { mode: 'raw', raw: JSON.stringify({ refreshToken: pm.environment.get('refreshToken') }) }
  }, (err, res) => {
    if (!err && res.code === 200) {
      const json = res.json();
      pm.environment.set('authToken', json.token);
      pm.environment.set('tokenExpiry', Date.now() + json.expiresIn * 1000);
    }
  });
}
AThe pm.environment.set calls are inside the callback and will not persist after the script finishes.
BThe tokenExpiry variable is stored as a string and cannot be compared with now (number).
CThe refreshToken is not included in the request body correctly, causing the refresh to fail.
DThe asynchronous pm.sendRequest callback does not block the request, so the token is not updated before the main request runs.
Attempts:
2 left
💡 Hint

Think about how asynchronous calls affect the timing of variable updates in Postman scripts.

framework
expert
3:00remaining
Designing a Secure Token Management Strategy in Postman Collections

You want to design a Postman collection that securely manages tokens for multiple environments, automatically refreshes tokens when expired, and avoids token leakage in logs. Which approach best meets these requirements?

AStore tokens in environment variables, refresh tokens in pre-request scripts using pm.sendRequest, and disable console logging of tokens.
BStore tokens in global variables, refresh tokens manually before running requests, and use console.log to verify tokens.
CStore tokens in collection variables, refresh tokens in test scripts after requests, and avoid logging tokens anywhere.
DStore tokens in environment variables, refresh tokens in pre-request scripts with synchronous calls, and mask tokens in console logs.
Attempts:
2 left
💡 Hint

Consider variable scope, automation of refresh, and security best practices.

Practice

(1/5)
1. In Postman, why is it useful to store an authentication token in an environment variable?
easy
A. To make the token visible to all users of the Postman app
B. To encrypt the token for security
C. To automatically refresh the token without any scripting
D. To reuse the token across multiple requests without re-authenticating each time

Solution

  1. Step 1: Understand token reuse in Postman

    Storing a token in an environment variable allows multiple requests to access it easily without needing to get a new token each time.

  2. Step 2: Evaluate other options

    Making the token visible to all users or automatic refresh without scripting is not true by default. Encryption is not automatic either.

  3. Final Answer:

    To reuse the token across multiple requests without re-authenticating each time -> Option D

  4. Quick Check:

    Token reuse = B [OK]
Hint: Tokens stored in variables enable reuse across requests [OK]
Common Mistakes:
  • Thinking tokens auto-refresh without scripts
  • Assuming variables encrypt tokens automatically
  • Believing tokens are shared with all users by default
2. Which of the following is the correct way to set a token value to an environment variable in Postman test script?
easy
A. pm.environment.set('token', response.token);
B. pm.setEnvironmentVariable('token', response.token);
C. pm.environment.token = response.token;
D. pm.variables.set('token', response.token);

Solution

  1. Step 1: Identify the current Postman syntax for setting environment variables

    The correct method is pm.environment.set('variableName', value) in Postman scripts.

  2. Step 2: Check other options for correctness

    pm.setEnvironmentVariable is deprecated, direct assignment is invalid, and pm.variables.set sets local variables, not environment variables.

  3. Final Answer:

    pm.environment.set('token', response.token); -> Option A

  4. Quick Check:

    Use pm.environment.set() to set env variables [OK]
Hint: Use pm.environment.set('name', value) to set env variables [OK]
Common Mistakes:
  • Using deprecated pm.setEnvironmentVariable method
  • Trying to assign variables directly like pm.environment.token
  • Confusing local and environment variables
3. Given this Postman test script snippet after a login request:
let jsonData = pm.response.json();
pm.environment.set('authToken', jsonData.token);

What will be the value of {{authToken}} in the next request if the response JSON is {"token": "abc123"}?
medium
A. null
B. undefined
C. "abc123"
D. pm.response.json()

Solution

  1. Step 1: Extract token from response JSON

    The script gets the token value "abc123" from the response JSON using pm.response.json().token.

  2. Step 2: Set environment variable 'authToken'

    The token value "abc123" is stored in the environment variable 'authToken' using pm.environment.set.

  3. Final Answer:

    "abc123" -> Option C

  4. Quick Check:

    Stored token = "abc123" [OK]
Hint: Stored token equals JSON token value from response [OK]
Common Mistakes:
  • Assuming variable is undefined if not explicitly declared
  • Confusing variable name with function call
  • Expecting null instead of actual token string
4. You wrote this test script to save a token:
let jsonData = pm.response.json();
pm.environment.set('token', jsonData.authToken);

But the token is not saved. What is the most likely reason?
medium
A. You must use pm.variables.set instead
B. The response JSON does not have a key named 'authToken'
C. pm.environment.set is deprecated and does not work
D. Tokens cannot be saved in environment variables

Solution

  1. Step 1: Check the JSON key used in script

    The script tries to access jsonData.authToken, so the response must have that key.

  2. Step 2: Verify if the response JSON contains 'authToken'

    If the response uses a different key like 'token', jsonData.authToken will be undefined and nothing is saved.

  3. Final Answer:

    The response JSON does not have a key named 'authToken' -> Option B

  4. Quick Check:

    Key mismatch causes undefined token [OK]
Hint: Check JSON key names match exactly in script [OK]
Common Mistakes:
  • Assuming pm.environment.set is deprecated
  • Using pm.variables.set for environment variables
  • Believing tokens can't be saved in environment variables
5. You want to automatically refresh an expired token in Postman by chaining requests. Which approach correctly manages the token variable for reuse?
hard
A. Use a pre-request script in all requests to check token expiry and request a new token if expired, then update the environment variable
B. Manually update the token variable in Postman UI before each request
C. Store the token in a global variable and never update it
D. Hardcode the token in the request headers and do not use variables

Solution

  1. Step 1: Understand token expiry handling

    Tokens expire, so scripts must check expiry and refresh tokens automatically to avoid failures.

  2. Step 2: Use pre-request scripts to automate token refresh

    Pre-request scripts can check if the token is expired and call the authentication endpoint to get a new token, then update the environment variable.

  3. Step 3: Evaluate other options

    Manual updates are error-prone, global variables without updates cause failures, and hardcoding tokens is insecure and inflexible.

  4. Final Answer:

    Use a pre-request script in all requests to check token expiry and request a new token if expired, then update the environment variable -> Option A

  5. Quick Check:

    Automate token refresh with pre-request scripts [OK]
Hint: Automate token refresh in pre-request scripts [OK]
Common Mistakes:
  • Relying on manual token updates
  • Using global variables without refresh logic
  • Hardcoding tokens in requests