What Are Pre-request Scripts?
A pre-request script is a block of JavaScript that Postman executes immediately before it sends a request, running inside a sandboxed environment that exposes the pm API. You write it in the request's 'Pre-request Script' tab (or at the collection or folder level), and it runs every time that request fires, letting you compute values, set variables, or modify the outgoing request just-in-time rather than hardcoding them.
Cricket analogy: A fielding captain like Rohit Sharma repositions slips right before a Bumrah delivery based on the batter facing it, rather than fixing the field for the whole innings in advance.
Setting Variables and Computing Values
The most common use of a pre-request script is calling pm.environment.set() or pm.collectionVariables.set() to write a freshly computed value into a variable that the request can then reference with {{variableName}}. This is essential for anything time-sensitive, like generating a timestamp or a random nonce for a signed request, since those values must be computed at the moment of sending, not baked into the collection ahead of time.
Cricket analogy: A scorer notes the exact over and ball number before logging a wicket, so downstream stats like strike rate always reference a freshly computed value rather than a stale one.
// Pre-request Script tab
const timestamp = Date.now().toString();
const nonce = Math.random().toString(36).substring(2, 15);
pm.environment.set('request_timestamp', timestamp);
pm.environment.set('request_nonce', nonce);
const secret = pm.environment.get('api_secret');
const method = pm.request.method;
const body = pm.request.body ? pm.request.body.raw : '';
const stringToSign = `${method}\n${timestamp}\n${nonce}\n${body}`;
const signature = CryptoJS.HmacSHA256(stringToSign, secret).toString(CryptoJS.enc.Hex);
pm.request.headers.upsert({
key: 'X-Signature',
value: signature
});Pre-request scripts can be attached at three levels — collection, folder, and request — and Postman always runs them outer-to-inner: collection first, then folder, then the individual request's own script, all completing before the request leaves the client.
Modifying the Outgoing Request
Beyond just setting variables, a pre-request script can directly read and modify the pm.request object before it's sent — adjusting headers, the URL, or the body. This is how you build fully dynamic requests, such as adding a computed Authorization header, appending a signed timestamp as a query parameter, or rewriting part of the JSON body based on logic that shouldn't live in the static request editor.
Cricket analogy: A captain like Eoin Morgan changes the bowling order and field on the fly based on how the pitch behaves, rather than sticking rigidly to a fixed pre-match plan.
The Postman sandbox is not full Node.js — there's no filesystem access or arbitrary npm packages, only a curated set of libraries like CryptoJS and lodash. Also, calls like pm.sendRequest are asynchronous and use a callback; script execution does not pause and wait for them to resolve before continuing.
- Pre-request scripts run in the Pre-request Script tab and execute before Postman sends the request.
- They run inside a JS sandbox exposing the pm API — not full Node.js.
- Use pm.environment.set, pm.collectionVariables.set, or pm.variables.set to inject dynamic values.
- Common uses: timestamps, nonces, HMAC signatures, and auth tokens computed just-in-time.
- pm.request lets you read and mutate headers, URL, and body before the request is dispatched.
- Execution order is collection then folder then request, all completing before the request fires.
Practice what you learned
1. Where do you write a pre-request script in Postman?
2. What environment does a Postman pre-request script run in?
3. If a collection, a folder, and a request all have pre-request scripts, what order do they run in?
4. Which method would you use in a pre-request script to store a computed timestamp for use later in the request?
5. Why might you use a pre-request script to compute an HMAC signature?
Was this page helpful?
You May Also Like
Test Scripts Basics with pm.test()
How to write assertions in Postman's Tests tab using pm.test() and pm.expect() to automatically validate API responses.
The pm API: Request, Response, and Environment
A tour of Postman's core pm object — pm.request, pm.response, and pm.environment — the JavaScript API used in both pre-request and test scripts.
Dynamic Variables and Faker Data
How to use Postman's built-in dynamic variables like {{$guid}} and {{$randomEmail}} to generate realistic fake data on every request.
Chaining Requests with Extracted Data
How to pass data from one Postman request's response into the next request by extracting values in a test script and storing them as variables.