String Interpolation Syntax

The string interpolation syntax is designed for configuring authentication objects. It controls data coordinating between the consequent requests and responses.

The syntax allows you to create a template (interpolation string) for the value to be extracted from the specified location. You can only create the template based on the previous authenticated requests and responses.

The interpolation string uses the double curly braces {{ and }} as delimiters and consists of two general parts:

  1. Location of the data to be transformed.
  2. Functions separated by the | operator. The functions support chaining with the same operator.

Format: {{ location | function 1 | function 2 }}

The parts comprise the following components:

Location1. Stage name
2. Source: response
3. Location: url, headers, body

Format: {{ \<stage_name>.<source>.<location> \| <function> }}
Example: {{ stage1.response.headers | <function> }}
Function1. Pipe: get, match, encode
2. Parameter separated from the pipe by a colon

Format: {{ <location> \| <pipe>: <parameter> }}
Example: {{ stage1.response.headers | get: '/Set-Cookie' }}

Example with chained functions: {{ stage1.response.headers | get: '/Set-Cookie' | match: /sid=(.+)/ : 1 }}

Note: The functions are applied in the relevant order. It means that in the example above, the first get will be applied and then match.

Supported pipes


Returns the value associated with the XPath, or undefined if there is none.


  • xpath - xpath string

Format: {{ <location> | get: <xpath> }}

Example: {{ step1.response.headers | get: '/Set-Cookie' }}


Retrieves the result of matching a string against a regular expression.


  • regex - regular expression
  • group - number of the capture group (optional, default 1)

Format: {{ <location> | match: < regex> : <group> }}

Example: {{ step1.response.body | match: /sid=(.+)/ : 1 }}


Encodes the value to some format.


  • format - base64, url or none (optional, default none)

Format: {{ <location> | encode: <format> }}

Example: {{ step1.response.body | encode: 'base64' }}


Inserts an OTP (one-time password) with preconfigured parameters.


  • OTP type - No OTP, Time-based one-time password (TOTP), Hash-based one-time password (HOTP), Google Authenticator (TOTP)
  • Secret key - non-zero length field, string
  • Number of digits - integer, between 1 and 8
  • Token duration - hidden for HOTP, between 1 and 2147483647 (Int32 max)
  • Algorithm - Sha1 (default), Sha256, Sha512

Format: {{otpToken}}
Example: {{otpToken}}

Generating mock data

If you need to generate random data to use it during configuration of an authentication object, you can apply one of the following Faker.js data generators:

  • uuid

    Example: {{ $faker.datatype.number }}

  • number

    Example: {{ <$faker>.datatype.uuid }}