Print

API Modelling – Request Modelling and Post Action Steps

Once you have imported a host into JOSF and understand how the API Definition tree works, you can start modelling your individual API requests. Each request defines what data is sent to the API, how it is sent, and what happens after it is executed. This page explains the request editor in detail and introduces post action steps.

Request Editing Overview

When you open a request, you will find several main areas:

  • API Request: where you edit the main values of your request.
  • Post Action Steps: where you define what actions will be performed directly after the request is sent.
  • Input Variables ($): used to manage input parameters.
  • Reference Overview: shows references or usages of your request within your project.

Requests represent the actual calls that are sent to your API. Each request can contain the following sections:

  • Body
  • Authorization
  • Parameters
  • Headers
  • Cookies

When you create a request from an imported service definition, JOSF automatically fills in the fields required by that definition, such as headers, parameters, or body structures.

You can also identify which tabs contain data by looking for the orange dot next to them.

Body

The Body tab contains the data that will be sent to the API.
Depending on the API type, the body can contain JSONXML, or another valid content type.
You can select the desired content type from the dropdown menu in JOSF.

For example:

{
  "id": 10,
  "name": "John Doe"
}

This body will be sent as part of a POST or PUT request to the target endpoint.

Authorization

JOSF supports three authentication methods for API requests:

  1. Authentication via Host
    You can define authentication details directly at the Host level (from the Host details menu).
    Any request that uses this host will automatically use these credentials.
    This ensures that you only need to configure authentication once, even if multiple requests share the same host.
  2. Basic Authentication
    Select Basic Authentication from the Authorization tab and provide your username and password.
    These credentials will be encoded and included in the request header.
  3. NTLM Authentication
    For services that require Windows-based authentication, JOSF supports NTLM Authentication.
    NTLM can also be set from the Authorization tab and will authenticate the request using the configured credentials.

If your API requires Bearer Authentication, you can manually add it as a header:

Key: Authorization
Value: Bearer <token>

Replace <token> with the actual token value.
How this token is obtained depends on your application or login flow.

Parameters

Parameters are the query parameters appended to your URL.
For example, in this request:

http://www.my-api-service.com/api/user?id=10

The key is id and the value is 10.

You can add a new parameter in JOSF with:

Key: id
Value: 10

These parameters will automatically be appended to your request URL.

Headers

Headers define additional metadata sent along with your request.
They can include content type, authorization, or any custom headers required by your API.

Examples:

Key: Content-Type
Value: application/json
Key: X-Request-ID
Value: 12345

Cookies

The Cookies tab allows you to define cookie data to be sent with the request.
This is typically used when APIs rely on session-based authentication or tracking.

Variables

JOSF allows the use of variables in any request field.
Variables make it easy to reuse requests across multiple test cases.
When a variable is present but not yet set, JOSF will ask you to provide its value during execution.

Example usage:

Key: userId
Value: ${user_id}

At runtime, JOSF will replace ${user_id} with the defined value.

Responses

After executing a request, the Response section appears.
It mirrors the same structure as the request:

  • Body
  • Authorization
  • Parameters
  • Headers
  • Cookies

Within the Body tab, you can query the response content.
JOSF supports:

  • XPath for XML responses
  • JSONPath for JSON responses

This allows you to extract or verify specific data from the response.

Post Action Steps

Post action steps are actions that are performed immediately after your API request has been sent.
They allow you to build small automation flows directly attached to your request.

Think of it as a grouped action:

  1. The API request is executed.
  2. The post actions are then performed in sequence.

This is especially useful for:

  • Extracting tokens from an authentication response.
  • Validating if the API returned a specific status code.
  • Saving response data for use in subsequent requests.

Each post action can perform a specific operation, such as reading a value from the response, performing a validation, or storing data into a variable for later use.

More detailed descriptions of each post action type will follow in the next blog post.

Summary

  • Requests define how JOSF communicates with your API.
  • Each request contains body, headers, parameters, cookies, and authorization details.
  • You can use variables anywhere in a request for dynamic data.
  • Responses show the full result of the call, and you can query or extract values using XPath or JSONPath.
  • Post action steps let you define follow-up logic right after execution.

Next topic: Available API Actions.

In this document