at.request
The at.request namespace is the handle to the outgoing HTTP request. Pre-scripts can mutate it; post-scripts can only read it; lifecycle scripts do not have a request at all and see an empty object.
In a Pre-Script — Mutable
In a pre-script, at.requestgives full read/write access to the outgoing request. Any change you make is applied to the request right before it is sent:
- •at.request.url — the request URL as a string. Read with at.request.url, overwrite with at.request.url = "https://...".
- •at.request.method — the HTTP method as a string. Read-only even in pre-scripts.
- •at.request.headers — a plain object of header key-value pairs. Reading returns a copy; mutating the copy has no effect on the request. Use setHeader and removeHeader instead.
- •at.request.body — the raw request body string. When the request has no body, main-engine scripts see undefined and load test step scripts see null — use a loose check like if (at.request.body) if you need to handle both. Overwrite with at.request.body = "...".
- •at.request.setHeader(key, value) — adds a new header or overwrites an existing one.
- •at.request.removeHeader(key) — removes a header.
In a Post-Script — Read-Only
In a post-script, at.requestreflects the request that was actually sent — after variables were resolved and any pre-script mutations were applied. All the getters above still work, but writes have no effect:
- •Assignments to at.request.url and at.request.body are silently ignored — the setters exist but do nothing.
- •Main-engine scripts (standalone, project, flow): at.request.setHeader and at.request.removeHeader are not defined on the post-script at.request object. Calling them throws TypeError: at.request.setHeader is not a function and fails the post-script. Just do not call them from a post-script.
- •Load test step scripts (Boa engine): setHeader and removeHeader are defined on the post-script at.request but silently no-op, for parity with the pre-script surface.
Either way, the post-script cannot change the outgoing request — by the time it runs, the request has already left the machine and the response is in hand. Use the post-script to look at what was sent and decide what to do with the response, not to try to re-shape the request.
In a Lifecycle Script — Empty
Before All and After All scripts run outside the context of any specific request, so at.requestis a literal empty object — no url, no method, no headers, no setHeader. Reading any property returns undefined, and calling setHeader or removeHeader from lifecycle scope throws TypeError: at.request.setHeader is not a function. If you need to shape a single request, put the code in that request's pre-script rather than in Before All.
Example — Dynamic Request Modification
Pre-script (main-engine — standalone, project, or flow step; crypto.randomUUID() is a WebView global and is not available in load test stepscripts):
// Add an authorization header from the environment.
const token = at.environment.get("auth_token");
if (token) {
at.request.setHeader("Authorization", "Bearer " + token);
}
// Attach a unique request ID.
at.request.setHeader("X-Request-Id", crypto.randomUUID());
// Swap the URL for a different host based on the environment.
const baseUrl = at.environment.get("base_url");
if (baseUrl) {
at.request.url = baseUrl + "/api/v2/users";
}
// Remove a debug header before sending.
at.request.removeHeader("X-Debug");