How to Write Scripts to Validate API Response Data

When you’re testing APIs inside an API client, sending the request is only half the job. The real question is: did the response actually match what you expected?

That’s where post-response scripts come in.

A post script runs immediately after the API response is received. You can use it to validate status codes, check response structure, confirm required fields, and fail fast if something looks wrong. Instead of manually inspecting every response, you let the script do the checking for you.

Why Use Post-Response Scripts?

Manually scanning JSON works for quick debugging. It doesn’t scale.

Post scripts help you:

• Catch contract changes early
• Validate required fields automatically
• Confirm response types and formats
• Verify error handling
• Prevent silent test failures
• Reuse validation logic across requests

If something breaks, you know immediately.

Basic Response Validation Example

Let’s say your API should:

1. Return status 200
2. Contain a user object
3. Include an items array

Here’s a simple validation script:

rq.test("Status code is 200", () => {
  rq.response.to.have.status(200);
});

rq.test("Response is valid JSON", () => {
  rq.response.to.have.jsonBody();
});

rq.test("Response body contains a 'user' object", () => {
  rq.response.to.have.jsonBody("user");
});

rq.test("Response body contains an 'items' array", () => {
  rq.response.to.have.jsonBody("items");
  const body = rq.response.json();
  rq.expect(body.items).to.be.an("array");
});

If the response structure changes unexpectedly, you’ll know instantly.

Validating JSON Structure

When validating an API response, the goal is to ensure the entire structure matches the expected contract. Schema validation verifies that the response is valid JSON, all required properties are present, each property has the expected data type.

Example API response:

{
  "status": 200,
  "success": true,
  "data":{
    "id": 123,
    "name": "John Doe",
    "email": "[email protected]",
    "role": "admin"
  }
}

Post-response validation script:

rq.test("Response body matches expected JSON schema", () => {
  rq.response.to.have.jsonSchema({
    type: "object",
    required: ["status", "success", "data"],
    properties: {
      status: { type: "number" },
      success: { type: "boolean" },
      data: {
        type: "object",
        required: ["id", "name", "email", "role"],
        properties: {
          id: { type: "number" },
          name: { type: "string" },
          email: { type: "string", format: "email" },
          role: { type: "string" }
        },
        additionalProperties: false
      }
    },
    additionalProperties: false
  });
});

Validating Error Responses

Testing only success cases is a mistake. Your API should fail correctly too.

Assume your API returns this when validation fails:

{
   "message": "Unauthorized",
   "error": "Invalid token"
}

Validation script:

rq.test("Status code is 401 Unauthorized", () => {
  rq.response.to.have.status(401);
});

rq.test("401 response body has 'error' and 'message' properties", () => {
  const data = rq.response.json();

  rq.expect(data).to.have.property("error");
  rq.expect(data.error).to.be.a("string");
  rq.expect(data).to.have.property("message");
  rq.expect(data.message).to.equal("Unauthorized");
});

Debugging Tips

If your validation isn’t behaving as expected:

1. Log the raw responseconsole.log(responseBody);
2. Log formatted JSONconsole.log(JSON.stringify(data, null, 2));
3. Confirm the API actually returns valid JSON before parsing
4. Double-check that your rule matches the correct request

Most issues come from incorrect assumptions about the response shape.

When This Approach Makes Sense

Use response scripts in Requestly when:

1. You’re debugging frontend integration
2. You want quick contract validation
3. You’re mocking APIs during development
4. You need to simulate edge cases
5. You want fast, browser-level verification

For heavy automation or load testing, you’ll need dedicated tooling. But for real-time frontend debugging and contract checks, this approach is simple and effective.

Final Thoughts

Validating API responses is about preventing silent failures. Start small:

1. Check status codes
2. Validate required fields
3. Confirm data types

Add complexity only when you actually need it.

If you share a sample API response, I can write a validation script tailored specifically to your endpoint.