HTTP REQUESTS

Headers and Cookies

Set HTTP headers and cookies using individual or bulk assignment methods with automatic cookie management and authentication pattern support.

Core Keywords

header - Set individual HTTP headers for requests
headers - Set multiple headers at once using JSON
cookie - Set individual cookies for requests
cookies - Set multiple cookies at once using JSON
configure headers - Set headers globally for all requests in a feature

Keywords

Set individual headers for API requests:

Gherkin
Feature: HTTP headers

Background:
  * url 'https://jsonplaceholder.typicode.com'

Scenario: Basic authentication header
  Given path 'users'
  And header Authorization = 'Bearer abc123token'
  And header Accept = 'application/json'
  When method get
  Then status 200

Content-Type Auto-Setting

Karate automatically sets the Content-Type header based on your request data type (JSON, XML, form data). You rarely need to set it manually.

Set individual cookies for requests:

Gherkin
Scenario: Basic cookie usage
  Given url 'https://httpbin.org'
  And path 'cookies'
  And cookie sessionId = 'abc123'
  And cookie theme = 'dark'
  When method get
  Then status 200

Automatic Cookie Management

Cookies returned in HTTP responses are automatically included in all subsequent requests. To disable this behavior:

* configure cookies = null

See the responseCookies variable for assertions on cookie values.

Authentication Headers

Gherkin
Scenario: Bearer token authentication
  * def authToken = 'my-secret-token'
  Given url 'https://jsonplaceholder.typicode.com'
  And path 'users'
  And header Authorization = 'Bearer ' + authToken
  When method get
  Then status 200

Content Negotiation

Gherkin
Scenario: Accept header
  Given url 'https://jsonplaceholder.typicode.com'
  And path 'posts'
  And header Accept = 'application/json'
  And request { title: 'New Post', body: 'Content', userId: 1 }
  When method post
  Then status 201

Custom Headers

Gherkin
Scenario: Custom application headers
  * def requestId = karate.uuid()
  Given url 'https://httpbin.org'
  And path 'get'
  And header X-Client-Version = '2.1.0'
  And header X-Request-ID = requestId
  When method get
  Then status 200

Multi-Value Headers

Gherkin
Scenario: Headers with multiple values
  Given url 'https://httpbin.org'
  And path 'get'
  And header Accept = ['application/json', 'application/xml']
  When method get
  Then status 200

Gherkin
Feature: HTTP cookies

Background:
  * url 'https://httpbin.org'

Scenario: Multiple cookies
  Given path 'cookies'
  And cookie sessionId = 'abc123'
  And cookie theme = 'dark'
  And cookie language = 'en-US'
  When method get
  Then status 200

Scenario: Cookies with variables
  * def userId = 123
  * def timestamp = new Date().getTime()
  Given path 'cookies'
  And cookie userId = userId
  And cookie lastVisit = timestamp
  When method get
  Then status 200

headers - Multiple Headers

Set multiple headers using JSON for cleaner syntax:

Gherkin
Feature: Multiple headers

Background:
  * url 'https://jsonplaceholder.typicode.com'
  * def authToken = 'abc123token'
  * def clientId = 'client-456'

Scenario: Bulk header assignment
  Given path 'users'
  And headers { Authorization: 'Bearer ' + authToken, Accept: 'application/json', 'X-Client-ID': clientId }
  When method get
  Then status 200

Scenario: Merge headers
  * def commonHeaders = { Accept: 'application/json', 'User-Agent': 'Karate-Test' }
  * def authHeaders = { Authorization: 'Bearer ' + authToken }
  * def allHeaders = karate.merge(commonHeaders, authHeaders)
  Given path 'users'
  And headers allHeaders
  When method get
  Then status 200

Scenario: Conditional headers
  * def requestHeaders = { Accept: 'application/json', 'User-Agent': 'Karate-Test' }
  * def env = karate.env || 'dev'
  * if (env == 'dev') requestHeaders['X-Debug'] = 'true'
  Given path 'users'
  And headers requestHeaders
  When method get
  Then status 200

Important

Local headers override global configure headers settings
Use headers (plural) for bulk assignment
JSON keys with hyphens must be quoted

cookies - Multiple Cookies

Set multiple cookies using JSON:

Gherkin
Scenario: Bulk cookie assignment
  Given url 'https://httpbin.org'
  And path 'cookies'
  And cookies { sessionId: 'sess_abc123', theme: 'dark', language: 'en-US' }
  When method get
  Then status 200

Global Headers with Configure

Set headers once for all requests in a feature using configure headers:

Gherkin
Feature: Global header configuration

Background:
  * url 'https://jsonplaceholder.typicode.com'
  * configure headers = { 'User-Agent': 'Karate Test', Accept: 'application/json' }

Scenario: Headers applied automatically
  Given path 'users'
  When method get
  Then status 200

Scenario: Override specific header
  Given path 'posts'
  And header Accept = 'application/xml'
  When method get
  Then status 200

Scenario: Combine global and local headers
  * def additionalHeaders = { 'X-Request-ID': karate.uuid() }
  Given path 'users'
  And headers additionalHeaders
  When method get
  Then status 200

Dynamic Header Functions

Use JavaScript functions with configure headers to generate headers dynamically for each request:

Gherkin
Feature: Dynamic headers

Background:
  * url 'https://jsonplaceholder.typicode.com'
  * def getAuthHeaders =
  """
  function() {
    var token = karate.get('authToken') || 'default-token-123';
    return { Authorization: 'Bearer ' + token, 'X-Request-ID': karate.uuid() };
  }
  """
  * configure headers = getAuthHeaders

Scenario: Auto-generated headers
  Given path 'users'
  When method get
  Then status 200

When to Use Header Functions

Authentication tokens that need refresh
Headers that change per request (timestamps, UUIDs)
Dynamic authorization based on request context

Functions are called automatically before each HTTP request.

Authentication Patterns

Bearer Token

Gherkin
Feature: Bearer token authentication

Scenario: Use bearer token
  * def token = 'my-access-token-123'
  Given url 'https://jsonplaceholder.typicode.com'
  And path 'users'
  And header Authorization = 'Bearer ' + token
  When method get
  Then status 200

API Key Authentication

Gherkin
Feature: API key authentication

Background:
  * url 'https://httpbin.org'
  * def apiKey = 'sk-test-key-123'

Scenario: API key in header
  Given path 'get'
  And header X-API-Key = apiKey
  When method get
  Then status 200

Scenario: API key as query parameter
  Given path 'get'
  And param api_key = apiKey
  And param format = 'json'
  When method get
  Then status 200

Next Steps

Handle file uploads: Multipart Requests
Implement retry logic: Polling and Async
Process response headers: Response Handling
Validate responses: Response Validation

Core Keywords​

Keywords​

header - HTTP Headers​

cookie - HTTP Cookies​

Authentication Headers​

Content Negotiation​

Custom Headers​

Multi-Value Headers​

Basic Cookie Assignment​

headers - Multiple Headers​

cookies - Multiple Cookies​

Global Headers with Configure​

Dynamic Header Functions​

Authentication Patterns​

Bearer Token​

API Key Authentication​

Next Steps​