Setup and teardown scripts
Setup and teardown scripts
Some API endpoints can't be monitored with a static request. They need a fresh token on every call, a signed header, or a unique payload, and they may leave data behind that should be cleaned up. LoadFocus API monitors let you run a setup script just before the request and a teardown script just after the response, so the check prepares itself and tidies up on every run.
Setup and teardown scripts apply to API checks. Browser checks are already a full script (the user flow itself), and multistep checks pass data between steps with variables, so they cover the same needs a different way.
How it works
- The setup script runs first and receives the
requestobject. Anything you change onrequest(headers, URL, body) is used for the actual call. This is where you fetch a token, sign the request, or build a unique payload. - LoadFocus then sends the request.
- The teardown script runs last and receives both
requestandresponse. This is where you delete a resource the check created, or scrub sensitive data from logs.
Both scripts run in an isolated sandbox on every check run, in every region, with their console output captured so you can see what happened.
What you can use
Inside a setup or teardown script you can require:
gotandaxios— make HTTP calls (for example, exchange credentials for an OAuth token).crypto— sign requests (HMAC, hashes) for APIs that require a signature.@faker-js/faker— generate realistic unique test data.urlandpath— helpers for building URLs and paths.
console.log is available and its output is shown under the script's logs.
Example: fetch an OAuth token in setup
const got = require('got');const tokenResponse = await got.post('https://auth.example.com/oauth/token', {json: {grant_type: 'client_credentials',client_id: '{{secrets.CLIENT_ID}}',client_secret: '{{secrets.CLIENT_SECRET}}',},}).json();// Apply the token to the request that LoadFocus is about to sendrequest.headers = request.headers || [];request.headers.push({ name: 'Authorization', value: 'Bearer ' + tokenResponse.access_token });
Example: sign a request
const crypto = require('crypto');const timestamp = Date.now().toString();const signature = crypto.createHmac('sha256', '{{secrets.SIGNING_KEY}}').update(timestamp + request.url).digest('hex');request.headers = request.headers || [];request.headers.push({ name: 'X-Timestamp', value: timestamp });request.headers.push({ name: 'X-Signature', value: signature });
Example: clean up in teardown
const got = require('got');// If the request created a resource, delete it so the monitor leaves no traceif (response.statusCode === 201 && response.body) {const created = JSON.parse(response.body);await got.delete('https://api.example.com/items/' + created.id, {headers: { Authorization: request.headers.find(h => h.name === 'Authorization').value },});}
Secrets and variables
Reference your stored secrets and variables with {{secrets.NAME}} and {{variables.NAME}} inside a script. LoadFocus substitutes them at run time, so credentials and signing keys never sit in plain text in the script body.
Testing your scripts
In the check editor, the Run button next to each script executes it live against the real endpoint and shows the captured logs and the result (success or the error message). Use it to confirm your token exchange or signature works before you save the monitor.
Limits
- Each script body is capped at 100 KB.
- The setup script runs on every check execution, so keep token exchanges efficient — a slow setup adds to the check's measured time.
- If the setup script fails, the request is not sent and the check is marked failed, which is usually what you want (no valid auth means no valid check).