Skip to main content
This page documents the structure of OpenCollection YAML files used in Bruno.

Top-Level Structure

A Bruno YAML request file contains the following top-level sections: 
info:        # Request metadata (name, type, seq, tags)
http:        # HTTP request configuration
runtime:     # Scripts and assertions
settings:    # Request settings
docs:        # Request documentation

info

Store metadata about your request. 
info:
  name: Get Users
  type: http
  seq: 1
  tags:
    - smoke
    - regression
FieldTypeDescription
namestringThe display name of the request
typestringThe request type (http for HTTP requests, folder for folders)
seqnumberSequence number that determines sort position in the UI
tagsarrayOptional tags for filtering requests during collection runs

http

The HTTP request configuration. 
http:
  method: post
  url: https://api.example.com/users
  params:
    query: [...]
    path: [...]
  headers: [...]
  body:
    type: json
    data: "..."
  auth:
    type: basic
    basic:
      username: admin
      password: secret

http.method

The HTTP method. Supported values: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD, TRACE, CONNECT (uppercase).

http.params

Parameters as an array of objects with a type field to distinguish query vs path parameters. 
params:
  - name: filter
    value: active
    type: query
  - name: limit
    value: "10"
    type: query
  - name: id
    value: "123"
    type: path
FieldTypeDescription
namestringThe parameter name
valuestringThe parameter value
typestringEither query or path
disabledbooleanWhether the parameter is disabled (optional)

http.headers

Request headers as an array of objects. 
headers:
  - name: Content-Type
    value: application/json
  - name: Authorization
    value: Bearer {{token}}
    disabled: true
FieldTypeDescription
namestringThe header name
valuestringThe header value
disabledbooleanWhether the header is disabled (optional)

http.body

The request body configuration. 
body:
  type: json
  data: |-
    {
      "name": "John Doe"
    }
Body TypeDescription
jsonJSON body
textPlain text body
xmlXML body
form-urlencodedForm URL-encoded data
multipart-formMultipart form data
graphqlGraphQL query

http.auth

Authentication configuration. Credentials are specified directly under the auth object. Use inherit to inherit authentication from the parent folder or collection. 
# Inherit from parent
auth: inherit

# Bearer token
auth:
  type: bearer
  token: "{{token}}"

# Basic authentication
auth:
  type: basic
  username: admin
  password: secret

# API Key
auth:
  type: apikey
  key: x-api-key
  value: "{{api-key}}"
  placement: header
Supported auth types: none, inherit, basic, bearer, apikey, digest, oauth2, awsv4, ntlm.

runtime

The runtime section contains scripts and assertions that execute during the request lifecycle.

runtime.scripts

JavaScript code to run at different points in the request lifecycle. 
runtime:
  scripts:
    - type: before-request
      code: |-
        // Runs before the request
        console.log('before-request');
        req.setHeader("X-Timestamp", Date.now());
    - type: after-response
      code: |-
        // Runs after the response
        console.log('after-response');
        bru.setVar("token", res.body.token);
    - type: tests
      code: |-
        test("should return 200", function() {
          expect(res.status).to.equal(200);
        });
Script TypeDescription
before-requestRuns before the request is sent
after-responseRuns after the response is received
testsTest assertions using the Chai assertion library

runtime.assertions

Declarative assertions without writing JavaScript code. 
runtime:
  assertions:
    - expression: res.status
      operator: eq
      value: "200"
    - expression: res.body.name
      operator: isString
FieldTypeDescription
expressionstringThe value to evaluate (e.g., res.status, res.body.name)
operatorstringThe comparison operator (eq, neq, isString, isNumber, etc.)
valuestringThe expected value (for comparison operators)

settings

Request-level settings. 
settings:
  encodeUrl: true
  timeout: 0
  followRedirects: true
  maxRedirects: 5
FieldTypeDescription
encodeUrlbooleanWhether to URL-encode the request URL
timeoutnumberRequest timeout in milliseconds (0 = no timeout)
followRedirectsbooleanWhether to follow HTTP redirects
maxRedirectsnumberMaximum number of redirects to follow

docs

Request-level documentation in Markdown format. 
docs: |-
  # User Creation API

  This endpoint creates a new user in the system.

  ## Required Fields
  - name: User's full name
  - email: User's email address