ZAP/ZEST documentation or help

[JLK]

I've been googling all afternoon and can't come up with good documentation about how to work with Zest in ZAP.  I'm trying to create login scripts where there are multiple requests needed to get an authorization token.  Some info I have ahead of time and set up as Parameters.  Other info needs to be pulled from the Responses, stored somewhere, and the replaced into subsequent requests.  So some questions:

1. Are Zest script "Parameters" the same as "Variables"?  Or is there some relationship between them?  

2. How do I use a Parameter/Variable I've defined in a script to replace some value in the Request?

3. How can I change the value of a Parameter/Variable based on some item from a Response?

The terminology for Zest in the context menus and dialog boxes in ZAP is confusing to me.

[thc...@gmail.com]

Hi.

1. Yes, parameters are also variables, the only difference is that the
parameters are defined before running the script.

2. You usually specify the variable directly where your want the value.
You can obtain the value of a variable by wrapping it (by default) with
"{{" "}}". For example, assuming you have 3 variables named "Username",
"Password", and "MyAuthToken", they could be in a request body as:
username={{Username}}&password={{Password}}&authtoken={{MyAuthToken}}

3. You can use assign statements (e.g. "Assign variable via regex
delimiters", "Assign variable via string delimiters"), which one depends
on how you want to extract the value.

Best regards.

[JLK]

Thank you so much for that!  Is there more information about how the delimiters work?

I think part of my confusion is the "Assign variable by" wording.  I think more clear would be "Assign value to variable by".   Wordy, I know... :)