Postman Beginner Tutorial 14 | How to Add Authorization in Postman

Thanks a lot

You are most welcome Deepak

Great to hear! All the best..

Glad it was helpful Mahesh

Most welcome

Great to know this

Thanks a lot

Most welcome

Glad it was helpful Parasari, you can find the Basics API videos here - automationstepbystep.com/

You are welcome

Glad you enjoyed it

Glad you enjoyed it Başak

Glad you liked it Laura

Most welcome Den

So nice of you

Most welcome

Thanks a lot

Most welcome

Hi Deepak, yes, check more here - learning.postman.com/docs/collaborating-in-postman/sharing/

Glad you liked it Jimmy

You are so welcome Debarun

Most welcome

Glad it was helpful John

Glad you like them

Glad to hear that Fouqia, humbled

You're welcome Gayni

Thanks a ton Nilesh

Hi Swetha, I will do

@@RaghavPal Thank you! Looking forward

Glad you liked it Amruta

you can plan on getting skilled on
CI, CD, DevOps
API Testing
Performance Testing
More functional testing tools

You're welcome Purvash 😊

Happy to see this

Rajarajeswari
Let's break down the problem step by step..
Step 1: Understand the context
You have set up an OAuth 2.0 Bearer token at the collection level in Postman. When authorizing, you are passing a user number `1234567` in the token field.
Step 2: Identify the goal
You want to set up and pass the token user number `1234567` to an environment variable.
Step 3: Create an environment variable
In Postman, go to the "No environment" dropdown menu in the top-right corner of the app and select "Manage environments". Then, click the "New" button to create a new environment.
Give your environment a name, e.g., "MyOAuthEnv". Click "Add" to create the environment.
Step 4: Add a variable to the environment
In the "MyOAuthEnv" environment, click the "Add a new variable" button. Enter the following details:
* `Key`: `token_user_number` (or any other name you prefer)
* `Value`: `1234567` (the user number you want to pass)
* `Type`: `string`
Click "Add" to save the variable.
Step 5: Update the OAuth 2.0 Bearer token
Go back to your collection and edit the OAuth 2.0 Bearer token settings. In the "Token" field, enter `{{token_user_number}}`. This will reference the environment variable you just created.
Step 6: Select the environment
Make sure you have selected the "MyOAuthEnv" environment in the top-right corner of the app. This will enable Postman to use the environment variable you created.
Now, when you send a request with the OAuth 2.0 Bearer token, Postman will replace `{{token_user_number}}` with the value `1234567` from the environment variable.
--

Always welcome

Thanks a lot Lokesh

Thanks and welcome

Most welcome Anush

It seems like you're encountering a dynamic authentication mechanism on the website you're trying to download the file from. While the initial GET request returns a 200 OK response, the server redirects you to a login page instead of directly providing the requested file. This suggests a more complex authentication process than standard HTTP authentication types.
Here are some steps you can try to identify and handle the authentication mechanism:
*Analyze the HTML page:*
1. *Inspect the HTML code:* Open the login page in Postman's "Preview" tab and inspect the source code using the browser developer tools. Look for clues about the authentication type, such as form elements, input fields, action URLs, and JavaScript code.
2. *Identify form elements:* Pay close attention to the form elements, particularly the input fields for username and password. Note their names and values.
3. *Identify action URL:* Look for the form's action URL, which indicates where the login credentials are submitted. This URL might be important for constructing the authentication request.
*Analyze the network traffic:*
1. *Enable network capture:* In Postman, enable network capture to monitor all network requests and responses while interacting with the login page. This can reveal additional details about the authentication process, including headers, cookies, and hidden data.
2. *Analyze request and response headers:* Look for specific headers related to authentication, such as `Authorization`, `WWW-Authenticate`, `Set-Cookie`, and `Location`. These headers often provide clues about the required authentication type and additional information needed for the login request.
3. *Identify cookies:* Pay attention to cookies set by the server during the login process. Some authentication mechanisms rely on cookies for session management.
*Investigate common authentication types:*
1. *Basic authentication:* This is a simple username/password authentication scheme encoded directly in the HTTP header. Look for `WWW-Authenticate: Basic` header in the initial response or any other indication of Basic authentication.
2. *Form-based authentication:* This uses a web form for login credentials submission. If you identified login form elements and an action URL, this might be the authentication type.
3. *Token-based authentication:* This utilizes a token obtained through a separate login request. Analyze the network traffic for clues about token endpoints and how the token is used for access.
*Try different Postman request methods:*
1. *POST request:* If you identified a form action URL, try constructing a POST request to that URL with the username and password values as form data.
2. *Authorization header:* If you identified an authentication type like Basic or token-based, try adding the appropriate authorization information in the request header. Refer to the specific authentication type for the correct format.
*Seek additional resources:*
1. *Examine online documentation:* Check the website's documentation or help section for information about authentication methods and API access.
2. *Consult online forums:* Search online forums and communities for similar situations or discussions about accessing the specific website you're targeting.
3. *Contact website support:* Consider contacting the website's support team directly if available. They might be able to provide specific instructions or clarify the authentication process.
By analyzing the available information and trying different approaches, you should be able to identify the correct authentication mechanism and successfully download the file using Postman. Remember to pay close attention to details, analyze network traffic, and explore various resources for clues about the specific authentication implementation.

Most welcome Ken

Hi,
It is difficult to know why your test is failing without more information. Check logs and more details on Postman Console - ruclips.net/video/Xmr33_1-wzs/видео.html

Hi, I will try to analyse on this and will create a session, thanks for watching and supporting

Most welcome Sushant

Hi Avni,
For your first question, there are a few ways to automatically retrieve a new bearer token when it expires:
Use a token refresh mechanism: Many APIs that use bearer tokens also provide a token refresh mechanism. This allows your application to automatically refresh the token before it expires, without the need for user intervention. You can usually find information about how to use this mechanism in the API documentation.
Implement a custom solution: If the API you are using does not provide a token refresh mechanism, you can implement your own custom solution. This might involve creating a script or program that periodically checks if the token has expired, and then retrieves a new token if necessary. You can use a programming language of your choice to implement this solution.
For your second question, if you have multiple bearer tokens in your platform, you can use environment variables to store and manage them. Here's how you can do it:
Create environment variables: In the environment tab of your application, you can create environment variables to store your bearer tokens. For example, you could create an environment variable called "BEARER_TOKEN_1" to store your first token, and another variable called "BEARER_TOKEN_2" to store your second token.
Retrieve the tokens in your code: In your code, you can retrieve the appropriate token by reading the value of the corresponding environment variable. This way, you can use the correct token depending on the context or use case.
For example, in JavaScript, you can retrieve an environment variable like this:
const token = process.env.BEARER_TOKEN_1;
In Python, you can retrieve an environment variable like this:
import os
token = os.environ['BEARER_TOKEN_1']
By using environment variables to manage your bearer tokens, you can easily switch between tokens and keep them organized.

@@RaghavPal Thank you very much sir. Your content is amazing.

Shilpa
There are two ways to get a token at runtime from the response without copying it manually in Postman:
1. **Use a pre-request script:** You can use a pre-request script to extract the token from the response and store it in a variable. This variable can then be used in subsequent requests in your collection.
For example, the following pre-request script will extract the token from the response and store it in a variable called `token`:
```javascript
// Get the token from the response
var token = pm.response.json().access_token;
// Store the token in a variable
pm.environment.set("token", token);
```
Once you have stored the token in a variable, you can use it in subsequent requests in your collection by referencing the variable name. For example, the following request will use the `token` variable to authenticate the request:
```
Authorization: Bearer {{token}}
```
2. **Use a test script:** You can also use a test script to extract the token from the response and store it in a variable. This variable can then be used in subsequent requests in your collection, or to validate the response.
For example, the following test script will extract the token from the response and store it in a variable called `token`:
```javascript
// Get the token from the response
var token = pm.response.json().access_token;
// Store the token in a variable
pm.environment.set("token", token);
// Validate that the token is not empty
pm.test("Token is not empty", function() {
pm.expect(token).to.not.be.empty;
});
```
Once you have stored the token in a variable, you can use it in subsequent requests in your collection, or to validate the response.
Which method you use to get a token at runtime from the response will depend on your specific needs. If you need to use the token in subsequent requests in your collection, then you should use a pre-request script. If you need to validate the token, or if you only need to use the token in a single request, then you can use a test script.
I hope this helps

@@RaghavPal Thank you so much

Hi Yashwant, I must have shown that in some chaining session. Can check all lectures here - automationstepbystep.com/

@@RaghavPal is chaining possible in Postman? or only in Soapui?

Hi, try with a different api request, also check the url, syntax and formats again

Thanks

Hi Mohan, can check this - ruclips.net/video/7vx0RIwHVzg/видео.html

Thanks Srinivas

To add a next page token for OAuth 2.0 in Postman, you can do the following:
1. Open the Postman request that you want to add the next page token to.
2. Click the **Authorization** tab.
3. Select **OAuth 2.0** from the **Type** dropdown list.
4. In the **Authorization Data** section, click the **Add** button.
5. In the **Type** dropdown list, select **Bearer Token**.
6. In the **Token** field, enter the next page token.
7. Click the **Save** button.
Here is an example of how to add a next page token for OAuth 2.0 in Postman:
```
Request:
api.example.com/users?page=1
Authorization:
Type: OAuth 2.0
Authorization Data:
Type: Bearer Token
Token: YOUR_NEXT_PAGE_TOKEN
```
Once you have added the next page token to the request, you can send the request and Postman will automatically include the next page token in the request header.
Here are some additional tips for using next page tokens in Postman:
* You can get a next page token by sending a request to the API endpoint that you are using. The next page token will be returned in the response header.
* You can save next page tokens to variables in Postman. This will allow you to easily reuse next page tokens in different requests.
* You can use the `pm.response.headers.get('next-page-token')` Postman function to get the next page token from the response header.
I hope this helps

I will plan a session Devatha

Prithvi
Thats okay.. it will be as per the API design and implementation. In case you are using any demo api, can continue.. in case you are using your project or any real APIs.. can discuss with the dev team

@@RaghavPal if it’s in the project then what must the concern? Is it that the contents were still displayed without auth? Or discrepancy with the content ?

If auth is implemented for your APIs it should work.. and if its not working as per the implementation.. its a issue and should be reported.. You team can give more details on this

@@RaghavPal I see so whenever auth is implemented the only expected outcome is that it should produce error when we try to access it without authentication and the content will have no impact(with or without authentication), right?

Ideally yes.. unless you are using some demo.. test apis..
While authentication primarily focuses on security, it doesn’t directly impact the content served by the API.

To use Hawk authorization in Postman, follow these steps:
1. Open Postman:
2. Create a New Request:
3. Authorization Tab:
- In the request details, go to the Authorization tab.
4. Select Hawk Authentication:
- From the Type dropdown list, choose Hawk Authentication.
5. Enter Details:
- Fill in the following details:
- Hawk Auth ID: Your API authentication ID value.
- Hawk Auth Key: Your API authentication key value.
- Algorithm: The hash algorithm used to create the message authentication code (MAC).
6. Advanced Parameters (Optional):
- You can set additional parameters if needed:
- User: The username.
- Nonce: A random string generated by the client.
- ext: Any application-specific information to be sent with the request.
- app: The binding between credentials and the application to prevent an attacker using credentials issued to someone else.
- dlg: The ID of the application the credentials were issued to.
- Timestamp: Timestamp the server uses to prevent replay attacks outside the time window.
7. Headers:
- Postman will automatically add the Hawk Authentication parameters to the request headers.
Remember to replace the placeholders with your actual authentication ID and key. Once configured, you can send the request, and Postman will handle the Hawk authorization for you

Great.. you can work with any API related projects with Postman

Can check these:
ruclips.net/video/sRzbFa8gYFI/видео.html
ruclips.net/video/BdqPDxrfDOI/видео.html
ruclips.net/video/fnpmR6Q5lEc/видео.html

Navneet
To set a common Bearer Token and Base URL for a single collection in Postman, you have a few options:
1. Collection Variables:
- Create a collection variable for the Bearer Token and Base URL.
- In your collection, go to the Variables tab.
- Define the following variables:
- `tokenBaseURL`: Set this to the base URL for your authentication service.
- `authData`: If your auth service requires specific data, add it here as a JSON object.
- Now, your requests within the collection can reference these variables.
2. Pre-request Script:
- You can use a pre-request script at the collection level to set environment variables dynamically.
- Here's an example of how to set the Bearer Token using a script:
```javascript
pm.sendRequest({
url: 'YourURL',
method: 'POST',
header: {
'content-type': 'application/json'
},
body: {
mode: 'raw',
raw: JSON.stringify({
// YOUR PARAM TO CREATE THE TOKEN IF NEEDED
})
}
}, (err, res) => {
pm.collectionVariables.set('TOKEN', res.json().accessToken);
});
```
3. Environment Variables:
- Create a new environment or use an existing one.
- Add environment variables for the Bearer Token and Base URL.
- Set the values accordingly.
Remember to choose the approach that best fits your project requirements and workflow
-

@@RaghavPal Thankyou So much Sir
For your valuable responde and with this I got my appropriate answer..

Siddhartha
Great to know this is helping you
Sure, i will plan on this

Tony
This is enough to work on any project of Postman. Please follow all tutorials with hands-on

@@RaghavPal ok thank you

Hi Sandeep, I have tried to cover all the basic topics, Let me know if there are other topics you need, I will plan

@@RaghavPal , is this all 14 videos is sufficient for facing any interview from POSTMAN Tool Perspective view or APIs Manual.

Yes, will be enough if you have done hands-on along with the videos

@@RaghavPal Thanks, i have cover all videos multiple times , now i am Confident 😊

Jatin
will need more details on the steps and logs

Hi Pravin, this can help learning.postman.com/docs/sending-requests/certificates/

Keerthi
While Postman doesn't have built-in MFA support, you can automate MFA flows using these techniques:
*1. Environment Variables and Pre-Request Scripts:*
- Store MFA codes in environment variables, retrieved from a secure source (e.g., text file, password manager).
- Use pre-request scripts to fetch the current MFA code and dynamically set it in the request body or header.
*2. Custom Code in Pre-Request Scripts:*
- Write code to handle MFA challenges directly within pre-request scripts.
- Interact with external services or devices (e.g., send SMS requests for codes, generate codes using authenticator apps).
*3. Third-Party Libraries:*
- Explore third-party libraries or extensions that provide MFA support within Postman.
- Some options include:
- Postman Interceptor extension for Chrome (can capture MFA tokens from browser sessions)
- Custom libraries for specific MFA providers
*4. Integration with External Tools:*
- Use Postman in conjunction with external tools or libraries for MFA automation.
- For example, integrate with Selenium WebDriver to automate browser-based MFA flows.
*Key Considerations:*
- *Security:*
- Store MFA codes securely (avoid plain text storage).
- Implement appropriate access controls and logging.
- *Complexity:*
- MFA automation can be complex, especially for multi-step flows.
- Thoroughly test and validate your implementation.
- *MFA Provider Support:*
- Adapt methods based on the specific MFA provider and authentication methods used.
*Example (Pre-Request Script):*
```javascript
// Retrieve MFA code from a secure source
const mfaCode = pm.environment.get("mfa_code");
// Set the MFA code in the request header
pm.request.headers.add({ key: "X-MFA-Code", value: mfaCode });
```
*Remember:*
- MFA automation in Postman requires careful planning and security considerations.
- Evaluate the complexity and risks involved before implementation.
- Stay updated on the latest Postman features and third-party integrations for potential MFA support enhancements.

Can check all POSTMAN videos here - automationstepbystep.com/

Hi Hassan
There are a few ways to know which authorization is required for an API:
* Check the API documentation: The API documentation should specify which authorization methods are supported and what credentials are required
* Try making a request without authorization: If you make a request to an API without providing any authorization, the API will typically return an error message indicating that authorization is required
* Use a tool like Postman: Postman is a tool that allows you to test APIs. You can use Postman to make requests to an API and see what authorization is required
Once you know which authorization is required, you can use the appropriate authorization method when making requests to the API

@@RaghavPal Thank you so much Sir

Hi Rohit, do you need some specific type of authorization

@@RaghavPal
No I want to know how to automate
Auth automation in postman.

that is what was shown in the video, in case you have any issues, pls inform in detail

@@RaghavPal
I want to automate this

Thanks for liking Vinod

will need to check your request and logs

Sure Jatin