Authorizing Requests

  • Authorizing requests include authenticating the identity of the client who sends the request and verifies whether the client is allowed to access and conduct the endpoint operations. APIs use authorization details to make sure that the client requests access data safely.
  • Several authorization types are available in Postman that you can use while creating an API.
  • You need to ask the provider for any authorization details you require while using third party API.

Steps for Authorizing Requests in Postman

  • Open the Postman app and enter a request in the Request URL section.
  • Under the Authorization, the tab selects the authorization TYPE from the drop-down menu, as shown in the image below.
Authorizing Requests

The various authorization types are

  • Inherit auth from parent
    This is the default auth type. In this, authorization type will be the same as the parent, which means whatever the auth type you selected for that collection (parent); the same auth type will be selected for the request, which is under that collection.
  • No Auth
    If you select this type, Postman will not send any auth data with the request.
  • API key
    This is to send the Key and Value along with the API request.
  • Bearer Token
    This auth type allows the Authorization of requests by using an access key.
  • Basic Auth
    This allows users to send username and password along with the request for API login.
  • Digest Auth
    This is the two-point authentication of your API request. In this auth type user will send a request where the server will reply with a number that can only be used once. Then the user again will send the request along with username, password, and that realm number for Authorization of the request.
  • OAuth
    This auth type is to access third-party API data.
  • Hawk Authentication
    This enables users to use partial cryptographic verification to authenticate their requests. Hawk Auth id, which is your API authentication ID value and Hawk Auth key, which is your API authentication key value, is required for Authorization under this auth type.
  • AWS Signature
    For Amazon Web Services requests, this auth type is used.
  • NTLM Authentication (Beta)
    This is the auth type for windows OS and standalone systems.
  • Akamai EdgeGrid
    Akamai technologies use this auth type for authorizing requests.
  • After choosing an Auth type, the app will indicate which part among header, body, URL, or params will include your data so that the user can see how these data will be sent before they run the request.
  • The authorization data can be sent as header, body, or as parameters to a request.
    Authorizing Requests
  • For example, the auth data is sent as headers, as shown in the image above, so these headers will be automatically sent along with the request.





Latest Courses