Geek Culture
Published in

Geek Culture

Automating addition of authorization token in postman

Postman image

In this article, I show how to set up postman collection to automatically include an authorization token when making requests to secured endpoints.

Edit Collection

Firstly, I am assuming you have already created a collection. I created one called medium. Next we proceed to edit this collection. This would take us to this part of postman.

Collection details
Collection details

We start our editing with the variables tab. We add a new variable called token. We plan on updating this variable automatically once a user is authenticated and a response token is sent back to us. This value is what would then be passed as value in the Bearer token.

For now we just assign anyvalue as its initial value

Adds new variable called token to collection
Adds new variable to collection

Next we head back to the Authorization tab and change the Type to Bearer Token. For the Token value, instead of simply placing a raw token we would rather input the collection variable we created earlier. We do this by the use of double curly bracket on both sides of token. This would make the value of Bearer Token always pick from the value in the token variable we created.

As you can see we are almost done with our implementation what remains for us to complete this would be to find a way of updating the token variables value once we have a new token.

Sets authorization type and its value
Sets authorization type and its value

Sample response data

For this example, we have an auth endpoint that authenticates and return response with data in this format.

{"message": "User sucessfully login","data": {"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4OThiN2UwNy01MmM3LTQ3ZWMtOTM5OS02NGNiMzE4MGExODEiLCJyb2xlIjoxLCJlbWFpbCI6ImNoaWJ1aWtlQHNwbGVldC5uZyIsImlhdCI6MTYyMjEyMDM3MiwiZXhwIjoxNjIyMTUwMzcyfQ.W8jMnWaOpNYJPWTU1je4h1br92XuCKSlYyrklHmzL5o"},"statusCode": 200}

We would need to pass this token value in the object returned in the header to other endpoints that are secured and require a token passed.

Set token in collection header

The Tests tab is where we would be adding our code snippet that would enable us extract the token from the response and store it in the collection token variable.

To do that we send a post request with our body parameters to the endpoint to authenticate us.

Adds code snippet to extract token
Adds code snippet to extract token

Test Solution

All things set, we click the send button, this returns the data object and a status code of 200.

To check if our code snippets works, we head back to the collection variables to see the current value of token and wolla! The collection variable token has been updated with the returned token.

Token variable updated
Token variable updated

Test secured routes

To test this in other endpoints which are secured we need to do one last thing.

To have a single source of truth for token, we set the Type in Authorization to Inherit auth from parent.

Now this route and any other secured route in this collection always has the current token in its header whenever its sends request. Cool right? Yeah!

Set endpoint to use collection authorization
Set endpoint to use collection authorization

Thats all there is to automating our token addition to our header requests. Not only did this save me some precious time but it was also fun implementing and very rewarding,lol.

Have a blast!




A new tech publication by Start it up (

Recommended from Medium

True within really.

Creating a Connect Four Game in Java

Tips on passing the Process Automation Specialist Superbadge on Trailhead

How I studied for the AWS Certified Solution Architect-Associate Exam?

A Good Team Player: Git in Combination with Other Systems

Avro Utility Tool: Swiss Army knife

I did NOT say Node is better than PHP

What kind of developers are these?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nwachukwu Chibuike

Nwachukwu Chibuike

Full-stack developer, technical writer and lover of Jamstack. Passionate about lifelong learning.

More from Medium

how to deploy Nodejs web app on AWS elastic beanstalk

AWS elastic beanstalk node js deployment

How Genesis built multi-channel alerting using multiple RingCentral APIs

DNS analysis in a nutshell

How to host your website with S3, Cloudfront and Route 53 along with ssl certificate under 15…