Geek Culture
Published in

Geek Culture

Automating addition of authorization token in postman

Postman image

In this article, I show how to set up postman collection to automatically include an authorization token when making requests to secured endpoints.

Edit Collection

Firstly, I am assuming you have already created a collection. I created one called medium. Next we proceed to edit this collection. This would take us to this part of postman.

Collection details
Collection details

We start our editing with the variables tab. We add a new variable called token. We plan on updating this variable automatically once a user is authenticated and a response token is sent back to us. This value is what would then be passed as value in the Bearer token.

For now we just assign anyvalue as its initial value

Adds new variable called token to collection
Adds new variable to collection

Next we head back to the Authorization tab and change the Type to Bearer Token. For the Token value, instead of simply placing a raw token we would rather input the collection variable we created earlier. We do this by the use of double curly bracket on both sides of token. This would make the value of Bearer Token always pick from the value in the token variable we created.

As you can see we are almost done with our implementation what remains for us to complete this would be to find a way of updating the token variables value once we have a new token.

Sets authorization type and its value
Sets authorization type and its value

Sample response data

For this example, we have an auth endpoint that authenticates and return response with data in this format.

{"message": "User sucessfully login","data": {"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4OThiN2UwNy01MmM3LTQ3ZWMtOTM5OS02NGNiMzE4MGExODEiLCJyb2xlIjoxLCJlbWFpbCI6ImNoaWJ1aWtlQHNwbGVldC5uZyIsImlhdCI6MTYyMjEyMDM3MiwiZXhwIjoxNjIyMTUwMzcyfQ.W8jMnWaOpNYJPWTU1je4h1br92XuCKSlYyrklHmzL5o"},"statusCode": 200}

We would need to pass this token value in the object returned in the header to other endpoints that are secured and require a token passed.

Set token in collection header

The Tests tab is where we would be adding our code snippet that would enable us extract the token from the response and store it in the collection token variable.

To do that we send a post request with our body parameters to the endpoint to authenticate us.

Adds code snippet to extract token
Adds code snippet to extract token

Test Solution

All things set, we click the send button, this returns the data object and a status code of 200.

To check if our code snippets works, we head back to the collection variables to see the current value of token and wolla! The collection variable token has been updated with the returned token.

Token variable updated
Token variable updated

Test secured routes

To test this in other endpoints which are secured we need to do one last thing.

To have a single source of truth for token, we set the Type in Authorization to Inherit auth from parent.

Now this route and any other secured route in this collection always has the current token in its header whenever its sends request. Cool right? Yeah!

Set endpoint to use collection authorization
Set endpoint to use collection authorization

Thats all there is to automating our token addition to our header requests. Not only did this save me some precious time but it was also fun implementing and very rewarding,lol.

Have a blast!




A new tech publication by Start it up (

Recommended from Medium

Still using witchcraft to foresee IT risks to Business Continuity?

Oracle 20A Cloud update is here. Is your test automation-ready?

Introducing RTL — A Web UI for LND

Computer Networking Concepts for DevOps Engineers Part I

Java HashCode Collision: How uniform is it’s distribution?

Project Management in WSL: How to use wsl for development?

Android Q-First Look

Elasticsearch JSON Data Ingestion

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nwachukwu Chibuike

Nwachukwu Chibuike

Full-stack developer, technical writer and lover of Jamstack. Passionate about lifelong learning.

More from Medium

Architecting large-scale web applications in Flask

Is Django the Best Web Framework for Your Project?

Is Django the Best Web Framework for Your Project?

The architecture of

Authentication when using Google Cloud APIs from FileMaker