Generally we need authentication for REST APIs and we provide them as part of the header in Postman. Agreed this does the task, but will it not be repetitive to again and again key in tokens in the header? Entering authentication scheme in the header will work for the particular request but other requests we need to do it manually. We've an process where we can get the same Authorization to work with multiple requests. This is what we are going to describe in this post
How it is being done now:
Generally in Postman, when authentication is required, we tend to add a key value pair for authorization and the Bearer token in the header of the postman request
Now the alternative is to remove this from the header and send it as part of the authorization tab. To do this copy only the JWT part(do not copy the keyword Bearer, just the token), and delete the Authorization key from the header
Now lets move focus to the Authorization tab which is to the left of the Headers tab. This provides us ways to authenticate the request.
If you look closely at this tab, this has a clean interface, just a type dropdown and the placeholder for the token. If you expand the Type dropdown, you would see a list of Authorization types. Select Bearer Token as it is the one we are dealing with currently.
Now paste the JWT token value which we copied earlier
The previous method in which we passed the token to the request in the header and this method where we pass Authorization using Bearer token in Authorization tab works one and the same. Test your request by making this change, it should work.
Now what?
This method works well, but only for this request. Our aim is to centralise the authentication and use it in different requests. If we are to make changes by replacing the Authorization token from Header to Authorization tab manually there's no meaning in changing the process.
If you look at the type dropdown you will find an list item Inherit auth from parent. Now change the type from Bearer Token to Inherit auth from parent. generally this is the default type in the Authorization tab. This allows us to define the authorization only once and use it across all requests.
This is where Collections come into play. Collections contain requests clubbed by naming them. To share authentication with all requests in a collection the Authorization token must be set at the collection level which will than be freely usable by all requests in that collection.
To do this, go to the collection, click on the three dots(...) next to it
Click on Edit. You would see the screen to the right open up with Collection Edit options.
The first tab will be the Authorization tab with the types listed in a dropdown as you have seen before.
Now you know the routine, select type as Bearer Token, enter the JWT token into the Token placeholder at the bottom
Now the Authentication for the collection has been set up!!!
Any request that need to use this authentication can do so by choosing Inherit auth from parent in their respective Authorization tabs. If the bearer token needs to be changed it can be changed at a single place at the Collection level by editing the Authorization tab.
Now we learnt how to set up Authentication at one place and share it across requests. Good, though this can be enhanced a bit. Now we enter the token manually even if once into the Collection Authorization tab. We can automatically fill in the Bearer token value and use it across requests... We will see this method in the next blog post