Postman – Using Environments and Tokens

Rick Herrmann

Postman is an incredibly  useful tool for testing API’s.  I’ve been using it for a few years now and have found some features that make it a breeze to work with when it comes to secured API’s. It’s good for handling different environments as well.

Login and Tokens

A common pattern we use with our API’s is to use Javascript Web Tokens(JWT’s) for authentication. To work with this in Postman, I typically have a /login post call which returns a token. Then for any other calls to that API, I manually copy the returned token, and set the Authorization header to “Bearer <token>”. Although this works, it’s a pain when the login token expires and I have to copy a new token to the Authorization header for every saved API call.  For an API where you have a lot of endpoints saved, updating all the Authorization headers can become tedious. Continue reading “Postman – Using Environments and Tokens”