Skip to content
Postman API Testing Tips

How To Get Jwt Token Using Postman

API Testing Blog

Getting a JWT Token Using Postman for API Testing

JWT (JSON Web Token) is a standard for securely transmitting information between parties as a JSON object. This information is encoded and digitally signed for verification. When testing APIs, you often need to obtain a JWT token to access protected resources.

Here’s a comprehensive guide on how to obtain a JWT token using Postman, including practical examples and step-by-step instructions.

1. Understanding the Authentication Process

Before we delve into Postman, it’s crucial to grasp the core authentication flow:

  • Authentication Request: Your application sends credentials (username & password) to an authentication server.
  • Token Generation: The server verifies your credentials and generates a JWT token if successful.
  • Token Exchange: You use the JWT token in subsequent requests to access protected resources.

2. Preparing Your Postman Environment

  1. Create a New Request: In Postman, create a new request and specify the “POST” method.
  2. Set the URL: This URL should point to your API’s authentication endpoint.

3. Sending Authentication Credentials

  1. Select Body: In the request body, choose “form-data” or “x-www-form-urlencoded” as the data format.
  2. Add Credentials: Input your username and password in the corresponding keys (usually “username” and “password”).

SAMPLE CODE (form-data):

username: your_username
password: your_password

SAMPLE CODE (x-www-form-urlencoded):

username=your_username&password=your_password

4. Handling the Authentication Response

  1. Send Request: Execute the request to send your credentials.
  2. Examine the Response: The server should respond with a successful (200 OK) status code. The response body will contain the generated JWT token.

SAMPLE RESPONSE:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw0"
}

5. Extracting and Storing the JWT Token

  1. Use the Test Tab: In Postman’s “Test” tab, use JavaScript code to extract the token from the response using the pm.response.json() function.

SAMPLE CODE:

const token = pm.response.json().token;
pm.environment.set("jwtToken", token);
  1. Save Token in Environment Variables: Use pm.environment.set() to store the extracted token in a Postman environment variable for later use in subsequent requests.

6. Using the JWT Token in Subsequent Requests

  1. Add Authorization Header: Create another request to access a protected resource.
  2. Set Authorization: In the headers section, add an “Authorization” header with the value “Bearer [token]“. Replace [token] with the extracted JWT token.

SAMPLE CODE:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw0

7. Troubleshooting and Common Issues

  • Invalid Credentials: Ensure that you’re supplying the correct username and password.
  • Incorrect Endpoint: Double-check that you’re targeting the correct authentication endpoint.
  • Token Expiration: JWT tokens have a lifespan. If the token expires, you’ll need to obtain a new one.

Handling Different Auth Mechanisms

How to get JWT Token using Postman for OAuth 2.0

Many APIs use OAuth 2.0 for authorization. Here’s how to obtain a JWT token using Postman for OAuth 2.0:

  1. Authorization Code Flow:

    • Get Authorization Code: Make a request to the authorization server, providing your client ID and redirect URI. The server will redirect you to the authorization page where you can log in.
    • Exchange Code for Token: Upon successful login, the server redirects back with a code. Exchange this code for an access token using a separate “token” endpoint.
    • Obtain JWT Token: The access token you obtain might be a JWT token itself, or it could be a token used to access a protected resource that delivers the JWT token.

  2. Client Credentials Flow:

    • Get Token Directly: Make a request to the token endpoint with your client ID, client secret, and grant type set to “client_credentials.”
    • Obtain JWT Token: The server will directly return the JWT token.

SAMPLE CODE (client credentials flow):

grant_type: client_credentials
client_id: your_client_id
client_secret: your_client_secret

How to get JWT Token using Postman for API Key Authentication

  1. Provide API Key:
    • Add Header: In your request, add an “Authorization” header with the value “Bearer [api_key]“. Replace [api_key] with your API key.

SAMPLE CODE:

Authorization: Bearer your_api_key
  1. Authentication Response:
    • Receive JWT Token: The server might return a JWT token directly as part of the authentication response.

How to get JWT Token using Postman with a refresh token

  1. Send Refresh Token:
    • Create a Request: Create a new request with the “POST” method.
    • Request Body: Send the refresh token to the appropriate endpoint for refreshing.

SAMPLE CODE (body):

{
  "refreshToken": "your_refresh_token"
}
  1. Receive New Access Token:
    • Obtain JWT Token: The server will return a new access token, which you can use for subsequent requests.

Conclusion

Knowing how to obtain and use JWT tokens in Postman is crucial for testing protected APIs. By understanding various authentication mechanisms, you can easily integrate the process into your testing workflow, ensuring a robust and efficient testing experience.

API Testing Blog