Skip to content
Postman API Testing Tips

How To Get Token Using Postman

API Testing Blog

How to Get a Token Using Postman

API testing often requires you to authenticate your requests to access protected resources. One common method is using authentication tokens, which grant temporary access to the API. Postman, a powerful tool for API testing, provides several ways to obtain and manage these tokens. This guide will demonstrate various methods for getting tokens using Postman, along with practical examples and sample code.

1. Requesting a Token with Bearer Authentication

Bearer Authentication is the most common method where a token is passed in the authorization header of every request.

Step 1: Create a Postman collection.

  • In Postman, select New > Collection and provide a name for your collection, such as “Token Authentication”.

Step 2: Define your request.

  • Inside the collection, add a new Request by clicking the + button.
  • Choose an appropriate HTTP method (POST in this case) and provide the endpoint for the token request. For example: https://api.example.com/auth/token.
  • In the Authorization tab, select Bearer Token.
  • In the Token field, paste your existing token directly.

Step 3: Specify request body.

  • Depending on the API, you may need to provide credentials (username and password) in the request body. You can use JSON format.
{
  "username": "your_username",
  "password": "your_password"
}

Step 4: Send the request and get the token.

  • Click the Send button to execute the request.
  • If successful, you’ll receive a response containing the token.
  • This token is usually found in the response body within a “token” field.

Example:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}

2. Using Environment Variables to Store Tokens

Storing tokens directly in your requests can be insecure. Environment variables provide a safer way to manage sensitive information.

Step 1: Create a new Environment.

  • Go to Environments and click Add. Choose a name (e.g., “Token Env”) and click Create.

Step 2: Define the Token Variable.

  • Click the newly created environment and add a new variable with a name like AUTH_TOKEN.
  • Leave the Current Value empty for now, as you will assign the token value later.

Step 3: Use the Variable in your Request.

  • In your request’s Authorization tab, select Bearer Token.
  • In the Token field, use the syntax {{AUTH_TOKEN}} to reference the environment variable.

Step 4: Set the Token Value.

  • After making the initial token request, copy the token value from the response.
  • Paste it into the Current Value field of the AUTH_TOKEN variable in your environment.

Step 5: Send Subsequent Requests.

  • Now, any subsequent request in this environment will use the stored token value in the Authorization header, ensuring secure handling of your credentials.

3. How to Get a Token Using Postman - Storing Tokens in a Global Variable

Global variables work similarly to environment variables but are accessible across all Postman collections and environments.

Step 1: Create a Global Variable.

  • Go to Globals and click Add to create a new variable. Let’s call it GLOBAL_AUTH_TOKEN.

Step 2: Set the Value from a Request.

  • After obtaining a token from your initial request, use a Postman Test script.
  • In the Test tab, add the following script to store the token in the global variable:
pm.globals.set("GLOBAL_AUTH_TOKEN", pm.response.json().token);

This code snippet extracts the token value from the response using pm.response.json().token and stores it in the GLOBAL_AUTH_TOKEN variable.

Step 3: Use the Global Variable in Requests.

  • In your other requests, use {{GLOBAL_AUTH_TOKEN}} within the Bearer Token field of the Authorization tab.

4. Using Postman’s Bearer Token Pre-request Script

Postman allows you to create scripts that run before each request, automating the token retrieval process.

Step 1: Add a Pre-request Script.

  • In your token request, go to the Pre-request Script tab.
  • Insert the following code:
pm.environment.set("AUTH_TOKEN", pm.response.json().token);

This script extracts the token from the response and stores it in the environment variable AUTH_TOKEN.

Step 2: Use the Stored Token.

  • In subsequent requests, use {{AUTH_TOKEN}} in the Authorization header as before.

Step 3: Trigger the Pre-request Script.

  • Enable the checkmark next to “Execute” in the Pre-request Script tab to ensure it runs before each request.

5. How to Get a Token Using Postman - Integrating OAuth 2.0

Postman offers direct support for OAuth 2.0, simplifying the authorization process.

Step 1: Create an OAuth 2.0 Authorization.

  • Go to the Authorization tab of your request.
  • Select OAuth 2.0.
  • Fill in the required fields, including:
    • Grant Type: The type of grant flow you’re using (e.g., authorization_code, password, client_credentials, etc.).
    • Token URL: The endpoint for obtaining the access token.
    • Client ID: Your application’s identifier.
    • Client Secret: The secret associated with your application (if required).
    • Scopes: The permissions requested from the API.

Step 2: Run the Authorization.

  • Click the little blue “Get New Access Token” button.
  • Postman will open a new window to complete the authorization process.
  • Follow the prompts, which may involve logging into your account or granting permissions.

Step 3: Use the Obtained Token

  • Once authorized, Postman will automatically retrieve the token and store it for use in subsequent requests.

6. Using Postman Collections to Automate Token Retrieval

For complex authorization workflows, Postman Collections can automate the token acquisition and request execution.

Step 1: Create a Collection.

  • Create a new collection specifically for your API workflow.

Step 2: Include Token Request.

  • Add a request to your collection for obtaining the token. Use a Bearer Token with a {{AUTH_TOKEN}} placeholder in the header.

Step 3: Add Subsequent Requests.

  • Add other requests to the collection, each using the same {{AUTH_TOKEN}} placeholder in the authorization header.

Step 4: Chain Requests (Optional).

  • You can chain requests using the Next Request option in the Postman collection.
  • If the first request obtains the token, the subsequent requests will automatically inherit the stored token from the environment or global variable.

Step 5: Run the Collection.

  • Run the collection, and it will execute the token retrieval first, followed by the other requests, all using the same token for authentication.

API Testing Blog