Skip to content
Postman API Testing Tips

How To Send Consumer Key And Consumer Secret Using Postman

API Testing Blog

Sending Consumer Key and Consumer Secret in Postman for API Testing

When working with APIs that require authentication, you’ll often be provided with a consumer key and consumer secret. These credentials act as a unique identifier for your application and grant access to specific resources or endpoints. This guide outlines how to send these credentials in Postman for your API testing needs.

Using Authorization Tab: Basic Auth

Step 1: Open Postman and Select Your Request

Start by creating a new request in Postman. Select the appropriate HTTP method (GET, POST, PUT, DELETE, etc.) and enter the API endpoint URL.

Step 2: Access the Authorization Tab

Click on the Authorization tab within the request builder.

Step 3: Choose “Basic Auth”

From the dropdown menu under Type, select “Basic Auth”.

Step 4: Enter Credentials

In the fields that appear, enter your consumer key in the “Username” field and your consumer secret in the “Password” field.

Step 5: Send Your Request

Click the “Send” button to execute your request. Postman will automatically send the consumer key and consumer secret in the Authorization header as a base64-encoded string, ensuring that your credentials are securely transmitted.

Example:

  • API endpoint: https://api.example.com/users
  • Consumer Key: your_consumer_key
  • Consumer Secret: your_consumer_secret

Postman Request:

GET https://api.example.com/users


Authorization: Basic d291cl9jb25zdW1lcl9rZXk6d291cl9jb25zdW1lcl9zZWNyZXQ=

Sending Keys as Header Parameters

Step 1: Open Postman and Select Your Request

Start by creating a new request in Postman. Select the appropriate HTTP method and enter the API endpoint URL.

Step 2: Add Headers

Click on the “Headers” tab within the request builder.

Step 3: Enter Consumer Key and Secret

Add two new headers:

  • Key: X-Consumer-Key

  • Value: your_consumer_key

  • Key: X-Consumer-Secret

  • Value: your_consumer_secret

Note: The header names (X-Consumer-Key and X-Consumer-Secret) are examples. The actual header names might vary depending on the API specification.

Step 4: Send Your Request

Click the “Send” button to execute your request. Postman will include the provided consumer key and secret in the request headers.

Example:

  • API endpoint: https://api.example.com/users
  • Consumer Key: your_consumer_key
  • Consumer Secret: your_consumer_secret

Postman Request:

GET https://api.example.com/users


X-Consumer-Key: your_consumer_key
X-Consumer-Secret: your_consumer_secret

Passing Consumer Key and Secret as Query Parameters

Step 1: Open Postman and Select Your Request

Start by creating a new request in Postman. Select the appropriate HTTP method and enter the API endpoint URL.

Step 2: Add Query Parameters

Click on the “Params” tab within the request builder.

Step 3: Enter Consumer Key and Secret

Add two new parameters:

  • Key: consumer_key

  • Value: your_consumer_key

  • Key: consumer_secret

  • Value: your_consumer_secret

Note: The parameter names (consumer_key and consumer_secret) are examples. The actual parameter names might vary depending on the API specification.

Step 4: Send Your Request

Click the “Send” button to execute your request. Postman will include the consumer key and secret as query parameters in the request URL.

Example:

  • API endpoint: https://api.example.com/users
  • Consumer Key: your_consumer_key
  • Consumer Secret: your_consumer_secret

Postman Request URL:

https://api.example.com/users?consumer_key=your_consumer_key&consumer_secret=your_consumer_secret

Sending Credentials in the Request Body

Step 1: Open Postman and Select Your Request

Start by creating a new request in Postman. Select the appropriate HTTP method and enter the API endpoint URL.

Step 2: Choose the Body Type

Select the appropriate body type based on the API requirements:

  • Form Data: Use for simple key-value pairs.
  • x-www-form-urlencoded: Similar to form data but encoded.
  • Raw: For sending plain text, JSON, XML, etc.
  • Binary: For sending files.

Step 3: Add Consumer Key and Secret

Depending on the chosen body type, add the consumer key and secret as key-value pairs:

  • Form data: Enter consumer_key and consumer_secret as keys and their corresponding values.
  • x-www-form-urlencoded: Similar to form data.
  • Raw: If you’re sending JSON, add them as properties within the JSON object.
  • Binary: Not applicable for this scenario.

Step 4: Send Your Request

Click the “Send” button to execute your request. Postman will include the consumer key and secret in the request body, according to the chosen format.

Example:

  • API endpoint: https://api.example.com/users
  • Consumer Key: your_consumer_key
  • Consumer Secret: your_consumer_secret

Postman Request (JSON Body):

{
  "consumer_key": "your_consumer_key",
  "consumer_secret": "your_consumer_secret"
}

Postman Request (Form Data):

  • consumer_key: your_consumer_key
  • consumer_secret: your_consumer_secret

Using Environment Variables

Step 1: Define Environment Variables

Open the “Environments” tab in Postman and create a new environment. Add two environment variables:

  • Name: CONSUMER_KEY

  • Value: your_consumer_key

  • Name: CONSUMER_SECRET

  • Value: your_consumer_secret

Step 2: Select the Environment

Select the newly created environment, ensuring that the environment variables are accessible.

Step 3: Use Variables in the Request

Use the variables directly within the request:

  • Headers: X-Consumer-Key: {{CONSUMER_KEY}} X-Consumer-Secret: {{CONSUMER_SECRET}}
  • Query Parameters: consumer_key={{CONSUMER_KEY}} consumer_secret={{CONSUMER_SECRET}}
  • Body: Depending on the body type:
    • JSON: "consumer_key": "{{CONSUMER_KEY}}", "consumer_secret": "{{CONSUMER_SECRET}}"
    • Form Data/x-www-form-urlencoded: consumer_key: {{CONSUMER_KEY}} consumer_secret: {{CONSUMER_SECRET}}

Step 4: Send Your Request

Click the “Send” button to execute your request. Postman will dynamically replace the variable placeholders with the actual values stored in the environment, sending the consumer key and secret.

This method allows you to easily manage credentials across multiple requests and environments without directly exposing them in the requests.

By following these methods, you can seamlessly send consumer key and consumer secret in your Postman requests for API testing. Choose the method that best suits your API requirements and security practices. Remember to handle your credentials securely and prioritize best practices for authorization.

API Testing Blog