Skip to content
Postman API Testing Tips

How To Use Basic Auth In Postman

API Testing Blog

Using Basic Authentication in Postman for API Testing

Basic authentication is a simple and commonly used method for securing web APIs. It involves sending the username and password in the request header, encoded as a base64 string. Postman provides a convenient way to manage basic authentication for your API tests.

Setting Up Basic Authentication in Postman

  1. Open Postman: Launch the Postman application.
  2. Create a new request: Click on the “New” button and select “Request.”
  3. Select the HTTP method: Choose the appropriate HTTP method for your API request (e.g., GET, POST, PUT, DELETE).
  4. Enter the API endpoint: In the request URL field, enter the complete URL of the API endpoint you want to test.

Configure Basic Authentication

  1. Navigate to Authorization tab: Click on the “Authorization” tab in the right-hand sidebar.
  2. Choose “Basic Auth” type: Select “Basic Auth” from the “Type” dropdown menu.
  3. Enter your credentials: In the “Username” and “Password” fields, enter your API credentials.
  4. Generate the Base64 encoded string: Postman will automatically generate the base64 encoded string of your credentials. You can also manually calculate the encoded string using online tools or your preferred programming language.
  5. Save the request: Click on the “Save” button to save the request with your basic authentication configuration.

Example: Using Basic Authentication with a Sample API

Let’s consider a simple example using a fictional API called “My API” with a protected endpoint /api/products. We’ll use basic authentication to access this endpoint.

1. Set up the request:

  • Method: GET
  • URL: https://api.myapi.com/api/products

2. Configure basic authentication:

  • Type: Basic Auth
  • Username: demoUser
  • Password: demoPassword

3. Send the request: Click the “Send” button.

4. Viewing the response: The response will be displayed in the bottom pane. If authentication is successful, you’ll see the expected list of products returned from the API.

Using Basic Authentication in a Collection

You can also create a collection in Postman to group multiple requests with basic authentication.

  1. Create a new collection: Click on the “Collections” button and then “Create Collection.”
  2. Add the request: Add the request you created previously to the collection.
  3. Assign a shared Environment: If you want to store your credentials in a shared environment, choose a suitable environment.
  4. Set up the environment variables: In the environment, define variables for the username and password.
  5. Replace with environment variables: Edit your request to use the environment variables for the username and password fields in the Authorization tab.

Working with Environment Variables

Using environment variables offers a more manageable approach for managing credentials, especially in shared collections. Here’s how to set up environment variables for basic authentication:

  1. Create a new environment: Click on the “Environments” icon and then “Add.”

  2. Define your environment: Give your environment a name (e.g., “My API Environment”) and set it as the active environment if needed.

  3. Add variables: Click on the “Add variable” button in the environment editor. Add two variables:

    • Name: username

    • Value: demoUser

    • Name: password

    • Value: demoPassword

  4. Edit the request: Replace the “Username” and “Password” fields in your request with the environment variables:

    • Username: {{username}}
    • Password: {{password}}

  5. Send the request: Send the request again. Postman will use the values from the environment variables for authentication.

Additional Considerations

  • Security: When working with sensitive credentials, avoid storing them directly in your request. Use environment variables or a dedicated secrets management system.
  • Bearer Authentication: For APIs that use Bearer authentication tokens, you can use the “Bearer” type in the authorization tab instead of “Basic Auth”.

Conclusion

By understanding how to use basic authentication in Postman, you can easily test secured APIs and ensure your applications function correctly. This guide provided comprehensive coverage of the process, incorporating practical examples, step-by-step instructions, and valuable tips on security. Remember to always prioritize security when handling sensitive API credentials.

API Testing Blog