Skip to content
Postman API Testing Tips

How To Use Bearer Token In Postman

API Testing Blog

Understanding Bearer Tokens

Bearer tokens are a type of access token used in API authentication. They are commonly used in OAuth 2.0 authorization flows. The token represents the identity of the user or application requesting access to the API. APIs protected with bearer tokens require the token to be sent in the request header to grant access.

How to Use Bearer Token in Postman: A Step-by-Step Guide

This guide demonstrates how to use bearer tokens in Postman for API testing. We’ll cover both manual and automated approaches.

1. Manual Authentication

This approach involves manually setting the bearer token in each request.

Steps:

  1. Get the Bearer Token: Obtain the bearer token from the API provider. This process typically involves a separate API call for authentication, often an endpoint like ‘/login’ or ‘/token’.
  2. Open Postman: Launch the Postman application.
  3. Create a New Request: Select the HTTP method (GET, POST, etc.) and enter the API endpoint URL.
  4. Authorization Tab: Navigate to the “Authorization” tab in the Postman request window.
  5. Type: Choose “Bearer Token” from the dropdown menu.
  6. Token: Paste the obtained bearer token into the “Token” field.
  7. Send Request: Click “Send” to execute the request.

Example:

Let’s assume you have a token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkphbWUgRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw0

  • Endpoint: https://api.example.com/users
  • HTTP Method: GET
  • Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkphbWUgRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw0

Note: The bearer token should be passed as a value after the “Bearer” keyword, separated by a space.

2. Automated Authentication with Environment Variables

This method utilizes environment variables to store the bearer token, simplifying authentication for multiple requests.

Steps:

  1. Create an Environment: In Postman’s “Environments” section, create a new environment (e.g., “Dev”).
  2. Add a Variable: Add a new variable named “bearerToken” and set its value to the obtained bearer token.
  3. Use Variable in Request: In the “Authorization” tab of your request, select “Bearer Token” and use {{bearerToken}} in the “Token” field. Instead of hardcoding the token, you’re using a variable to dynamically pull the token.
  4. Request with Environment: Select the “Dev” environment for your request and send it.

Example:

  • Environment: “Dev”
  • Variable: “bearerToken” = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkphbWUgRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw0
  • Endpoint: https://api.example.com/users
  • HTTP Method: GET
  • Authorization: Bearer {{bearerToken}}

This approach is more manageable for projects with frequent bearer token changes or multiple API tests.

3. Authentication with Pre-request Scripts

Pre-request scripts are snippets of JavaScript code that run before each request is sent. These scripts can be used to dynamically generate the bearer token.

Steps:

  1. Create Pre-request Script: In the “Pre-request Script” tab of your request, write JavaScript code to fetch the bearer token. You might use the following code assuming you have an API endpoint for token generation: 
    const response = pm.sendRequest({
      url: 'https://api.example.com/token', // URL to fetch token
      method: 'POST', // Replace with your request method
      header: {
        'Content-Type': 'application/json' // Replace with your request header
      },
      body: {
        // Add your request body for token generation
      }
    });
    

    const token = response.json().token; // extract token from response
    

    pm.environment.set('bearerToken', token);
  2. Send Request with Script: Execute the request. The pre-request script will run first, fetch the token, set it in the environment variable “bearerToken,” and then use it for authorization.

Example:

  • Pre-request Script: (Code mentioned above)
  • Endpoint: https://api.example.com/users
  • HTTP Method: GET
  • Authorization: Bearer {{bearerToken}}

Pre-request scripts enhance automation by allowing you to programmatically manage the bearer token generation process.

Best Practices for Using Bearer Tokens in Postman

  • Use Environment Variables: Prefer environment variables for storing bearer tokens, making it easier to manage and avoid hardcoding.
  • Secure Token Storage: Never store bearer tokens directly in code. Use environment variables, secure storage, or other appropriate methods.
  • Authentication Flow: Implement authentication flows in Postman to streamline the token acquisition process.
  • Token Expiration: Be aware of token expiration. Consider refreshing tokens when necessary or implementing token refresh mechanisms.
  • API Documentation: Refer to the API documentation for specific instructions and procedures for using bearer tokens with the particular API.

By following these best practices and utilizing the techniques described above, you can effectively manage and use bearer tokens in Postman for API testing.

API Testing Blog