How To Use Inherit Auth From Parent In Postman
How to Use Inherited Authentication in Postman
Postman is a popular tool for API testing, and its powerful features include the ability to manage authentication for different requests. When you’re working with a collection of requests that require the same authentication, such as OAuth2, you can avoid repetitive setup by inheriting authentication from a parent collection.
This guide will showcase how to set up authentication on a parent collection and use it to automatically apply to child requests.
Inheriting Authentication from Parent Collection
Let’s start with a practical example. Imagine you’re testing a set of APIs that require OAuth2 authentication. You can set up the authentication once at the parent collection level and have it automatically applied to all child requests within the collection.
Steps:
-
Create a parent collection: Create a new collection in Postman and name it appropriately. For example, “API Testing Collection”.
-
Add Authorization to the Parent Collection:
- Go to the collection: Click on the parent collection’s name from the left sidebar.
- Navigate to Authorization tab: Click on the “Authorization” tab.
- Choose OAuth 2.0: Select the “OAuth 2.0” authentication type.
- Configure OAuth 2.0 settings: You’ll need to provide details like the Grant Type, Token URL, etc. These settings will vary depending on your specific API.
-
Create Child Requests: Create individual requests within your parent collection. Each request will inherit the authorization settings from the parent collection.
-
Test your requests: You can now send requests within the collection. The inherited authentication will be automatically applied.
Sample Code:
// Parent Collection: API Testing Collection{ "info": { "_postman_id": "9f653a7e-4df6-416b-a3ce-5b61480858c4", "name": "API Testing Collection", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "OAuth 2.0 Authentication", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/auth/token", "protocol": "https", "host": ["{{baseUrl}}"], "path": ["auth", "token"] }, "auth": { "type": "oauth2", "oauth2": { "grant_type": "client_credentials", "tokenUrl": "{{baseUrl}}/oauth/token", "clientId": "your_client_id", "clientSecret": "your_client_secret", "scopes": "your_scopes" } } }, "response": [], "tests": [] }, { "name": "Get User Information", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/users/me", "protocol": "https", "host": ["{{baseUrl}}"], "path": ["users", "me"] }, "auth": { "type": "oauth2" } }, "response": [], "tests": [] } ]}In this example, the “API Testing Collection” has an “OAuth 2.0 Authentication” request that sets up the authorization. The “Get User Information” request, within the same collection, inherits the same OAuth 2.0 authentication.
How to Apply Inherited Authentication to a Child Request
Now let’s explore how to apply the inherited authentication from the parent collection to a specific child request.
Steps:
-
Create a new request within the collection. This request will inherit the parent collection’s authentication.
-
Optionally, choose a specific authentication type. If the parent collection has multiple authentication types set up, you can specify the desired type for this request. For example, if your parent collection includes OAuth 2.0 and API Key, you can choose to use API Key for this specific child request.
Sample Code:
{ "name": "Get User Posts", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/users/{{userId}}/posts", "protocol": "https", "host": ["{{baseUrl}}"], "path": ["users", "{{userId}}", "posts"] }, "auth": { "type": "oauth2" // You can specify the specific authentication type here } }, "response": [], "tests": []}In this code, the request “Get User Posts” automatically inherits the OAuth 2.0 authentication setup in the parent collection.
How to Modify Inherited Authentication for Individual Requests
You can easily modify inherited authentication for individual requests if needed. For example, you might want to use a different API Key for specific requests.
Steps:
- Open the child request: Click on the child request you want to modify.
- Go to Authorization tab: Navigate to the “Authorization” tab.
- Configure the desired authentication type: Choose the desired authentication type (OAuth 2.0, API Key, etc.) and configure the settings as needed.
- Save the changes.
By modifying the authentication settings within the child request, you can override the inherited authentication from the parent collection.
How to Override Inherited Authentication with Request Variables
If you have multiple requests needing different values for the same authorization parameter, such as “client_id” or “client_secret” in OAuth 2.0, using request variables is a powerful approach.
Steps:
- Create a request variable: Go to the parent collection level or specific child request, and navigate to the “Variables” tab.
- Add a new variable: Define the request variable. For example, you could create variables named “clientId” and “clientSecret.”
- Update the authorization settings: Replace the hard-coded values in the authorization settings with the request variables. For example, in the OAuth 2.0 settings, use “{{clientId}}” and “{{clientSecret}}” instead of the actual values.
Sample Code:
{ "name": "Get User Posts", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/users/{{userId}}/posts", "protocol": "https", "host": ["{{baseUrl}}"], "path": ["users", "{{userId}}", "posts"] }, "auth": { "type": "oauth2", "oauth2": { "grant_type": "client_credentials", "tokenUrl": "{{baseUrl}}/oauth/token", "clientId": "{{clientId}}", "clientSecret": "{{clientSecret}}", "scopes": "your_scopes" } } }, "response": [], "tests": []}By using request variables, you can easily change the authorization parameter values for different requests without having to modify the authorization settings in each request.
How to Test Inherited Authentication
Once you’ve set up inherited authentication, it’s essential to test its functionality to ensure it’s working as expected.
Steps:
- Send a request within the collection: Choose a child request and click on the “Send” button.
- Verify the response: Check the response of the request. You should receive a successful response if the inherited authentication is working correctly.
- Test different requests: Test multiple requests within the collection to ensure the inherited authentication is consistently applied.
By testing the inherited authentication, you can be confident that your API requests are properly authenticated and your tests are accurate.
Summary
Inheriting authentication in Postman is a powerful feature that can significantly streamline your API testing workflow. This guide has outlined how to set up and manage inherited authentication, highlighting practical examples and step-by-step instructions. By leveraging this feature, you can avoid repetitive setup, improve efficiency, and ensure consistency in your authentication across multiple requests.