Skip to content
Postman API Testing Tips

How To Use Pem File In Postman

API Testing Blog

Using PEM Files in Postman for API Testing

Postman is a popular tool for API testing. Sometimes, API endpoints require authentication using certificates, which are often stored in PEM files. This guide will walk you through how to configure Postman to use PEM files for API testing, including practical examples.

1. Understanding PEM Files

PEM (Privacy Enhanced Mail) files are commonly used to store cryptographic keys and certificates in ASCII format. They are frequently used with TLS/SSL (Transport Layer Security/Secure Sockets Layer) for secure communication over the internet.

2. Preparing Your PEM File

Ensure you have the correct PEM file containing the necessary private key and/or certificate for your API communication.

Example:

Let’s assume you have a file named example.pem containing your private key and certificate. You might have received this file from your API provider or generated it yourself.

3. Importing the PEM File into Postman

Postman offers several methods for utilizing PEM files:

3.1 Using the Environment Variables

  1. Create an Environment: Go to the “Environments” section in Postman and click “Add.”
  2. Create Variables: Add two variables:
    • private_key: Paste the contents of your PEM file into this variable.
    • certificate: If your PEM file contains a certificate, paste the certificate portion into this variable. (Note that the certificate portion needs to start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----).
  3. Use the Variables in Your Request: 
    {
      "url": "https://example.com/api",
      "method": "POST",
      "headers": {
        "Content-Type": "application/json",
        "Authorization": "client-cert {{private_key}} {{certificate}}"
      },
      "body": {
        "key": "value"
      }
    }

Example Breakdown:

  • {{private_key}}: This will be replaced with the content of your private_key variable.
  • {{certificate}}: This will be replaced with the content of your certificate variable.
  • The entire Authorization header value will be used for authentication.

3.2 Using Raw Data in Authorization Header

  1. Use the Authorization Tab: In Postman, navigate to the “Authorization” tab for your request.
  2. Select “Type” as “Basic Auth”: This allows you to input raw data for the Authorization header.
  3. Input the PEM File Contents:
    • In the “Username” field, paste the complete content of your PEM file.
    • Leave the “Password” field blank.

Important Note: This method is not ideal for security reasons as it directly exposes the private key in your request. You should only use it for testing or development environments. For production, consider the Environment Variables method for better security.

4. Testing with Your API Endpoint

Now that you have configured Postman with your PEM file, you can send requests to your API endpoint:

  1. Set the url: In the “Request” tab, input the correct URL of your API endpoint.
  2. Send the Request: Click “Send” to execute your request.

5. Troubleshooting

  • Ensure the PEM file is correctly formatted. The format must be compatible with Postman.
  • Verify your Authorization header. Ensure the correct syntax is used based on the chosen method (Environment Variables vs. Raw Data).
  • Check the API documentation. Confirm the required authentication method and any specific format requirements for the PEM file.

Conclusion:

This guide has provided you with the practical knowledge and steps to successfully use PEM files in Postman for API testing. By following these steps and tailoring them to your specific API needs, you can ensure secure and reliable communication with your API endpoints. Remember to prioritize security by using the Environment Variables method for production environments.

API Testing Blog