Automating Security token in Postman

Gaurav Sharma
2 min readOct 6, 2019


Postman is a fantastic tool to quickly test your API(s). However, working in a microservice environment with end points being secured via a token system makes testing a PITA.

Adding a new security token every time the previous one expires slows us down, Here’s how to automate it —


  1. Latest version of Postman
  2. A service that is used by your application for authorization.


  1. Create a collection in Postman

2 . Go to Pre-request Scripts and add the following script —

Pre-request Script

3. Save the collection.

4. Create any request in this collection and this request will have the header inserted at run time.

Postman Console

How does the script work?

  1. We create the header for the request to the auth service.
  2. Then Extract the hostname from the request URL. Why?

If your dev env is split into multiple environments and with each env running its own auth service we need to hit the same host for both auth and actual request.

3. Create the request for the auth service.

4. Send the request. (Change the URL for auth)

5. Upsert the token the header. Change the header name accordingly.

That’s it. Test with ease now! 👍



Gaurav Sharma