Automating Security token in Postman

Postman is a fantastic tool to quickly test your API(s). However, working in a microservice environment with end points being secured via a token system makes testing a PITA.

Image for post
Image for post

Adding a new security token every time the previous one expires slows us down, Here’s how to automate it —

  1. Latest version of Postman
  2. A service that is used by your application for authorization.
  1. Create a collection in Postman
Image for post
Image for post

2 . Go to Pre-request Scripts and add the following script —

Pre-request Script
Image for post
Image for post

3. Save the collection.

4. Create any request in this collection and this request will have the header inserted at run time.

Image for post
Image for post
Postman Console

How does the script work?

  1. We create the header for the request to the auth service.
  2. Then Extract the hostname from the request URL. Why?

If your dev env is split into multiple environments and with each env running its own auth service we need to hit the same host for both auth and actual request.

3. Create the request for the auth service.

4. Send the request. (Change the URL for auth)

5. Upsert the token the header. Change the header name accordingly.

That’s it. Test with ease now! 👍

I like building stuff.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store