How to automatically save token and pass to authorization header in postman

There is hardly a backend app that doesn't involve some sort of authentication or authorization. Testing can be very tedious because it means you have to always pass in the token returned from any of your endpoints that generate tokens to the header of your other endpoints that require that token to give them authority to access those endpoints.

I will give you an example. Say you developing the backend of a social media app. You want people to be able to register and login. You also want people to be able to create posts only if they are logged in. How do you know if a person is logged in? Well there are different methods of handling authentication and authorization but in this article, we will be discussing the use of JSON Web Tokens(JWT). What JWT does is to generate a token for a user when they sign in and that token is then passed in to the header of any request endpoint that requires authentication and authorization before access, e.g. creating a post, adding a friend, and many more.

This is an example of sending a login request and getting back a token

Here you can see that this request required that we passed in the token that was generated at login else it will fail. We passed the token to it but we had to do it manually.

The problem with the above style of passing tokens to request is that whenever you restart your server and need to test again and you hit the login endpoint, the token generated is different from the last one and this means that you now have to copy that token manually and paste it in any of the endpoint that requires authorization. This might not sound like a big deal if you are dealing with say 2 or 3 endpoints that require authorization but imagine you had 25 or more of those endpoints. Things begin to get messed up quickly. The solution to this problem in Postman is to make use of the combination of environment variables and tests. Yes, you can write tests in postman.

First, Let us talk about environment variables. You use environment variables to store values that you need often to make requests. For example, your base url. imagine you have fifty requires which of course will contain your base url plus other endpoints e.g localhost:8080/login. Here, localhost:8080 is the base url and is always the same across all endpoints. Now something happened and we need to change our base url from localhost:8080 to something else, say localhost:9090. This means that you have to change it in all the fifty or more requests that you have but if you are using environment variables, you only change it i one place and it reflects everywhere. Example? why not!

This is an environment I have created and it is called “Test Environment”. In this environment, I have set the value of my base url. The variable name is BASE_URL

Here, I am accessing the value of that base url with double curly braces. I have highlighted it so you can see that it is indeed getting that value from the environment.

Now that we know how to set environment variables manually, let’s talk about how to set them automatically. We can set environment variables automatically and in our case, the token gotten from logging in by writing a test in the request file. Let’s take a look at an example of how to do that.

If you check the sample login request screenshot above, you will see that in the response, the token is stored in a variable name called accessToken. This might be different for you but what is important is that you take not of the name. Now let’s go write the test.

Here, in the test tab of that request, we have written a piece of code that I believe is pretty easy to understand. What it does is to check the response of that request, extract the value from the variable named accessToken(You should put the variable that stores your token in the response body here) and sets that value to the environment with the name TOKEN.

And now if we do a quick look at the environment, we will see that a TOKEN variable has been created and has been set the value of the accessToken gotten from the response body of the Login request. Pretty cool.

Now let’s take a look at how to add this token to the header of any request that needs it.

In the authorization tab, we select the type of authorization we want which is “Bearer Token” in our case. It asks us for the token and instead of pasting the token manually, we just get the value of the token from the environment by using double curly braces and the variable name in between.

So guys, that is how you save yourself a little stress in postman. If you found this article useful, please share. If you find any mistake, you can drop it in the comment section or email me so that I can make adequate corrections. Thank you for reading.