← Back to Chapters

Authorization & Authentication

? Authorization & Authentication

? Quick Overview

Authentication and Authorization are core security concepts used in APIs. Postman provides a dedicated Authorization tab to configure and test different authentication mechanisms easily while sending API requests.

? Key Concepts

  • Authentication: Verifies who the user is
  • Authorization: Determines what the user can access
  • Tokens: Credentials used to access protected APIs
  • Headers: Authorization data is usually sent via headers

? Syntax / Theory

In Postman, authentication is configured from the Authorization tab. The selected authorization type automatically adds required headers or parameters to the request.

? Code Example(s)

? View Code Example 
// Authorization header using Bearer Token
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
? View Code Example 
// Basic Authentication header format
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

? Live Output / Explanation

If the authentication details are valid, the API returns a successful response (200 OK). If invalid, it may return 401 Unauthorized or 403 Forbidden errors.

? Interactive Example / Visual Flow

?️ Live Header Generator

Select an auth type and type credentials to see how the header is constructed.

Authorization: (None)

Request Flow:

  • Client sends request with credentials
  • Server validates authentication
  • Server checks authorization rules
  • Response is returned

? Use Cases

  • Testing secured REST APIs
  • Working with OAuth 2.0 services
  • Debugging authentication failures
  • Learning API security workflows

✅ Tips & Best Practices

  • Use environment variables to store tokens
  • Never hardcode sensitive credentials
  • Prefer OAuth 2.0 for modern APIs
  • Re-use authorization at collection level

? Try It Yourself

  1. Create a new request in Postman
  2. Open the Authorization tab
  3. Select Bearer Token
  4. Paste a sample token
  5. Send the request and observe headers