You can onboard your API consumers quickly and efficiently by setting up API authentication for your public APIs in Postman. This feature enables you to communicate the steps users need to take to successfully make their first request to your API, such as registering for a developer account or creating an app on your dashboard. When a user creates a request to your API, Postman will automatically recognize it requires authentication and prompt them with your provided steps to set it up.
Go to the API authorization dashboard to set up API authentication for your public APIs. Select Team > Team Settings, then select Set up API authorization in the left sidebar. You can also select API Network > Public API Network in the Postman header to open your public profile, then select Set up API authorization.
Postman supports Bearer Token, Basic Auth, API Key, and OAuth 2.0 authorization.
The following example shows you how to configure API authentication for an API that uses OAuth 2.0:
Enter the base URL of your API. You'll need to verify it later to enable authorization.
Select OAuth 2.0 as the authorization type.
Select Authorization code as the grant type. You can learn more about specifying an authorization code.
Select Generate Callback URL. Copy the URL and add it to the allow list in your application’s settings.
Enter the access token URL. This URL is the endpoint for your authentication server and will be used to obtain an access token.
Enter the authorization URL. This is where users will be sent to authenticate with your API.
Enter the application client ID for the application you created for this integration.
Enter the application client secret for the application you created for this integration. Secrets are stored encrypted at rest and in transit, and are never visible to consumers.
(Optional) Enter a comma-separated list of authentication scopes to restrict what Postman users can access. For example, read:public_key, write:org
.
Select if client credentials should be sent as a Basic Auth header or in the request body.
(Optional) Select Advanced settings to add a refresh token URL or parameters to different types of requests. If the refresh token URL is empty, the access token URL will be used.
Add any prerequisite steps users must take to successfully make a request to your API. This could include steps like registering for a developer account, creating an integration, or copying a token. This will be shown to users when they create a request to your API and will guide them through setting up authentication.
You can use basic Markdown syntax for bold, italics, underline, bullet points, and links to structure your content.
Verify your domain to complete adding authorization.
Select Save to save your API authorization settings.
You must verify your domain for your API authentication configuration to share it with the Postman community.
Select Generate TXT Record.
Select the copy icon to copy the TXT Record.
Add the copied value to your domain as a DNS TXT record.
Select Verify Domain in Postman to confirm. After your domain is verified, Postman will recognize newly created requests to your API and prompt users to authenticate through the steps you've provided.
Last modified: 2023/10/13
Additional resources
Videos
Blog posts