Authenticate with Hawk access authentication in Postman

Hawk authentication enables you to authorize requests using partial cryptographic verification.

To use Hawk authentication, do the following:

  1. In the Authorization tab for a request, select Hawk Authentication from the Type dropdown list.

  2. Enter your details in the Hawk Auth ID, Hawk Auth Key, and Algorithm fields. You can optionally set advanced details, but Postman will try to generate values for them if necessary.

When the required details are complete in the Authorization tab for your request, Postman will add them to the Headers.

The Hawk Authentication parameters are as follows:

  • Hawk Auth ID - Your API authentication ID value.
  • Hawk Auth Key - Your API authentication key value.
  • Algorithm - The hash algorithm used to create the message authentication code (MAC).
  • Advanced parameters:
    • User - The username.
    • Nonce - A random string generated by the client.
    • ext - Any application-specific information to be sent with the request.
    • app - The binding between credentials and the application to prevent an attacker using credentials issued to someone else.
    • dlg - The ID of the application the credentials were issued to.
    • Timestamp - Timestamp the server uses to prevent replay attacks outside the time window.

Last modified: 2022/12/12

Additional resources

Videos

Intro to Postman | Authorize a Request
How to Use JWT Authorization
Set Up Authorization for Your Public Apis

Blog posts

Announcing easier API authentication in Postman
OAuth 2.0 just got easier: introducing token refresh and ID token support
New custom parameters for OAuth 2.0 token generation in Postman

Case Studies

Intuit uses Postman's authentication protocols
Postmanaut dancing. Illustration.