Create and capture cookies using Postman's cookie manager

Postman's cookie manager enables you to view and edit cookies that are associated with different domains. You can manually create cookies for a domain, or you can capture cookies using the Postman proxy or Postman Interceptor. You can then use the cookies stored in the Postman cookie jar when sending requests in Postman.

To turn off sending cookies with a request, select the request's Settings tab, then select Disable cookie jar.

About cookies

A cookie is a packet of data that a computer receives and then sends back without changing or altering it. Most cookies have two pieces of data: a unique ID for each user and a site name.

Websites can retrieve the cookie when you revisit them, so they can remember you and your preferences and tailor page content for you based on this information. Without cookies, you'd have to sign in again after you leave a site or rebuild your shopping cart if you closed a web page. This makes cookies an important part of the internet experience.

To manage cookies in Postman, open a request, then select Cookies (under Send).

Cookies link

In the Cookies window, select the Manage Cookies tab to display a list of domains and the cookies associated with each one. If you want to view cookies for a domain that isn't in the list, you can add a domain.

Managing cookies

Add a domain

To add a new domain to the cookie manager, do the following:

  1. Select the Type a domain name search box.
  2. Enter the domain name. If you enter a protocol (such as http://) or port number, they won't be stored with the domain name in the cookie manager.
  3. Select Add domain.

Create cookies

To add a new cookie for a domain, select Add icon Add Cookie under the domain. A pre-generated cookie string compliant with HTTP State Management standards is created.

Cookie_1=value; Path=/; Expires=Wed, 09 Oct 2024 21:49:26 GMT;

Postman supports the following attributes:

  • cookieName = cookieValue - The name of the cookie and its stored value.
  • Domain - The domain Postman will send the cookie to.
  • Path - The URL path that the cookie is restricted to. If the path is /, the cookie will be sent to all requests in the specified domain.
  • HttpOnly - If present, the cookie won't be available to the client-side scripts run on the page (for example, with document.cookie in JavaScript). The cookie will only be added to the cookie header in requests that are made. This field doesn't have an effect on Postman's behavior.
  • Secure - If present, the cookie is only sent when the URL begins with https:// and won't be sent over an insecure connection.
  • Expires - The time after which the cookie expires and won't be sent by Postman.

Select Save to save the cookie to the Postman cookie jar under the relevant domain.

Postman doesn't support the SameSite attribute, or the __Secure- and __Host- prefixes.

You can also add or edit the cookies in a response with the Set-Cookie header.

Edit or delete cookies

To update an existing cookie for a domain, select the cookie you want to edit, edit any attribute, then select Save.

To delete a domain and all cookies associated with it, select Close icon next to the domain. To delete an individual cookie, select Close icon next to the cookie.

To remove all cookies and domains from the Postman cookie jar, select Clear All Cookies.

Send cookies with a request

When you make a request to a domain you have added a cookie to, the cookie automatically appears in your request Headers tab. If the cookie isn't visible, select hidden to show autogenerated headers.

Cookie header

You can't override cookie headers directly in the Headers tab. Edit the cookie in the cookie manager, or delete the cookie and set your request headers manually. You can add cookies in the cookie manager and the Headers tab, and Postman will merge the cookies before sending the request.

Script with cookies

You can write scripts that create, get, and delete cookies, giving you more control over your cookies. Use the pm.cookies object to access cookies associated with the request. Use the pm.cookies.jar() methods to create, get, and delete cookies for a specific domain. To access cookies for specific domains using the pm.cookies.jar() methods, you must first add domains to the allowlist.

Learn more about writing scripts that create, get, and delete cookies.

Access cookies in scripts

When you add a domain to the allowlist, cookies for that domain can be accessed in scripts using the pm.cookies.jar() methods.

To add a domain to the allowlist, do the following:

  1. In the Cookies window, select Domains Allowlist.
  2. Select Add a domain to the Allowlist.
  3. Enter the allowed domain. If you include anything other than the domain name, such as a protocol, you won't be able to access cookies for that domain.
  4. Select Add.

To remove a domain from the allowlist, select Close icon next to the domain.

Manage cookies domains allowlist

Sync cookies

Postman can capture cookies for a browser or client application using the Postman proxy or Postman Interceptor. For the domains you select, captured cookies are continuously synced with the Postman cookie jar. This enables you to use any authentication sessions in your browser or client application to make API calls in Postman.

Learn more about capturing cookies with the Postman proxy or Postman Interceptor.

Last modified: 2024/10/04

Additional resources

Videos

Syncing Cookies for Authentication | Postman Level Up
Postmanaut dancing. Illustration.