For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Postman
PricingEnterprise
Contact SalesSign InSign Up for Free
HomeDocs
HomeDocs
      • Overview
        • Overview
        • Add certificates
        • Request authorization
        • Public API authorization
        • Authorization types
        • Digest
        • OAuth 1.0
        • OAuth 2.0
        • Hawk
        • AWS Signature
        • NTLM
        • Akamai Edgegrid
        • ASAP (Atlassian)
      • Webhooks
Postman API Platform

Product

  • Postman Overview
  • Enterprise
  • Spec Hub
  • Flows
  • Agent Mode
  • API Catalog
  • Fern
  • Postman CLI
  • Integrations
  • Workspaces
  • Plans and pricing

API Network

  • App Security
  • Artificial Intelligence
  • Communication
  • Data Analytics
  • Database
  • Developer Productivity
  • DevOps
  • Ecommerce
  • eSignature
  • Financial Services
  • Payments
  • Travel

Resources

  • Postman Docs
  • Academy
  • Community
  • Templates
  • Intergalactic
  • Videos
  • MCP Servers

Legal and Security

  • Legal Terms Hub
  • Terms of Service
  • Postman Product Terms
  • Security
  • Website Terms of Use

Company

  • About
  • Careers and culture
  • Contact us
  • Partner program
  • Customer stories
  • Student programs
  • Press and media
Twitter iconLinkedIn iconGithub iconYouTube iconInstagram iconDiscord icon
Download Postman
Privacy Policy

© 2026 Postman, Inc.

On this page
  • Authentication in Postman
  • Request authorization in Postman
Send requestsAuthentication and authorization

API authentication and authorization in Postman

||View as Markdown|
Was this page helpful?
Previous

Generate code snippets from API requests

Next

Add and manage CA and client certificates in Postman

Built with

Postman enables you to send auth details with your API requests. APIs use authentication and authorization to ensure that client requests access data securely. Authentication involves verifying the identity of the request sender, while authorization confirms that the sender has permission to carry out the endpoint’s operation.

If you’re building an API, you can choose from a variety of auth models. If you’re integrating with a third-party API, the required authorization will be specified by the API provider.

Authentication in Postman

Some APIs require establishing a client’s identity with a digital certificate. You can add your certificate authority (CA) or client certificates to Postman so you can access APIs that require authentication. To learn more, see Add and manage CA and client certificates in Postman.

Request authorization in Postman

You can pass auth details along with any request you send in Postman. Auth data can be included in the header, body, or in the request’s parameters. If you enter your auth details in the request’s Authorization tab, Postman automatically populates the relevant parts of the request for your selected auth type. You can use variables and collections to store authorization details, enabling you to reuse the same information in multiple places.

See the following topics to learn more about request authorization in Postman:

  • Use the Authorization tab of a request or collection to select an auth type and complete relevant details. To learn more, go to Add API authorization details to requests in Postman. For more details on the authorizations type you can use, see Authorization types supported by Postman.
  • When you create a request to a public API with Guided Auth set up, Postman gives you the option to automatically set up authorization. To learn more, see Set up authorization for public APIs using Guided Auth.
  • Some APIs enable you to send authentication details as query parameters. Also, Postman may automatically add headers to your request based on your auth setup. To learn more, see Send parameters and body data with API requests in Postman or Configure headers for API requests in Postman.
  • If you have session cookies in your browser, you can sync them to Postman using Postman Interceptor. To learn more, see Capture traffic from a web browser using Postman Interceptor and Create and capture cookies using Postman’s cookie manager.
  • If you’re having issues getting a request to authenticate and run, review the tips in Debug API requests using the Postman Console. If you still have auth problems, check out topics with the authentication tag on the Postman Community forum.