API authentication and authorization in Postman

Postman enables you to send auth details with your API requests. APIs use authentication and authorization to ensure that client requests access data securely. Authentication involves verifying the identity of the request sender, while authorization confirms that the sender has permission to carry out the endpoint's operation.

If you're building an API, you can choose from a variety of auth models. If you're integrating with a third-party API, the required authorization will be specified by the API provider.

Collections icon Try out examples of different types of authorization in a collection template that's ready to be modified to fit your use case. To try out this template, select Authorization methods.

Authentication in Postman

Some APIs require establishing a client's identity with a digital certificate. You can add your certificate authority (CA) or client certificates to Postman so you can access APIs that require authentication. To learn more, go to Add and manage CA and client certificates in Postman.

Request authorization in Postman

You can pass auth details along with any request you send in Postman. Auth data can be included in the header, body, or as parameters of a request. If you enter your auth details in the Authorization tab of a request, Postman will automatically populate the relevant parts of the request for your chosen auth type. You can use variables and collections to store authorization details, enabling you to reuse the same information in multiple places.

Go to the following topics to learn more about request authorization in Postman:

Last modified: 2024/02/06