***
title: Add API authorization details to requests in Postman
updated: 2025-10-14T00:00:00.000Z
max-toc-depth: 2
----------------
With a request open in Postman, use the **Authorization** tab to select an auth type, then complete the relevant details for your selected type. The correct data values are determined by your API at the server side. If you're using a third-party API, refer to the provider's documentation for any required auth details.
You can use Guided Auth to set up authentication credentials for supported public APIs. For more information, see [Set up authorization for public APIs using Guided Auth](/docs/sending-requests/authorization/authentication-for-public-apis/).
## Select an authorization type
When you select an auth type from the **Auth Type** dropdown list, Postman indicates which parts of the request your details are included in. For example, the header, body, URL, or query parameters. Postman then adds your auth details to the relevant parts of the request when you select or enter them. This enables you to preview how Postman will send your data before you run the request.
For more details on setting up each type of authorization, see [Authorization types supported by Postman](/docs/sending-requests/authorization/authorization-types/).
You can use these auth types in Postman, in [monitors](/docs/monitoring-your-api/intro-monitors/), and in the [Postman CLI](/docs/postman-cli/postman-cli-overview/) or [Newman](/docs/collections/using-newman-cli/command-line-integration-with-newman/).
## View authorization details
After you select and set up an authorization type, your data appears in the relevant parts of the request. For example, in the **Headers** tab. To view headers that were added automatically, select **hidden**.
Hover over a header to get information about where it was added. To change an auth header, return to the **Authorization** tab and update your configuration.
You can't override headers added by your **Authorization** selections in the **Headers** tab. If you need auth headers that are different from those generated by Postman, change your setup in **Authorization**. You can also remove your auth setup and manually add the headers.
Your request auth can use environment, collection, and global [variables](/docs/sending-requests/variables/variables/). Postman doesn't save header data or query parameters to avoid exposing sensitive data, such as API keys.
It's recommended that you use your [Postman Vault](/docs/sending-requests/postman-vault/postman-vault-secrets/) to store sensitive data as vault secrets. Only you can access and use values associated with your vault secrets, and vault secrets aren't synced to the Postman cloud. If you want to share sensitive data with collaborators, you can store it in an environment as a [variable set as sensitive data](/docs/sending-requests/variables/variables/#set-a-value-as-sensitive-data).
You can inspect a raw dump of the entire request including auth data in the Postman Console after you send it.
## Inherit authorization
You can specify auth details in a parent [collection](/docs/sending-requests/create-requests/intro-to-collections/) or folder, and reuse the parent's auth details throughout its grouped requests.
When you select **Inherit auth from parent** from the **Auth Type** dropdown list, requests grouped inside a collection or folder inherit the auth details from the parent. This means the grouped requests will use the same auth you specified at the collection or folder level. In each grouped request's **Authorization** tab, you can view the auth details for the parent collection or folder. You can also select **Edit Auth** to open the parent collection or folder to edit its auth details.
To change the auth for an individual request, select a different auth type in the request's **Authorization** tab.