See why Tony Patton recommends taking this Chrome add-on for a test drive.
Postman is a Web REST client that allows you to enter and monitor HTTP requests and responses. Handling authorization like this is just one possibility.Chrome add-on Postman streamlines testing APIs My script is a bit sloppy, but in the process of writing it, I found that there are quite a few interesting things you can do with Postman if you put in the effort. Now whenever we hit “Send” on one of our requests in this Collection, the Pre-request Script will run, checking if it’s time to find a new token and making the request if necessary. We can just set the type to Bearer Token and provide our variable as the value, like this: ( Learn more about Postman’s JavaScript scripting.)Īnd that’s it! The only step left is to change the authorization type in our requests. Upon success, I parse the response to assign the new token and its expiry time to the right variables. Using Postman’s pm object, I then build a call to send a request, supplying the appropriate url, method, headers, and body. If we’re at or below a thirty-second difference (arbitrarily chosen), then we fulfill the condition for the main part of the script. In the beginning of the script, I’m checking to see if I have an existing expiration time and how much of a difference (in seconds) there is between that time and the time the script is called. The other two are variables for the auth token itself and the expiration time of that token. In the script, I’m using Postman’s global variables to track some important things, including the client_id, client_secret, and grant_type, which I need for the body of the authorization request. So what’s going on here? I’m taking advantage of a few things. This is what I have in my collection’s “Pre-request Scripts”: We can take advantage of this to make sure we always have a valid token before requests. You may have noticed that when editing the Collection, alongside the Authorization tab there was a tab called Pre-Request Scripts. It was annoying to continually get a new token through the process above. On my project, the token would expire after fifteen minutes - enough time to get the token once and try out a few requests, but a pain for longer sessions. This is all well and good, but there’s one catch: our token can’t automatically refresh. The only remaining step is to ensure that each request needing authorization is set to inherit auth from parent (meaning the collection): If we plug in our appropriate credentials and click “Get New Access Token” and then “Update,” we’ll be all set up for our requests. After right-clicking to edit our Collection and navigating to the Authorization tab, we can select the OAuth 2.0 type from the dropdown and be presented with this: In our Postman Collection, we can take advantage of collection-level authorization so that we don’t have to configure it request by request. On my project, we have an API that grants and uses OAuth2 access tokens for authentication (with no refresh token). Here’s a solution I found that works well.
The more I’ve used it, the more ways I’ve tried to tackle this problem.
Postman for chrome how to#
One challenge with Postman is deciding how to authenticate your requests, something I’ve dealt with on a recent project. Like many others, I like to use Postman when building and testing an API.