Bird
Raised Fist0
Postmantesting~8 mins

Inheriting auth from collection in Postman - Framework Patterns

Choose your learning style10 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Framework Mode - Inheriting auth from collection
Folder Structure
Postman Collection Project/
├── collections/
│   ├── MyCollection.postman_collection.json  (Main collection with auth)
│   └── SubCollection.postman_collection.json (Sub-collection inheriting auth)
├── environments/
│   ├── dev.postman_environment.json
│   └── prod.postman_environment.json
├── scripts/
│   └── pre-request-scripts.js
├── tests/
│   └── test-scripts.js
└── README.md
Test Framework Layers
  • Collection Layer: Holds the main Postman collection JSON files. The main collection defines the authentication method (e.g., Bearer Token, OAuth2).
  • Sub-Collection Layer: Contains sub-collections or folders that inherit authentication settings from the main collection to avoid repetition.
  • Environment Layer: Stores environment variables like base URLs, tokens, and credentials for different environments (dev, prod).
  • Scripts Layer: Contains pre-request and test scripts to run before or after requests for setup, validation, or token refresh.
  • Tests Layer: Contains test scripts that assert response correctness and status codes.
Configuration Patterns
  • Authentication Inheritance: Define authentication at the collection level in Postman. Sub-collections or folders inherit this auth automatically unless overridden.
  • Environment Variables: Use environment variables for sensitive data like tokens and URLs. This allows switching environments without changing collections.
  • Token Management: Use pre-request scripts to refresh tokens automatically and update environment variables.
  • Collection Variables: Use collection variables for values shared across requests but specific to the collection.
Test Reporting and CI/CD Integration
  • Use Newman (Postman CLI) to run collections in CI/CD pipelines.
  • Generate reports in formats like HTML, JSON, or JUnit XML using Newman reporters.
  • Integrate with CI tools (GitHub Actions, Jenkins, GitLab CI) to run tests on code changes.
  • Fail builds if authentication or API tests fail, ensuring early detection of issues.
Best Practices
  • Define Auth Once: Set authentication at the collection level to avoid duplication and reduce errors.
  • Use Environment Variables: Keep sensitive data out of collections and manage them securely per environment.
  • Use Pre-request Scripts: Automate token refresh and setup to keep tests reliable and independent.
  • Keep Collections Modular: Use folders or sub-collections to organize tests logically while inheriting auth.
  • Document Auth Setup: Clearly document how auth inheritance works in your README for team clarity.
Self Check

Where in this folder structure would you add a new sub-collection that inherits authentication from the main collection?

Key Result
Define authentication at the collection level in Postman so sub-collections inherit it automatically, ensuring DRY and secure test design.

Practice

(1/5)
1. What does it mean to inherit authentication from a collection in Postman?
easy
A. Requests use the collection's saved login details automatically.
B. Each request must have its own separate authentication setup.
C. Authentication is disabled for all requests in the collection.
D. Authentication details are shared only between environments.

Solution

  1. Step 1: Understand collection-level authentication

    Collection-level authentication means login info is saved once for all requests inside it.

  2. Step 2: Apply inheritance concept to requests

    Requests automatically use this saved info unless overridden individually.

  3. Final Answer:

    Requests use the collection's saved login details automatically. -> Option A

  4. Quick Check:

    Inheriting auth = Requests use collection auth [OK]
Hint: Remember: collection auth applies to all requests by default [OK]
Common Mistakes:
  • Thinking each request needs separate auth setup
  • Assuming auth is disabled when inherited
  • Confusing environment variables with collection auth
2. Which of the following is the correct way to set a request to inherit authentication from its collection in Postman?
easy
A. Leave the request's auth type blank.
B. Set the request's auth type to 'Inherit auth from parent'.
C. Manually enter the collection's auth details in the request.
D. Disable authentication on the request.

Solution

  1. Step 1: Identify the correct auth setting for inheritance

    Postman provides an explicit option called 'Inherit auth from parent' to use collection auth.

  2. Step 2: Understand why other options are incorrect

    Leaving blank or disabling auth does not inherit; manual entry duplicates info.

  3. Final Answer:

    Set the request's auth type to 'Inherit auth from parent'. -> Option B

  4. Quick Check:

    Auth inheritance = 'Inherit auth from parent' [OK]
Hint: Choose 'Inherit auth from parent' to reuse collection auth [OK]
Common Mistakes:
  • Leaving auth blank expecting inheritance
  • Copying auth details manually into each request
  • Disabling auth thinking it inherits
3. Given a collection with Basic Auth username 'user1' and password 'pass1', what will be the Authorization header value for a request set to inherit auth from this collection?
medium
A. Authorization: Digest user1:pass1
B. Authorization: Bearer dXNlcjE6cGFzczE=
C. Authorization: Basic user1:pass1
D. Authorization: Basic dXNlcjE6cGFzczE=

Solution

  1. Step 1: Understand Basic Auth header format

    Basic Auth uses 'Authorization: Basic ' plus base64 encoding of 'username:password'.

  2. Step 2: Encode 'user1:pass1' in base64

    Encoding 'user1:pass1' results in 'dXNlcjE6cGFzczE='.

  3. Final Answer:

    Authorization: Basic dXNlcjE6cGFzczE= -> Option D

  4. Quick Check:

    Basic Auth header = 'Basic ' + base64(username:password) [OK]
Hint: Basic Auth header = 'Basic ' + base64(username:password) [OK]
Common Mistakes:
  • Confusing Basic with Bearer or Digest schemes
  • Using plain 'user:pass' without encoding
  • Encoding incorrectly or forgetting colon
4. You set a request to inherit auth from its collection, but the request fails with 401 Unauthorized. What is the most likely cause?
medium
A. The request URL is invalid.
B. The request has its own auth set, overriding the collection.
C. The collection's authentication details are incorrect or expired.
D. Postman does not support auth inheritance.

Solution

  1. Step 1: Check collection auth correctness

    If collection auth is wrong or expired, inherited requests will fail authentication.

  2. Step 2: Rule out other causes

    Request auth overriding would not inherit; URL invalid causes different error; Postman supports inheritance.

  3. Final Answer:

    The collection's authentication details are incorrect or expired. -> Option C

  4. Quick Check:

    401 error + inherited auth = bad collection credentials [OK]
Hint: Check collection auth details first on 401 errors [OK]
Common Mistakes:
  • Assuming inheritance is not supported
  • Ignoring collection auth validity
  • Blaming request URL without checking auth
5. You have a collection with OAuth 2.0 authentication set. You want one request to use a different token without changing the collection. How should you configure this request?
hard
A. Set the request's auth type to OAuth 2.0 and enter the new token manually.
B. Keep the request set to inherit auth from collection and change the collection token.
C. Disable authentication on the request.
D. Create a new collection with the new token.

Solution

  1. Step 1: Understand overriding auth at request level

    To use a different token, the request must have its own auth settings, not inherit.

  2. Step 2: Apply OAuth 2.0 with new token on request

    Set request auth type to OAuth 2.0 and input the new token manually to override collection.

  3. Final Answer:

    Set the request's auth type to OAuth 2.0 and enter the new token manually. -> Option A

  4. Quick Check:

    Override collection auth by setting request auth explicitly [OK]
Hint: Override collection auth by setting request auth manually [OK]
Common Mistakes:
  • Changing collection token affects all requests
  • Disabling auth causes request to fail
  • Creating new collection unnecessarily