Postmantesting~15 mins

Inheriting auth from collection in Postman - Build an Automation Script

Choose your learning style9 modes available

Learn Why Deep Trace Try Challenge Automate Recall Frame

Verify that a request inherits authentication from its collection

Preconditions (2)

Step 1: Open the Postman app and select the collection with authentication configured

Step 2: Select a request inside the collection that does not have its own authentication settings

Step 3: Send the request

Step 4: Observe the request headers or authorization tab to confirm the authentication is applied

Step 5: Verify the response status code is 200 OK or as expected for authenticated requests

✅ Expected Result: The request uses the authentication settings inherited from the collection and successfully authenticates, returning the expected response.

Automation Requirements - Postman test scripts (JavaScript)

Assertions Needed:

Verify the Authorization header is present in the request

Verify the response status code is 200

Verify the response body contains expected authenticated content

Best Practices:

Use pm.request.headers to check headers

Use pm.response.to.have.status to assert status code

Use pm.expect for assertions

Keep test scripts simple and clear

Automated Solution

Postman

pm.test('Authorization header is present', () => {
    const authHeader = pm.request.headers.get('Authorization');
    pm.expect(authHeader).to.not.be.undefined;
    pm.expect(authHeader).to.not.be.empty;
});

pm.test('Response status is 200', () => {
    pm.response.to.have.status(200);
});

pm.test('Response body contains authenticated content', () => {
    const jsonData = pm.response.json();
    pm.expect(jsonData).to.have.property('user');
    pm.expect(jsonData.user).to.have.property('id');
});

This test script runs after the request is sent.

First, it checks if the Authorization header is present in the request headers, confirming the request inherited the auth from the collection.

Second, it asserts the response status code is 200, meaning the request was successful and authenticated.

Third, it verifies the response body contains a user object with an id property, which is expected only if authentication succeeded.

These checks together confirm that the request correctly inherited authentication from the collection.

Common Mistakes - 3 Pitfalls

{'mistake': 'Checking for authentication in the request body instead of headers', 'why_bad': 'Authentication tokens are sent in headers, not in the request body, so this check will fail or be meaningless.', 'correct_approach': "Check the 'Authorization' header in pm.request.headers to verify authentication."}

Hardcoding expected response status without verifying actual API behavior

Not checking if the request actually inherited auth and assuming it did

Bonus Challenge

Now add data-driven testing with 3 different requests in the collection, each inheriting auth and verifying their own expected response content.

Show Hint