How to Set Authorization in Postman: Step-by-Step Guide
To set authorization in Postman, open the request, go to the
Authorization tab, and select the type of authorization you need (e.g., Bearer Token, Basic Auth, or API Key). Then, enter the required credentials or token in the provided fields to authenticate your API request.Syntax
In Postman, authorization is set per request or collection by choosing an authorization type and providing credentials.
- Type: Select the authorization method (e.g., Bearer Token, Basic Auth, API Key).
- Credentials: Enter the token, username/password, or key value depending on the type.
- Header or Query: For API Key, specify if the key goes in the header or query parameters.
postman
Authorization tab usage: 1. Select Authorization type from dropdown 2. Fill in required fields (e.g., Token, Username, Password) 3. Postman adds authorization info automatically to the request
Example
This example shows how to set a Bearer Token authorization in Postman to access a protected API endpoint.
text
1. Open Postman and create a new request. 2. Click on the Authorization tab. 3. From the Type dropdown, select Bearer Token. 4. In the Token field, enter your access token, for example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... 5. Send the request. Postman adds the header Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... automatically. Response example: { "status": "success", "data": {"id": 123, "name": "Test User"} }
Output
{
"status": "success",
"data": {"id": 123, "name": "Test User"}
}
Common Pitfalls
Common mistakes when setting authorization in Postman include:
- Not selecting the correct authorization type for the API.
- Entering the token or credentials in the wrong field or tab.
- For API Key, forgetting to specify if the key should be sent in the header or query parameters.
- Using expired or invalid tokens causing authentication failures.
Always verify the API documentation for the correct authorization method and required fields.
text
Wrong way:
- Selecting No Auth but manually adding Authorization header in Headers tab (can cause conflicts).
Right way:
- Use Authorization tab to set the auth type and credentials so Postman manages headers correctly.Quick Reference
| Authorization Type | Description | Where to Enter Credentials |
|---|---|---|
| Bearer Token | Send token in Authorization header as Bearer | Authorization tab > Token field |
| Basic Auth | Send base64 encoded username and password | Authorization tab > Username and Password fields |
| API Key | Send key in header or query parameter | Authorization tab > Key and Value fields, select location |
| No Auth | No authorization sent | No credentials needed |
Key Takeaways
Always use the Authorization tab in Postman to set auth type and credentials for proper header management.
Choose the correct authorization type based on your API's requirements (Bearer Token, Basic Auth, API Key).
Enter tokens or credentials exactly as required; incorrect input causes authentication failures.
For API Key auth, specify if the key goes in headers or query parameters to match API expectations.
Check API documentation carefully to avoid common mistakes and ensure successful authorization.