How to Handle Authentications with Postman?

What is Authentication?

Authentication is a process of presenting your credentials like username, password or another secret key to the system and the system to validate your credentials or you. In the API terms Authentication is used to protect the content over web mean only a valid user with valid credentials can access that API endpoint.
These credentials tell the system about who you are. Which enables the system to ensures and confirms a user’s identity. Here system can be anything, it can be a computer, phone, bank or any physical office premises.


What is Postman?

first of all, let’s understand what is Postman. It is an  API Testing tool used by developers and Testers to perform API Testing with lots of different features like Global variables, mock request, Environment and monitoring of APIs.
You can learn more about a postman in my full Video lecture series here. Download and install it.
P.S – This article assumes that you have some experience with Postman. If not please go through my previous tutorials.



There are 8 types of Authentication supported by APIs in POSTMAN:-


  • No Auth
  • Bearer Token
  • Basic Auth
  • Digest Auth
  • NTLM Authentication
  • OAuth 1.0 & OAuth 2.0
  • Hawk Authentication
  • AWS Signature

postman tutorial

No Auth:  –

No Auth means that any HTTP or HTTPS request for GET, PUT or Post extra with no authentication required. They are open request with no privacy and open content. Anyone with the correct link and param cancel access the content by the request.

For example –

Reponse in JSON

postman tutorial

Basic Auth:-

Basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a username and password when making a request. In the example, we will use the postman internal URL to create Basic Auth example –
User name postman and password password.
postman tutorial

Digest Auth:-

Digest Auth is another authentication method used by most of the websites. In the Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password, with a user’s web browser. In the Digest Auth. method username and password are sent over the web after applying some hash functions, Therefore which makes it more secure over network.

e.g HA1 = MD5(username:realm:password)
HA2 = MD5(method:digestURI)
response = MD5(HA1:nonce:HA2)

postman tutorial

NTLM Authentication:-

This is the Authentication used by Microsoft Window networks to the users. Its an successor to the authentication protocol in Microsoft LAN Manager. It combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. If you want to use the NTLM authentication, You need to first capture the reuqest using Fiddler app . It’s a web debugging proxy. Run the app, then in Rules menu tick Automatically Authenticate option. After this Postman will work with NTML authentication like a charm. Don’t close the Fiddler until you are done. More info at –


Hawk Authentication:-

Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification. For more complex use cases such as access delegation. More info at – It is used to protect the API endpoints by various companies. One of Hawk’s main goals is to enable HTTP authentication for services that do not use TLS.

We need to pass the Hawk Auth ID: dh37fgj492je and Hawk Auth Key: werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn and Algorithm: sha256

to the URL – to get yourself authenticated.

postman tutorial

OAuth 1.0 & 2.0:-

They are the way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. When you perform the OAuth most of the time you have to get the Access token from the website after submitting the details like consumer key etc. So to make OAuth 1.0 request you need to pass the Consumer key, Secret and Access Token,  Token Secret.
postman tutorial


AWS Signature:-

Also knows as Signature Version 4 is the process to add authentication information to AWS requests sent by HTTP., for example, you have any resource of the s3 cloud, you want it to access into your app or anywhere you can request the source using the GET request with the AWS signature. You need to mention the AWS key and screatKey and URL of the resource and rest postman will do for you.

postman tutorial


Bearer Token:-

Bearer Tokens are the predominant type of access token used with OAuth 2.0. You need to pass the Token with a request to get the response.
postman tutorial
In conclusion, This article is almost complete. We learn how to so authentication of all types in Postman with screenshots and URLs. If you need Postman collection. just download below.

2 thoughts on “How to Handle Authentications with Postman?”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.