Contents
What is Authentication?
What is Postman?
- No Auth
- Bearer Token
- Basic Auth
- Digest Auth
- NTLM Authentication
- OAuth 1.0 & OAuth 2.0
- Hawk Authentication
- AWS Signature
No Auth: –
No Auth means that any HTTP or HTTPS request for GET, PUT or Post extra with no authentication required. They are open request with no privacy and open content. Anyone with the correct link and param cancel access the content by the request.
Reponse in JSON
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | * query: { * names: [ * { * first: "Mohit", * middle: "Ram", * last: "Singh", * display: "Mohit Ram Singh" * } * ], * usernames: [ * { * content: "foobar" * } * ], * emails: [ * { * @type: "personal", * address: "pr@gmail.com", * address_md5: "6d800719c88451a7b8c672ffc06fe0aa" * } * ], * phones: [ * { * country_code: 1, * number: 9845785456, * display: "984-578-5456", * display_international: "+1 984-578-5456" * } * ], * dob: { * date_range: { * start: "1990-11-23", * end: "1993-11-22" * }, * display: "25-27 years old" * }, * addresses: [ * { * country: "US", * state: "GA", * city: "Atlanta", * display: "Atlanta, Georgia" * } * ] * }, |
Basic Auth:-
Digest Auth:-
Digest Auth is another authentication method used by most of the websites. In the Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password, with a user’s web browser. In the Digest Auth. method username and password are sent over the web after applying some hash functions, Therefore which makes it more secure over network.
e.g HA1 = MD5(username:realm:password)
HA2 = MD5(method:digestURI)
response = MD5(HA1:nonce:HA2)
NTLM Authentication:-
Hawk Authentication:-
Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification. For more complex use cases such as access delegation. More info at – https://github.com/hueniverse/hawk. It is used to protect the API endpoints by various companies. One of Hawk’s main goals is to enable HTTP authentication for services that do not use TLS.
We need to pass the Hawk Auth ID: dh37fgj492je and Hawk Auth Key: werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn and Algorithm: sha256
to the URL – https://postman-echo.com/auth/hawk to get yourself authenticated.
OAuth 1.0 & 2.0:-
AWS Signature:-
Also knows as Signature Version 4 is the process to add authentication information to AWS requests sent by HTTP., for example, you have any resource of the s3 cloud, you want it to access into your app or anywhere you can request the source using the GET request with the AWS signature. You need to mention the AWS key and screatKey and URL of the resource and rest postman will do for you.
Postman is such an impressive tool! Totally overwhelming! Although authentication issues can be sufficiently handled with tools