Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure Postman for requests with devise_auth_token

I need to document a RubyOnRails API with Postman but I don’t know how to set up the authorization for the requests that need token. I’m using devise_token_auth gem

like image 893
Evelin Ponce Avatar asked Sep 03 '25 06:09

Evelin Ponce


2 Answers

When you use devise_token_auth the format of the cURL is the following:

curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: lW1c60hYkRwAinzUqgLfsQ' -H 'client: W_xCQuggzNOVeCnNZbjKFw' -H "uid: [email protected]" http://domain/api/v1/auth/validate_token

So you need the next parameters to access: access-token, client, uid, url

To get them you need to follow these instructions:

  • Create a new user with a POST request to your signup request, in this case is http://localhost:3000/auth and in Body with RAW format set the params you need to create a new user (like in the example) and click send.

enter image description here

  • Now that you got the response of the request, the params you need are in the header of the request, click to Headers tab to see them.

enter image description here

  • Then create a new request in Postman with the GET that requires the authorization and in Headers set the values access-token, client, uid from the header of the last request.

enter image description here

You could set the values as local variables in an environment to call them in every request instead of pasting them in each header.

In case you got an Authorization error after complete this guide

{
  "errors": [
    "Authorized users only."
  ]
}

This is because sometimes the access-token is configured to change each time the client queries the API, to change this configuration only add the following line to config/initializers/devise_token_auth.rb

config.change_headers_on_each_request = false

REST API Testing - Postman behaving as different client after each request

like image 88
Evelin Ponce Avatar answered Sep 04 '25 21:09

Evelin Ponce


Having to set config.change_headers_on_each_request = false may not be ideal for everyone.

I was able to have Postman automatically save access-token, client, and uid to environment variables (in my case I used ACCESS_TOKEN, ACCESS_CLIENT, and ACCESS_UID) with a Postman test script:

responseHeaders['access-token'] && pm.environment.set("ACCESS_TOKEN", responseHeaders['access-token']);
responseHeaders['client'] && pm.environment.set("ACCESS_CLIENT", responseHeaders['client']);
responseHeaders['uid'] && pm.environment.set("ACCESS_UID", responseHeaders['uid']);

This script first tests to make sure the token was returned (in a failed request a new token is not returned), then saves them to your environment variables.

Then using a Pre Request script I have those variables added to the header automatically.

pm.request.headers.upsert({key: 'access-token', value: pm.variables.get("ACCESS_TOKEN") });
pm.request.headers.upsert({key: 'client', value: pm.variables.get("ACCESS_CLIENT") });
pm.request.headers.upsert({key: 'uid', value: pm.variables.get("ACCESS_UID") });

I add these at the Collection instead of each specific request in Postman:

Collection Edit screen, Pre-request Scripts tab

Collection Edit screen, Tests tab

Then all I need to do before I start making requests, is to make a Login request to get the initial token (which will get saved thanks to our Test script). Each successful request after that will automatically save and use the newest token, allowing you to test your API without having to modify the config settings inside your Rails app.

Hope this can help anyone who finds this question.

like image 26
Daniel Wise Avatar answered Sep 04 '25 20:09

Daniel Wise