I have been using postman to explore a REST interface. When using Postman's code generation feature, regardless of which programming language I select, Postman will always add a postman-token
attribute in the header. Why is it there?
See for example PHP Curl:
<?php $curl = curl_init(); curl_setopt_array($curl, array(CURLOPT_URL => "https://myURL.com, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => array( "authorization: Basic abcdefghijklmnop", "cache-control: no-cache", "postman-token: wt53gwg-e9bb-645d-g53d-e42f8765aut0" ), )); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
Postman starts the authentication flow and prompts you to save the access token. Select Add token to header. Click the name of your token so Postman will add the token to the authorization header and click Send to make your request. If authentication is successful, the API shows a 200/OK response.
Authorization at Collections Step 1 − Click on the three dots beside the Collection name in Postman and select the option Edit. Step 2 − The EDIT COLLECTION pop-up comes up. Move to the Authorization tab and then select any option from the TYPE dropdown.
This is primarily used to bypass a bug in Chrome. If an XMLHttpRequest is pending and another request is sent with the same parameters then Chrome returns the same response for both of them. Sending a random token avoids this issue. This can also help you distinguish between request on the server side.
See docs/settings postman.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With