How to automate the addition of an authorization token in Postman

In this shot, we will learn how to set up Postman collection to automatically include an authorization token when requests are made to secured endpoints.

Edit collection

To begin, we assume you have already created a collection. We created one called medium. Next, we proceed to edit this collection. This takes us to the following part of Postman:

Collection details

We begin to edit with the variables tab. We add a new variable called token. We plan to update this variable automatically, once a user is authenticated and a response token is sent back to us. This value is what would then be passed as a value in the Bearer token.

For now, we assign anyvalue as its initial value.

Adds new variable to collection

Next, we head back to the Authorization tab and change the Type to Bearer Token. For the Token value, instead of simply placing a raw token, we instead input the collection variable we created earlier. We do this by the use of a double curly bracket on both sides of token. This makes the value of Bearer Token always pick from the value in the token variable we created.

As you can see, our implementation is nearly done. What remains is to find a way to update the token variable’s value once we have a new token.

Sets authorization type and its value

Sample response data

For this example, we have an authorization endpoint that authenticates and returns a response with data in this format.

{
"message": "User sucessfully login",
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4OThiN2UwNy01MmM3LTQ3ZWMtOTM5OS02NGNiMzE4MGExODEiLCJyb2xlIjoxLCJlbWFpbCI6ImNoaWJ1aWtlQHNwbGVldC5uZyIsImlhdCI6MTYyMjEyMDM3MiwiZXhwIjoxNjIyMTUwMzcyfQ.W8jMnWaOpNYJPWTU1je4h1br92XuCKSlYyrklHmzL5o"
},
"statusCode": 200
}

We will need to pass this token value in the object returned in the header to other endpoints that are secured and require a passed token.

Set token in collection header

The Tests tab is where we add our code snippet. This snippet will enable us to extract the token from the response and store it in the collection token variable.

To do that, we send a post request with our body parameters to the endpoint to authenticate us.

Adds code snippet to extract token

Test solution

With everything set, we click the send button. This returns the data object and a status code of 200.

To check if our code snippets work, we head back to the collection variables to see the current value of token, and voila! The collection variable token has been updated with the returned token.

Token variable updated

Test secured routes

To test this in other endpoints that are secured, we need to do one last thing.

To have a single source of truth for a token, we set the Type in Authorization to Inherit auth from parent.

Now, this route, along with any other secured route in this collection, has the current token in its header whenever it sends a request.

Set endpoint to use collection authorization
Free AI Mock Interviews
Coding Interview
Coding PatternsFree Interview
Gain insights and practical experience with coding patterns through targeted MCQs and coding problems, designed to match and challenge your expertise level.
System Design
You TubeFree Interview
Learn to design a video streaming platform like YouTube by tackling functional and non-functional requirements, core components, and high-level to detailed design challenges.

Free Resources

Attributions:
  1. undefined by undefined
Copyright ©2025 Educative, Inc. All rights reserved