Authorization
For many applications, an interface for security reasons we do not want to open to the public. This time we need to use the authorization (Authorization) mechanism.
Authorization process to verify that you have the required permissions to access server data.
When a request, generally must contain parameters, to ensure the required permissions to access data and having a return request.
Postman provide authorization type, it can easily handle authentication protocol Postman local application.
Postman authorization protocol type
Supported license types:
- Inherit auth from parent
- No Auth
- API key
- Bear Token
- Basic Auth
- Digest Auth
- OAuth 1.0
- OAuth 2.0
- Hawk Authentication
- AWS Signature
- NTML Authentication[Beta]
Inherit auth from parent (integrated identity verification from a parent class)
Add to authorize the collection or folder.
Let's say you add a folder in the collection. In the Authorization tab, the default license type will be set to "auth inherited from the parent class."
"From parent" set "Inheritance auth" indicates default, every request that folder are authorized to use the type of the parent class. If, which uses "No Auth", so the folder using the "No Auth", which means that all requests in that folder will use "No Auth"
If you want to retain the parent collection authorization type is "No Auth", but to update the authorization assistant this particular folder, how to do it? You can edit the details of a folder, select from the Type drop-down menu in the "basic auth ", and enter your credentials. Therefore, each request this folder are dependent on "basic Auth", while the remaining parent collection request is still without any authorization.
No Auth
It does not require certification, which is selected by default.
Basic Auth
This is a relatively simple type of license required authenticated user name and password to access data resources. This requires us to enter a user name and corresponding password.
Using Basic Authentication:
The first step: Select "Basic Auth" from the drop-down menu.
Step Two: To set the parameters of the authorization requested, enter your user name and password.
Step 3: Click the Send button.
Currently the project is to use this authentication method.
Example: request the following URL, the authorized account as follows:
username:
usernamepassword:
passwordLicense Agreement as follows:
Basic Authhttps://{{beta}}/oauth2/token?grant_type=password&sms_verify=trueIf you do not enter a user password, direct GET request is returned tips:
UnauthorizedEnter the user name and password, select
Basic auththe type of authorization, the following result is returned
{
"access_token": "dda7b55f-574d-4de6-9f62-d849d5894ba9",
"token_type": "bearer",
"refresh_token": "1da3f4fb-dbf7-40d6-9316-32916f4c0d03",
"expires_in": 3599,
"scope": "READ WRITE"
}
In postmanuse here is to save logged in token, the next interface to use the tokeninformation.
code show as below:
if(responseCode.code === 200){
// 判断是否存在 'access_token' 值
tests["Body matches access_token"] = responseBody.has("access_token");
//保存响应结果json
var jsonData = JSON.parse(responseBody);
//将响应结果中的access_token保存为全局变量hb_access_token
postman.setGlobalVariable("hb_access_token",jsonData.access_token);
//打印请求参数
tests[`[INFO] Request params: ${JSON.stringify(request.data)}`] = true;
// tests["have result "]=jsonData.hasOwnProperty("error")!==true;
//验证响应结果中存在access_token
tests["have data "]=jsonData.hasOwnProperty("access_token")===true;
//验证该接口的响应时间
tests[`[INFO] Response timeout: ${responseTime}`] = responseTime < 6000;
}else{
//接口请求失败
tests["Waring:Request Failed. Please Fix!"] = false;
}Use Basic Authrecognize complete. An interface in the next, how to use global variables have been saved access_token, as
Bear Token
Bearer TokenIt is a security token. With any Bearer Tokenuser can use it to access data resources, without the use of an encryption key.