I am trying to make a POST request using Postman. The credentials that I have is just an API key and not username and password.
Now in Postman as soon as I select "Basic Auth" it prompts for username and password. So I left these fields as blank and went to Headers to give my own Authorization key-value which leaves me with two "Authorization" fields as shown in the screenshot and I get invalid authentication response.
The authorization works fine using CUrl command in CLI. Is there a workaround for this?
Just keep the Authorization setting to 'No Auth' and manually add in your Authorization Request Header into the Headers tab, like you have done so in the image.
If you don’t use anything from the Authorization tab, then you won’t see this 'extra' header and the request should work the same as you would if you used cURL.
More about Postman Authorization can be found here: https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization
Related
I am trying to call this web api using postman. In order to use it you must apply for a personal token via email before (see here at the beginning of the page indicated as "Personal token request", you must send an email requesting a personal token).
So I have requested a personal token and once I have it I am trying to call above indicated method, this one.
So I configure postman as below screenshots show. I only fill in the Authorization (with my token) and the headers tabs. I indicate GET as verb and as url: https://api.esios.ree.es/indicators
Authorization:
Headers:
When I send the request I get error:
HTTP Token: Access denied.
UPDATED:
It doesn't work...
UPDATED - ATTEMPT #2
Finally I have solved it by setting authorization "No Auth" in Authorization tab and instead set Authorization token in the header tab.
I am using django rest-auth for handling user registration and login. whenever I try to login, it gives me token. so my question is now how to make use of that token to log in user to the home page.
enter image description here
what I want is to make use of that token to login the user in to home page.
thank you
You have to pass the token along with every request (in the request headers) to show that the user is logged.
In Postman, go to headers and add the following under Authorization (make sure it's checked too).
Token (without the brackets).
don't give me this link https://developer.here.com/documentation/authentication/dev_guide/topics/using-postman.html guide in this link in not working with postman
my postman version
my valid Credentials.propeties
here.access.key.id = V0qAiqfSzIFVv5dPjZ3XmQ
here.access.key.secret=XualuioK9BU9gxw5xjN3oViSRb6HPgTiWsWG5bBWL5G7kr5nsJpoWpCsli5ISQnQ8JlrX2mScSOdDqJAnKvIGA
here.token.endpoint.url = https://account.api.here.com/oauth2/token
same as in guide my Authorization
Headers
Body
Response from server
Console detailed log about request
On the Authorization tab I see you have checked "Add empty parameters to signature" and unchecked "Encode the parameters in the Authorization header".
your Auth tab
Only "Encode the parameters in the Authorization header" should be checked.
Let me know if that fixes it. I also verified this still works with the latest version of Postman v7.34.0 .
Disclosure: I'm a product manager at HERE Technologies
I have implemented an endpoint for login, using the django-rest-framework and TokenAuthentication. What i want, is after the login, the user to be authenticated and can navigate on the website.
I know that any get request on any protected using authentication uri should contain the token in the headers, so that the user can be authenticated. Everything is fine with that, if i could do all the get requests adding the token manually.
But what i do not understand is, how can i add the token in the headers when for example the user manually does the request by writing the url?
Let's say that the uri /api/ is protected and requires an authenticated user.
The user logs in, and i save the token either on the cookies or in the localstorage.
Now the user does a http get request on /api/. The token is not placed in the headers, so the response is: "Not authenticated".
So the question is, how can i add the token on any subsequent request after user logs in successfully? Maybe the backend could check the cookies for a valid token, but isn't there any better and safer solution than this?
As I believe from the question you want to add the token to all API which is consumed by your client whether App/Web. So in both people prefer to store that token either in cookies or in local storage. Once user logged out api consumer also flush that key.
I'm trying to test my web server's login with Postman. First, I send a GET request to my login url, and I get a CSRF token as a cookie. Then, I make a POST request to that login page, with my username, password, and CSRF token.
My problem is, when I do this in Postman, I get a 403 forbidden error when I try to make that POST request to login. I'm copying the CSRF token received and putting it as one of the POST parameters, and I'm using a valid username and password. Is there anything I'm overlooking here?
You need to set it as a header in the request, not in the body. X-CSRFToken is the key and the value is CSRF token from the cookie. This will work if you are using an API framework like Tastypie or Django Rest Framework.
If you are authenticating without an API layer you would need to actually attach the cookie or create one with the CSRF token. This post explains it.
Try installing the Postman Interceptor Extension on GoogleChrome. It worked for me.
Works for me :
Set in Postman Header :
KEY : Authorization
Value : Token "Your token"