The more I’ve used it, the more ways I’ve tried to tackle this problem. Here’s a solution I found that works well. On my project, we have an API that grants and uses OAuth2 access tokens for authentication (with no refresh token). After right-clicking to edit our Collection and navigating to the Authorization tab, we can select the OAuth 2.0 type from the dropdown and be presented with this: In our Postman Collection, we can take advantage of collection-level authorization so that we don’t have to configure it request by request. The only remaining step is to ensure that each request needing authorization is set to inherit auth from parent (meaning the collection): If we plug in our appropriate credentials and click “Get New Access Token” and then “Update,” we’ll be all set up for our requests. This is all well and good, but there’s one catch: our token can’t automatically refresh. On my project, the token would expire after fifteen minutes - enough time to get the token once and try out a few requests, but a pain for longer sessions. It was annoying to continually get a new token through the process above. You may have noticed that when editing the Collection, alongside the Authorization tab there was a tab called Pre-Request Scripts. This is what I have in my collection’s “Pre-request Scripts”: We can take advantage of this to make sure we always have a valid token before requests. So what’s going on here? I’m taking advantage of a few things. In the script, I’m using Postman’s global variables to track some important things, including the client_id, client_secret, and grant_type, which I need for the body of the authorization request. The other two are variables for the auth token itself and the expiration time of that token. In the beginning of the script, I’m checking to see if I have an existing expiration time and how much of a difference (in seconds) there is between that time and the time the script is called. If we’re at or below a thirty-second difference (arbitrarily chosen), then we fulfill the condition for the main part of the script. Using Postman’s pm object, I then build a call to send a request, supplying the appropriate url, method, headers, and body. Upon success, I parse the response to assign the new token and its expiry time to the right variables. We can just set the type to Bearer Token and provide our variable as the value, like this: ( Learn more about Postman’s JavaScript scripting.)Īnd that’s it! The only step left is to change the authorization type in our requests. Now whenever we hit “Send” on one of our requests in this Collection, the Pre-request Script will run, checking if it’s time to find a new token and making the request if necessary. Handling authorization like this is just one possibility.Chrome add-on Postman streamlines testing APIs My script is a bit sloppy, but in the process of writing it, I found that there are quite a few interesting things you can do with Postman if you put in the effort. Postman is a Web REST client that allows you to enter and monitor HTTP requests and responses. See why Tony Patton recommends taking this Chrome add-on for a test drive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |