Authorization

The authorization process verifies whether you have permission to access the data you want from the server. When you send a request, you often have to include parameters to ensure the request has permission to access and return the data you want. Postman provides authorization types that make it easy for you to handle authentication protocols in Postman native apps.

When you select "Authorization" in the request builder, you see the TYPE drop down menu.

Inherit auth from parent
No Auth
Bearer Token
Basic auth
Digest Auth
OAuth 1.0
OAuth 2.0
Hawk Authentication
AWS Signature
NTLM Authentication [Beta]

Note: NTLM and Bearer token are only available in Postman native apps. All other authorization types are available in Postman native apps and the Chrome app. Note that the Postman Chrome app is being deprecated.

You can use environment, collection, or global variables with all authorization types. In addition to using these in the Postman app, you can also use these authorization types with Newman or Postman monitors.

Postman does not save header data and query parameters to prevent sensitive data exposure, such as API keys, to the public.

If you want to inspect the authorization headers and parameters that Postman generates, click the Preview Request button.

Note: You can inspect a raw dump of the entire request in the Postman console after you send it.