New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Collection Authorization type "Headers" #4044

Open
javabrett opened this Issue Jan 10, 2018 · 26 comments

Comments

Projects
None yet
@javabrett
Copy link

javabrett commented Jan 10, 2018

App Details:

Postman for Mac
Version 5.5.0 (5.5.0)

Issue Report:

This is an enhancement request to add a new Authorization type to the existing types available for a Collection: the new type might be called Headers or Custom Headers.

The idea being that you can add an arbitrary set of Header name/value pairs to be used as authorization tokens and added to each request.

Sometimes when you are developing you just need to add a set of headers (here for the purposes of authorization) to each request. The required header names might not conform to existing authorization standards.

Perhaps the downside of this enhancement is that by allowing any HTTP Header whatsoever, this functionality goes beyond that required for authorization, and could be used for example to add any set of custom headers to all requests in a collection. In this way it duplicates requests such as #1947 and #2692. But based on the current UI and features, the Authorization tab seems a reasonable place to expose this sort of feature.

@dlgoodchild

This comment has been minimized.

Copy link

dlgoodchild commented Jan 10, 2018

+1 (just as in #1947)

Seriously, this app really needs ability to set common headers and properties for all requests.

@SamvelRaja

This comment has been minimized.

Copy link

SamvelRaja commented Jan 10, 2018

I don't think we will add this feature as new authorization header, but we get your concern of having common headers for all the requests in a collection. We shall look in that way and solve the usability.

@dlgoodchild

This comment has been minimized.

Copy link

dlgoodchild commented Jan 10, 2018

This is great news to hear that common headers may finally arrive. My usage of Postman has been in slow decline, because of that one major missing feature...it really is quite vital for large systems.

@GremeAllanBryce

This comment has been minimized.

Copy link

GremeAllanBryce commented Jan 17, 2018

working with AWS Cognito authorisation this is needed. It is not resolved by only having AWS Sig4

+1

@Iliev88

This comment has been minimized.

Copy link

Iliev88 commented Jan 20, 2018

+1

1 similar comment
@sobkowicz

This comment has been minimized.

Copy link

sobkowicz commented Jan 23, 2018

+1

@mathewrg

This comment has been minimized.

Copy link

mathewrg commented Jan 26, 2018

+1
Thanks for all the good work you guys are doing. Having this feature will increase the usability very much. Thanks..

@arenaq

This comment has been minimized.

Copy link

arenaq commented Jan 27, 2018

+1

2 similar comments
@xavier-b

This comment has been minimized.

Copy link

xavier-b commented Jan 28, 2018

+1

@degraaf

This comment has been minimized.

Copy link

degraaf commented Jan 29, 2018

+1

@e2canoe

This comment has been minimized.

Copy link

e2canoe commented Feb 9, 2018

We really need this. I just added authorization to my project and was shocked to discover that I now need to manually add my test token variable to all my requests' headers.

@Iliev88

This comment has been minimized.

Copy link

Iliev88 commented Feb 10, 2018

@e2canoe You can save headers in Presets

image

@devonparsons

This comment has been minimized.

Copy link

devonparsons commented Feb 12, 2018

@Iliev88 Useful, but header presets are not shared with your team, and editing them after the fact does not edit the requests already using them.

@darron1217

This comment has been minimized.

Copy link

darron1217 commented Feb 16, 2018

I've always been dreamed of this feature as collection config!

Just like the image below
image

I hope this feature to be added soon!

@prashantbissa

This comment has been minimized.

Copy link

prashantbissa commented Feb 22, 2018

+1

@ma-schmidt-de

This comment has been minimized.

Copy link

ma-schmidt-de commented Feb 22, 2018

+1 @darron1217
The use case of having a default header like "origin=XX" or "apikey=XX" is super common. We definitely need a central place to define headers for Collections and Folders.

@Gosherm

This comment has been minimized.

Copy link

Gosherm commented Feb 27, 2018

+1

@amouchinski

This comment has been minimized.

Copy link

amouchinski commented Mar 20, 2018

Please add support for default headers per folder or collection as suggested by darron1217.

@LucasSteinwalker

This comment has been minimized.

Copy link

LucasSteinwalker commented Mar 22, 2018

+1 on this request. Unfortunately a lot of API implementations don't use a standard authentication token. I just pulled in a Swagger import of 500+ requests on a new project I'm working on and unfortunately will need to add the authorization header to every request, which is a major pain.

Don't mean to seem ungrateful though. Postman is the best!

@dolmen

This comment has been minimized.

Copy link

dolmen commented Apr 24, 2018

Please:

@jcavalieri

This comment has been minimized.

Copy link

jcavalieri commented Jul 30, 2018

👍

@NathanNorman

This comment has been minimized.

Copy link

NathanNorman commented Aug 29, 2018

I solved this problem for my own personal situation by utilizing jq.

  1. Export postman collection to JSON. (I used Collection v2.1)
  2. Add the header "x-realm: admin" to all request headers.
    jq 'walk(if (type == "object" and has("header")) then .header |= (. + [{"key":"x-realm", "value":"admin"}] | unique) else . end )' collection.json > modified.json
  3. Delete original collection and import the modified collection.

By using the unique function in jq this only adds the header if it is not already there.
This same technique could be used to add any header key/value.

I am certainly not a jq expert so any suggestions on improvements to this technique are welcome.

I should also mention that the walk function is not in the current jq release. If you would like to utilize it, see this issue.

@vkaegis vkaegis added the collections label Nov 14, 2018

@vpArth

This comment has been minimized.

Copy link

vpArth commented Jan 7, 2019

Any progress on this?

It's not too difficult to implement, but too important for users.
Too much apis use custom header authorization.
Several of them changed to custom header authentication from BasicAuth(after I create a collection in Postman).
Should be a way to map this API change into Postman.
These API changes are reason differs that issue from #1947

Minimal is simple authorization method: "Custom Header" with two fields: name and value. Value can have variable substitutions for convenience.

Example:

Header: "X-Api-Auth"
Value: "Token {{api_token}}"

Much better is to implement "Custom Headers" as a collection of key/value pairs, as proposed in this issue.

Also, this feature covers almost any other authorization method automatically.
One that is a reason to implement it! =)

@vkaegis vkaegis added the Auth label Jan 10, 2019

@AndrewGene

This comment has been minimized.

Copy link

AndrewGene commented Jan 18, 2019

My login endpoint returns an object like

{ "email": "...", "firstName": "...", "lastName": "...", "token": "4e3463c2-9476-4e9a-9ed2-45347ea02275", "userId": "2094" }

Token is the key used in every other request's Authorization header. It is short-lived (couple of hours).

So I made a "Test" in postman that reads and stores the token value into a global variable
let jsonData = pm.response.json(); let token = jsonData.token; pm.globals.set("token", token);

Every other request is set up to have an Authorization header with the value...

{{token}}

I simply need to make sure I call the Login endpoint before I start working on the other routes.

@KOGI

This comment has been minimized.

Copy link

KOGI commented Jan 21, 2019

@AndrewGene I do basically this very same thing. It works, but the problem with it is that you have to ensure that every other call you make remembers to include this custom value. There's no way to "import" this value as a header on the collection itself.

@AndrewGene

This comment has been minimized.

Copy link

AndrewGene commented Jan 21, 2019

@a85 a85 added runtime and removed runtime labels Jan 23, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment