Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Collection Authorization type "Headers" #4044

Closed
javabrett opened this issue Jan 10, 2018 · 39 comments
Closed

Add Collection Authorization type "Headers" #4044

javabrett opened this issue Jan 10, 2018 · 39 comments

Comments

@javabrett
Copy link

@javabrett javabrett commented Jan 10, 2018

App Details:

Postman for Mac
Version 5.5.0 (5.5.0)

Issue Report:

This is an enhancement request to add a new Authorization type to the existing types available for a Collection: the new type might be called Headers or Custom Headers.

The idea being that you can add an arbitrary set of Header name/value pairs to be used as authorization tokens and added to each request.

Sometimes when you are developing you just need to add a set of headers (here for the purposes of authorization) to each request. The required header names might not conform to existing authorization standards.

Perhaps the downside of this enhancement is that by allowing any HTTP Header whatsoever, this functionality goes beyond that required for authorization, and could be used for example to add any set of custom headers to all requests in a collection. In this way it duplicates requests such as #1947 and #2692. But based on the current UI and features, the Authorization tab seems a reasonable place to expose this sort of feature.

@dlgoodchild
Copy link

@dlgoodchild dlgoodchild commented Jan 10, 2018

+1 (just as in #1947)

Seriously, this app really needs ability to set common headers and properties for all requests.

@SamvelRaja
Copy link

@SamvelRaja SamvelRaja commented Jan 10, 2018

I don't think we will add this feature as new authorization header, but we get your concern of having common headers for all the requests in a collection. We shall look in that way and solve the usability.

@dlgoodchild
Copy link

@dlgoodchild dlgoodchild commented Jan 10, 2018

This is great news to hear that common headers may finally arrive. My usage of Postman has been in slow decline, because of that one major missing feature...it really is quite vital for large systems.

@GraemeAllanBryce
Copy link

@GraemeAllanBryce GraemeAllanBryce commented Jan 17, 2018

working with AWS Cognito authorisation this is needed. It is not resolved by only having AWS Sig4

+1

@Iliev88
Copy link

@Iliev88 Iliev88 commented Jan 20, 2018

+1

1 similar comment
@sobkowicz
Copy link

@sobkowicz sobkowicz commented Jan 23, 2018

+1

@mathewrg
Copy link

@mathewrg mathewrg commented Jan 26, 2018

+1
Thanks for all the good work you guys are doing. Having this feature will increase the usability very much. Thanks..

@arenaq
Copy link

@arenaq arenaq commented Jan 27, 2018

+1

2 similar comments
@xavier-b
Copy link

@xavier-b xavier-b commented Jan 28, 2018

+1

@degraaf
Copy link

@degraaf degraaf commented Jan 29, 2018

+1

@e2canoe
Copy link

@e2canoe e2canoe commented Feb 9, 2018

We really need this. I just added authorization to my project and was shocked to discover that I now need to manually add my test token variable to all my requests' headers.

@Iliev88
Copy link

@Iliev88 Iliev88 commented Feb 10, 2018

@e2canoe You can save headers in Presets

image

@devonparsons
Copy link

@devonparsons devonparsons commented Feb 12, 2018

@Iliev88 Useful, but header presets are not shared with your team, and editing them after the fact does not edit the requests already using them.

@darron1217
Copy link

@darron1217 darron1217 commented Feb 16, 2018

I've always been dreamed of this feature as collection config!

Just like the image below
image

I hope this feature to be added soon!

@prashantbissa
Copy link

@prashantbissa prashantbissa commented Feb 22, 2018

+1

@ma-schmidt-de
Copy link

@ma-schmidt-de ma-schmidt-de commented Feb 22, 2018

+1 @darron1217
The use case of having a default header like "origin=XX" or "apikey=XX" is super common. We definitely need a central place to define headers for Collections and Folders.

@Gosherm
Copy link

@Gosherm Gosherm commented Feb 27, 2018

+1

@amouchinski
Copy link

@amouchinski amouchinski commented Mar 20, 2018

Please add support for default headers per folder or collection as suggested by darron1217.

@LucasSteinwalker
Copy link

@LucasSteinwalker LucasSteinwalker commented Mar 22, 2018

+1 on this request. Unfortunately a lot of API implementations don't use a standard authentication token. I just pulled in a Swagger import of 500+ requests on a new project I'm working on and unfortunately will need to add the authorization header to every request, which is a major pain.

Don't mean to seem ungrateful though. Postman is the best!

@dolmen
Copy link

@dolmen dolmen commented Apr 24, 2018

Please:

@jcavalieri
Copy link

@jcavalieri jcavalieri commented Jul 30, 2018

👍

@AndrewGene
Copy link

@AndrewGene AndrewGene commented Jan 18, 2019

My login endpoint returns an object like

{ "email": "...", "firstName": "...", "lastName": "...", "token": "4e3463c2-9476-4e9a-9ed2-45347ea02275", "userId": "2094" }

Token is the key used in every other request's Authorization header. It is short-lived (couple of hours).

So I made a "Test" in postman that reads and stores the token value into a global variable
let jsonData = pm.response.json(); let token = jsonData.token; pm.globals.set("token", token);

Every other request is set up to have an Authorization header with the value...

{{token}}

I simply need to make sure I call the Login endpoint before I start working on the other routes.

@KOGI
Copy link

@KOGI KOGI commented Jan 21, 2019

@AndrewGene I do basically this very same thing. It works, but the problem with it is that you have to ensure that every other call you make remembers to include this custom value. There's no way to "import" this value as a header on the collection itself.

@AndrewGene
Copy link

@AndrewGene AndrewGene commented Jan 21, 2019

@a85 a85 added runtime and removed runtime labels Jan 23, 2019
@Nicolai6120
Copy link

@Nicolai6120 Nicolai6120 commented Feb 4, 2019

Postman support soooooo slow.... Implement one simple feature is not so hard, really?

@shamasis
Copy link
Member

@shamasis shamasis commented Feb 13, 2019

We are working on programmatic way to inject headers from pre-request scripts. You can add one in collection script and that would add the same in all outgoing requests!

Also, we are modifying the Bearer auth to have modified header key name. If your bearer token auth system has special header key, then that would be possible. Would update the issue when this is released.

PS: Also considering adding an "Api Key" type auth since it seems there is no standard to provide api key. We should be able to select header name and a value there.

@shamasis shamasis added this to To Triage in Runtime Triage and Development via automation Feb 13, 2019
@shamasis shamasis moved this from To Triage to Accepted Feature in Runtime Triage and Development Feb 13, 2019
@AndrewGene
Copy link

@AndrewGene AndrewGene commented Feb 13, 2019

Thank you so much for the feedback @shamasis. Postman has become integral to our workflow. Keep up the great work.

@talbronfer
Copy link

@talbronfer talbronfer commented Jun 2, 2019

Any updates on when this feature will reach production?

@shamasis
Copy link
Member

@shamasis shamasis commented Jun 3, 2019

@talbronfer both the solutions mentioned at #4044 (comment) is now out in production. I think in latest v7.1 app. Waiting for some feedback to double check if they are working fine.

Can you try them out and let us know? (1) api key auth type and (2) ability to manipulate request headers from script.

@wabiloo
Copy link

@wabiloo wabiloo commented Jun 5, 2019

@shamasis - any documentation on how to achieve 2)?

@codenirvana
Copy link
Member

@codenirvana codenirvana commented Jun 5, 2019

@wabiloo To mutate request headers via pre-request scripts:

// Add new header
pm.request.headers.add({
    key: 'Authorization',
    value: 'api-key'
});

// Add or update an existing header
pm.request.headers.upsert({
    key: 'Authorization',
    value: 'new-api-key'
});

// remove header
pm.request.headers.remove('Authorization')

Refer: #1947 (comment)

Also, as mentioned in #4044 (comment) the latest version of the Postman app adds support for new API Key auth:

Screenshot 2019-06-05 at 12 48 43 PM

@codenirvana codenirvana closed this Jun 5, 2019
Runtime Triage and Development automation moved this from Adding feature soon to Ready Jun 5, 2019
@codenirvana codenirvana self-assigned this Jun 5, 2019
@KOGI
Copy link

@KOGI KOGI commented Jun 12, 2019

This is excellent! Thank you! This will be a huge improvement for my workflow.

I've got requests working using this new feature, however, it looks like the headers added during the pre-request script are NOT added to the export/code dialog (see screenshots) this means I can't copy/paste the request into a terminal if needed (unless I go dig up the header names and values and add them to the curl command manually every time):

image
image
image

@codenirvana
Copy link
Member

@codenirvana codenirvana commented Jun 13, 2019

@KOGI We are tracking this feature request here: #6349

@wabiloo
Copy link

@wabiloo wabiloo commented Jun 22, 2019

Thanks for this massive improvement!
The collection-level headers created through pre-request scripts also don't appear in the "Temporary Headers" panel on individual requests. Would be great if they could appear there as well!

@kevcam4891
Copy link

@kevcam4891 kevcam4891 commented Oct 6, 2019

Any update on being able to customize the "Bearer" string? AWS Cognito doesn't want Bearer in the Authorization header, just the token. I simply need a way to remove this text, please!

@kepikoi
Copy link

@kepikoi kepikoi commented Feb 1, 2021

What about supporting multiple API keys in the header?
The pre-request script solution is not applicable when generating collections from an imported oas3 (due to postmanlabs/openapi-to-postman#158)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked pull requests

Successfully merging a pull request may close this issue.

None yet