1 minute read
Using API keys
from POSTMAN API
by danzzersdev
API keys can be used in a variety of different ways. In order to see this, do the following:
1. Go to the Authorization tab of a request in Postman. 2. Choose the API Key option from the Type dropdown.
Advertisement
You will be presented with a few options. 3. Click on the Add to option, which will give you a drop-down choice between adding your API key to the Header or adding it to the Query Params.
API keys can also sometimes be added directly to the body of a request. However, if your API does this, you will need to manually set it up since Postman does not support this option. API keys can also be added to the Authorization header, and this is usually done with bearer tokens, which Postman has separated into its own category of authorization since it is so common.
Aside from using API keys as bearer tokens, one of the more common ways to pass them through the API, is still in the headers. Rather than passing it in with the authorization header though, it will often be passed as its own header. The exact way to do this will vary from API to API and you will need to look at the documentation to figure out exactly how it works. A common header used for this is the x-api-key header, although others can also be used. If you had an API that required the key to be passed in this way, you could fill it out in Postman by setting the Key field to x-api-key and the Value field to have the API key in it. You would also need to make sure that the Add to option was set to Header. If you do this in Postman, you can then look at the Headers tab and see that Postman has automatically added an x-api-key header with the API key value to your request. In a similar way, you could specify the key name and value for a query parameter type of API key authorization if that was what the API required. If you do this, Postman will automatically add the key and value to the params for that request. Basic auth and API keys are easy to understand and use, but some APIs use more advanced forms of authorization. Let's look at some of those.
