1. Set the problem:
- In the last 3 years I have worked on 4 projects. All four projects use jwt tokens for authentication. It can be seen that the jwt token is really popular. Today I write a mini blog to share some experience on how to configure postman with jwt token so that you can work more professionally and effectively.
- Flow authenticates with client-side jwt token:
- Post API login
- Get tokens
- Store token in client
- All APIs with auth -> set header Authcation = Bearer + token
- You are a BE developer or tester.
- If you want to test the API, you have to do the above procedure -> Open postman and try
2. Made with rice:
- Write api login
- Get tokens like this
- Then
Ctrl + C
- And
Ctrl + V
in the Authcation header of the API you want to test - So if you want to test 20 APIs, you have to copy and paste 20 times. -> It’s too much of a chicken
3. Same as rice, but a little better:
- Create a variable ( global)
acccessToken
- Setting header for all APIs, Authcation = “Bearer {{acccessToken}}”
- Call the login api
- Copy the token and paste it into the
acccessToken
variable - Just call the login API once, and paste it once, more please 👋👋👋👋
4. Automatic execution
- Automatically, after you call login, postman will automatically copy the token and paste it into the header.
- For implementation, add the following script to the
Tests
. section
1 2 3 4 5 6 7 8 9 |
pm <span class="token punctuation">.</span> <span class="token function">test</span> <span class="token punctuation">(</span> <span class="token string">"Status code is 200"</span> <span class="token punctuation">,</span> <span class="token keyword">function</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> pm <span class="token punctuation">.</span> response <span class="token punctuation">.</span> to <span class="token punctuation">.</span> have <span class="token punctuation">.</span> <span class="token function">status</span> <span class="token punctuation">(</span> <span class="token number">200</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> res <span class="token operator">=</span> pm <span class="token punctuation">.</span> response <span class="token punctuation">.</span> <span class="token function">json</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> pm <span class="token punctuation">.</span> globals <span class="token punctuation">.</span> <span class="token function">set</span> <span class="token punctuation">(</span> <span class="token string">"accessToken"</span> <span class="token punctuation">,</span> res <span class="token punctuation">.</span> access_token <span class="token punctuation">)</span> <span class="token punctuation">;</span> |
- Now you need to make 1 login before you want to test the api. I don’t know if it can be better, but I’m still lazy
5 Super Auto:
- Add pre-script to set token before making API call.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<span class="token keyword">const</span> Host <span class="token operator">=</span> pm <span class="token punctuation">.</span> globals <span class="token punctuation">.</span> <span class="token function">get</span> <span class="token punctuation">(</span> <span class="token string">"Host"</span> <span class="token punctuation">)</span> <span class="token keyword">const</span> postRequest <span class="token operator">=</span> <span class="token punctuation">{</span> url <span class="token operator">:</span> <span class="token template-string"><span class="token template-punctuation string">`</span> <span class="token interpolation"><span class="token interpolation-punctuation punctuation">${</span> Host <span class="token interpolation-punctuation punctuation">}</span></span> <span class="token string">/v1/public/auth/login</span> <span class="token template-punctuation string">`</span></span> <span class="token punctuation">,</span> method <span class="token operator">:</span> <span class="token string">'POST'</span> <span class="token punctuation">,</span> header <span class="token operator">:</span> <span class="token punctuation">{</span> <span class="token string">'Content-Type'</span> <span class="token operator">:</span> <span class="token string">'application/json'</span> <span class="token punctuation">,</span> <span class="token string">'X-Foo'</span> <span class="token operator">:</span> <span class="token string">'bar'</span> <span class="token punctuation">}</span> <span class="token punctuation">,</span> body <span class="token operator">:</span> <span class="token punctuation">{</span> mode <span class="token operator">:</span> <span class="token string">'raw'</span> <span class="token punctuation">,</span> raw <span class="token operator">:</span> <span class="token constant">JSON</span> <span class="token punctuation">.</span> <span class="token function">stringify</span> <span class="token punctuation">(</span> <span class="token punctuation">{</span> <span class="token string">"phone"</span> <span class="token operator">:</span> <span class="token string">"phone"</span> <span class="token punctuation">,</span> <span class="token string">"password"</span> <span class="token operator">:</span> <span class="token string">"password"</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">;</span> pm <span class="token punctuation">.</span> <span class="token function">sendRequest</span> <span class="token punctuation">(</span> postRequest <span class="token punctuation">,</span> <span class="token punctuation">(</span> <span class="token parameter">error <span class="token punctuation">,</span> response</span> <span class="token punctuation">)</span> <span class="token operator">=></span> <span class="token punctuation">{</span> console <span class="token punctuation">.</span> <span class="token function">log</span> <span class="token punctuation">(</span> error <span class="token operator">?</span> error <span class="token operator">:</span> response <span class="token punctuation">.</span> <span class="token function">json</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">const</span> res <span class="token operator">=</span> response <span class="token punctuation">.</span> <span class="token function">json</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> pm <span class="token punctuation">.</span> globals <span class="token punctuation">.</span> <span class="token function">set</span> <span class="token punctuation">(</span> <span class="token string">"accessToken"</span> <span class="token punctuation">,</span> res <span class="token punctuation">.</span> access_token <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> |
- So now you don’t need to care about the jwt authentication process anymore, just go in and do it, feel free to be lazy 👏👏👏
- Chotot ‘s postman file, you can use it by changing your phone and password.
- Or practice on the project api I’m working on.