Postman authorization
To allow users to access securely, APIs have authorization features that will allow an individual to use the system and data stored on that system. These authorizations are granted and administered depending on the system. Accessing some APIs with Postman requires these parameters, how to integrate?
Postman provides the available authorization requests that the user can use (depending on the requirements of the system). These authorization will be added to the Headers or Body of the request: 
- Inheriting auth
- No auth
- API key
- Bearer token
- Basic auth
- Digest auth
- OAuth 1.0
- OAuth 2.0
- Hawk authentication
- AWS Signature
- NLTM authentication
- Akamai EdgeGrid
For example, I will practice with the API: https://api.github.com/user/repos of github with some authentication methods on:
First of all, a “power of attorney” is required, which can be registered in different locations depending on your needs.
- Register with username and password
- Token registration: Personal access tokens – the tokens you have created can be used to access the GitHub API.
- Register oauth app: OAuth Apps – These are applications you have registered to use the GitHub API.
- …
Use with API key
This usage is very similar to adding the ‘Authorization’ key on Headers (too much because it’s one). But here you can add it to Query Params. I used Authorization with the value: Bearer < Personal access tokens >
Use with Bearer token
As above, but there is no need to add Bearer in advance because the selected type of authorization is the Bearer token : 
Use with Basic auth
This way is true Basic 
Just login with your username and password, most APIs can use this way 
but on the condition that you do not turn on two-factor authentication for your account or anything like that. It is similar to the login page with the username and password no more !!
But I still want to login with Basic auth and Xác thực 2 yếu tố , how to do? Simply send the following 2-layer verification codes on the Header: X-GitHub-OTP: ******
Use with OAuth 2.0
This way, you need to have OAuth App pre-registered with Client ID and Client Secret , and in addition, you need to have Callback url (register itself on oauth), Auth URL , Access Token URL (these two are provided by the system) For example: 
summary
There are some other ways I still have not tried it 
Looking forward to receiving suggestions from everyone. Thanks for everyone who has read your article 