LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: API Testing Foundations

Unlock the full course today

Join today to access over 24,000 courses taught by industry experts.

Using authorization tokens

Using authorization tokens - Postman Tutorial

From the course: API Testing Foundations

Start my 1-month free trial Buy for my team

Using authorization tokens

“

- [Instructor] In the last video, I showed you how to use basic auth in an API request. There are some downsides to that type of authentication though, and so it has become much more common for APIs to use some form of an authorization token instead. These tokens combine together both authentication and authorization. In essence, the server says, anyone who presents me with this token is allowed to do the things that this token has been set up to do. So, let's take a look at an example of this in practice. If I log into GitHub, I can go to the developer settings in my account, go to personal access tokens and generate a new token. Now, this token can have an expiration for how long it's valid for, and then we can pick different endpoints and actions that this token should be allowed to use. So, I'll give it full access to the repos endpoint here, which means that I should be able to read information about all my repos, as…

Contents