Authorizing Requests

o Authorizing requests include authenticating the identity of the client who sends
the request and verifies whether the client is allowed to access and conduct the
endpoint operations. APIs use authorization details to make sure that the client
requests access data safely.
o Several authorization types are available in Postman that you can use while
creating an API.
o You need to ask the provider for any authorization details you require while
using third party API.

Steps for Authorizing Requests in Postman

o Open the Postman app and enter a request in the Request URL section.
o Under the Authorization, the tab selects the authorization TYPE from the drop-
down menu, as shown in the image below.

The various authorization types are

o Inherit_auth_from_parent
This is the default auth type. In this, authorization type will be the same as the
parent, which means whatever the auth type you selected for that collection
(parent); the same auth type will be selected for the request, which is under that
collection.
o No_Auth
If you select this type, Postman will not send any auth data with the request.
o API_key
This is to send the Key and Value along with the API request.
o Bearer_Token
This auth type allows the Authorization of requests by using an access key.
o Basic_Auth
This allows users to send username and password along with the request for
API login.
o Digest_Auth
This is the two-point authentication of your API request. In this auth type user
will send a request where the server will reply with a number that can only be
 used once. Then the user again will send the request along with username,
password, and that realm number for Authorization of the request.
o OAuth
This auth type is to access third-party API data.
o Hawk_Authentication
This enables users to use partial cryptographic verification to authenticate their
requests. Hawk Auth id, which is your API authentication ID value and Hawk
Auth key, which is your API authentication key value, is required for
Authorization under this auth type.
o AWS_Signature
For Amazon Web Services requests, this auth type is used.
o NTLM_Authentication(Beta)
This is the auth type for windows OS and standalone systems.
o Akamai_EdgeGrid
Akamai technologies use this auth type for authorizing requests.
o After choosing an Auth type, the app will indicate which part among header,
body, URL, or params will include your data so that the user can see how these
data will be sent before they run the request.
o The authorization data can be sent as header, body, or as parameters to a
request

GET Request in Postman

GET request will not affect any data on the server. Means, there is no creation,
updation, addition, or deletion of data on the server when you are making a GET
request.

GET request contains all information inside the URL, and because of that, some people
do not prefer to use GET request while they are sending some confidential data such
as passwords. For example, if you search anything on Google, you actually using a GET
request because there is no sensitive information, and you are just requesting the
page. You can try to search for something on Google; you will get the same search
string in the URL.

Pretty: In this option, code will show colorfully with different keywords and have
indentations in the code, which is useful for reading.

Raw: This is almost similar to pretty but shows the code without colors and in single lines.
Preview: This will show the preview of the page that has been sent.

Response in Postman
Once you send the request, API sends the response. A response is a message the server
receives in return for a Request we send. When we send the request, then server
accepts that request in and sends back a packet of the requested information, which
is called the response. Each response depends on the sent request.

The server responds differently for every request, and it will be good if we take out
some info from all of the server responses. It provides a user-friendly interface to see
multiple pieces of information from all of the responses easily.

The postman response interface has multiple options. Let's see these options one by
one:

Status Code
A status code defines the status of the request. On entering URL, a mistake can be
typed in the URL, or there may be a server-side problem. Status code is used to know
about what went wrong and where you made a mistake. There are different status
codes, and each of the status codes has different meanings.

Let's see some standard status codes:

200: This code is used for a successful request.

201: For a successful request and data was created.

204: For empty response.

400: This is used for Bad Request. If you enter something wrong or you missed some
required parameters, then the request would not be understood by the server, and
you will get 400 status code.

401: This is used for Unauthorized Access. If the request authentication failed or the
user does not have permissions for the requested operations, then you will get a 401
status code.

403: This is for Forbidden or Access Denied.

404: This will come if the Data Not Found.

405: This will come if the method not allowed or if the requested method is not
supported.

500: This code is used for Internal Server Error.

503: And this code is used for Service Unavailable.

Time
Time is the duration between the sent request time and the received response time.
Means, this is the duration which the response took after we sent the request and
received the response.

This is very useful sometimes because many projects have a Service Level Agreement
(SLA). The time shown here is not the actual time that the request will take. It is just
approximate time, but you can consider this as an actual time.

Size
Size is the size of the response when it is processed within memory. This response size
includes the size of response, cookies, headers, and everything that has been
transmitted along with the response.

Response Body
A Response body is the body of the response, which actually contains the response
content that has been sent from the server. In this section, you can see the web page
code is sent to us as a response.

There are three ways to see the response in the response body:

o Pretty
o Raw
o Preview
o Pretty: As the name specifies, pretty is the prettier way to see the content. In this
option, code will colorfully show with different keywords and have indentations in the
code, which is useful for reading. Each color has different meanings. This makes the
code nicer.
o Raw: This is almost similar to pretty but shows the code without colors and in
single lines. It is just a raw version of the code without any colorful keywords.
 o Preview: This will show the preview of the page that has been sent. It has the
same page been run inside a browser. You just need to click on the preview,
and you will get the exact page as you would have seen inside a browser.
o Preview tab renders the response in a sandboxed iframe, and because of iframe
sandbox restrictions, JavaScript and images are disabled in the iframe.

Cookies
Cookies are the small size of files which contain the information related to server files
or website pages. Once you open the website for the first time, a cookie file will
download on your system. This cookie has some information which will be used by the
same site when you visit again. This allows the website to give a specific response and
specific information according to your last visit.

Postman offers you to see the cookies that have been sent from the server as a
response. We cannot make any changes to the cookies since we got from the server.

Try with the URL www.google.com and go to the Cookies section, you will get the
cookie.

Headers
Headers are the extra information that is transferred to the server or the client. In the
postman, headers will show like key-value pairs under the headers tab.

Once you select Headers option, you will get the following info:

POST Request in Postman

The post is an HTTP method like GET. We use this method when additional
information needs to be sent to the server inside the body of the request. In general,
when we submit a POST request, we expect to have some change on the server, such
as updating, removing or inserting.

One of the best examples of using POST request is the login page of Facebook or the
login page of other sites; you send your personal information such as the password to
the server. The server creates a new account with the same information and that
account, and the information is added permanently on the Facebook server.

Important points of the POST request:

 o POST requests will not take the cookies.
o POST requests are not left in the history of browsers.
o We cannot bookmark the POST requests.
o There is no restriction of data length in POST requests.

In Postman, every endpoint of REST API is associated with its HTTP verb. When an
endpoint states that it should be called using the POST http verb, then for calling the
endpoint, only the POST HTTP Verb is required.

The POST request is a fundamental method, and this method is mostly used when a
user wants to send some sensitive data to the server like to send a form or some
confidential data.

Sending Body Data

Since now, you know that we need to send the body data with requests whenever you
need to add or update structured data.

Select the POST request method, and go to Body option where we have different
options for sending data:

Here you have:

o none
o form-data
o x-www-form-urlencoded
o raw
o binary
o GarphQL

form-data
form-data sends the form's data. Such as the information you enter while filling out a
form. To send these details, write them as key-value pairs. Here, the key is the name
of the entry, and value is the value of the entry you are sending. Follow the following
steps:
x-www-form-urlencoded
It works similar to form-data. The only difference between both of them is that, when
you sent the data via x-www-form-urlencoded, the url is encoded. Encoded indicates
that the transmitted data is converted to various characters so that unauthorized
persons cannot recognize the data.

Raw
This is a very useful option while sending the body to the POST method. Here the body
data will be presented in the form of a stream of bits.

In the above examples, we already discussed the raw. So, we will not discuss it again.

Binary
Binary is used to send the data in a different format. Such as a file, image, etc. To use
this option, select binary and then click on Select File to browse any file from your
system.

GraphQL
Through this option, you can send the GraphQL queries in your postman requests by
selecting the GraphQL tab in the request Body.