Authorization Header

I have a question using Authorization Header

I noticed there are two places where you could place the your access token
what are the differences?

  1. Headers: Authorization - with bearer {{access_token}}
  2. Authorization - Type Bearer, Token {{Access_token}}

For my case, my request failed if the access token is done via the Authorization header(1)
The request is successful if I use the Authorization tab (2)

I am expecting both should behave the same but I am getting different results.
I do not know if the server behaves differently or if Postman is sending the credentials differently
Thank you for any information

Hi @kato2019

Typically speaking, they both end up being passed as a header…

What does the console log show for each?
Do both have the “bearer” prefix?
Is the capital letter causing one of the tokens to fail?


Yes both have the bearer prefix

The first one is suitable for running autotests in the postman window, if you suddenly need additional information, for example, if you need an additional login / password at different stages of access, which can be specified in additional options.
The second type is better for running tests in newman, because newman works worse with additional variables that are specified in additional options

1 Like

When you use Bearer Authorization helper under the Auth tab, Postman adds a Header (Authorization: Bearer {{access_token}}) for you. Once you add your token under the Auth tab, peek under the Headers tab and expand the hidden headers to see exactly how Postman is formatting the Header.

Or for more visibility into the differences, you can do as @w4dd325 suggests, view the network call in the console. Or look under the code generation snippet.

Differences between the 2 approaches:

Option 1: add an authorization header

  • User can tweak the prefix (e.g. Token <your-access-token> instead of Bearer <your-access-token> ).
  • Authorization header is displayed explicitly in the API documentation.
  • With both of these options, you can share the request and collection with your teammates. Header is saved with the request and collection under the header property.

Option 2: use an authorization helper

  • Can set authorization at the collection-, folder-, or request-level. Easy to set up the same authorization method for every request inside the collection or folder.
  • With both of these options, you can share the request and collection with your teammates. Authorization is saved under the auth property.

I am no expert in this matter but I feel when you use the Authorization method, specifying “Inherit auth from parent” is very useful from a maintenance standpoint. This allows you to not have to specify the token for every endpoint, even if it is just a variable. Instead just define it at the desired folder level. The tradeoff is that IF you use nested folders, you will need to navigate back up the folders until you reach the one that is not set to “Inherit auth from parent” to make the change :slight_smile:

1 Like

Thank you all for the reply. They are all very valuable tips