Day 6 - Authorization understanding


I have submitted the request successfully following the documentation but I would like to understand that if request ‘post User Login’ has generated the token then how we are able to set the authorization at folder level where this request is stored i.e. New user workflow.

My understanding is one request token as output for input to second request.

You’ve followed the instructions to the letter, and you are correct to question the authorization setup and the flow of the requests.

The User Login request generates the token that is used in the authorization helper that you set at the folder level. (Which includes an api-key header with every request in that folder).

The authorization\api-key is needed for the Account Summary and User Logout requests.

The User Login request should probably have its authentication changed to “No Auth” or the User Login request should be outside of the folder that you’ve set the authorization helper on.

In this scenario, I would probably just set the request to “No Auth” so it doesn’t send the api-key, but I would like to keep the requests together in the same folder.

In this instance it would appear that sending the API key when its not needed isn’t breaking anything. (and I wouldn’t change anything, as it will probably cause it to fail the submit request).

Good spot and glad you are paying attention to the training :slight_smile:

Thanks Mike for the detailed clarification.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.