How to add custom headers to the builtin OAuth token request?

The API I’m invoking requires an “x-api-key” header for the OAuth2 token request. I haven’t found a way to add it to the builtin OAuth2 workflow. (Pre-request scripts don’t work for OAuth2). Is there a way to do this?

It seems like the API you are hitting might not be following OAuth 2.0 norms. I don’t think there is a way to add the header to the built-in mechanism, but you can check out this article to add a pre-request script to your collection that will effectively do the same thing. Of course you will have to add the header into the request you are building, but that’s not too bad.

Hi Allen, thanks for your response. The API I’m calling is actually built by my own company! :crazy_face: Are we breaking the OAuth2 standard by enforcing an x-api-key header on the token request?

I am by no means an OAuth2 expert, but it’s not a pattern I’ve seen before.

Typically what you would see when you are requesting your access token is have some sort of auth to the token bearer service through client credentials, implicit grant, or password.

You might want to give this url a once over, OAuth2 has very well established patterns in place.

We require client credentials and all, so we implement OAuth workflows. It’s only that we additionally require the x-api-key header. It would be nice if Postman would allow to customize its builtin OAuth requests.


Did you follow the guideline in the article I linked? You will be able to add your custom header that way.

I saw the link. Actually I was asking on behalf of some customer that was using Postman to try out our APIs. I will refer them to your article. I usually prefer to use my own programming language to try out APIs.