Where to set secret for API_KEY


I’m using an API which needs an API_KEY and API_SECRET to be sent in the headers for each request.

I want to set this once for the entire collection of requests.

In the collection auth, it’s possible to enter an API_KEY but not a secret.

Any suggestions on how to do this?


you can add custom headers :slight_smile:


Add this to pre-requisite script in the collection level

What kind of Auth is your API using?

If the API is using basic authentication, you must combine the api key and secret in this format:


and then base64 encode it. You would then pass in the encoded string as your authentication. This site does a pretty good job at making it simple for you to get it in the right format.

If your API auth uses OAuth2.0, the steps are a bit more involved, we can go into that if you think it’s necessary.

1 Like

That’s a basic authentication , postman natively supports it

You will get in the authentication drop down

Thanks guys. This site doesn’t use basic auth, they just need their specific key and secret values in the headers.

It would be nice if the product supported common headers in a tab, like variables, but I guess some pr-request javascript will do. :slightly_smiling_face:

I just came across a problem with this solution. The only works when running the whole collection in the collection runner. When running a single request the collection pre-request scripts don’t run.

With auth, this does work since there is inheritance.

1 Like

Thats not correct , it should work for single request also . What postman version you are using

Sorry, my mistake. It does work by setting the headers in the collection - even when running a single request BUT for me it only works using the following format:

pm.request.headers.add( { key: “API_KEY”, value: pm.environment.get(“API_KEY”) } );
pm.request.headers.add( { key: “API_SECRET”, value: pm.environment.get(“API_SECRET”) } );

I’m using postman in the browser: v7.26.10