Skip to main content

How to set target authentication: Postman

Learn how to configure Snyk API & Web to authenticate and scan an API using a Postman collection.

Written by Ana Pascoal

You can configure Snyk API & Web to run authenticated requests and scan the API endpoints of your Postman Collection. This guide shows you how to do this in four simple steps:

  1. Configure your Postman Collection

  2. Add/update your Postman target

  3. Configure your Postman environment values

  4. Configure your Postman target authentication

Step one: Configure your Postman Collection

Make sure to create a top-level authentication folder in your Postman Collection, and include a test script on the required endpoint(s) to test if the authentication worked:

A script to test the login could be something like this:

var jsonData = pm.response.json(); 
pm.environment.set("bearerToken", jsonData.access_token);  
pm.test("response has the access token", function() { 
    pm.expect(jsonData).to.have.property('access_token');
 });

When done, export your Postman collection so you can import it to Snyk API & Web in step two.

  • Note: folder names are the "name" inside "item" that has another "item" inside them. For example, "Login" is a folder because it has "item" inside, but "Get Account Ids" isn't:

≻ cat SampleCollection.json
{

"item":[	
{
"name":"Login",
"item":[

},
		{	
"name":"Get Account Ids",
"event":[

}

Step two: Add/update your Postman target

Add the Postman target using the Postman collection you just exported.

If your target is already configured in Synk API & Web, you can update its schema. To do so:

  1. In Snyk API & Web, navigate to the Targets page.

  2. Identify the target you want to configure, and select the gear icon to access that target's settings.

  3. Select the Scanner tab and identify the API SCANNING SETTINGS module.

  4. Upload the Postman collection you obtained from step one.

  5. Save your changes.

Step three: Configure your Postman environment values

After adding your Postman target, go to its settings and configure the Postman environment values:

  1. In Snyk API & Web, navigate to the Targets page.

  2. Identify the target you want to configure, and select the gear icon to access that target's settings.

  3. Select the Scanner tab and identify the API SCANNING SETTINGS module.

  4. Configure the Postman Environment Values as needed.

  5. Save your changes.

Step four: Configure your Postman target authentication

After configuring the Postman environment values, configure your target's authentication:

  1. Select the Authentication tab of your target settings and identify the API TARGET AUTHENTICATION module.

  2. Start by selecting the Folder Schema File; once you do, the form is updated to show the remaining fields you need to set up:

  3. Fill the following fields:

    1. In VARIABLE TYPE, select how the variable is scoped in your Postman Collection. This must match how the variable is set in your collection's test script:

      1. Select Environment for variables set with pm.environment.set()

      2. Select Global for variables set with pm.global.set()

      For example, if your test script uses pm.environment.set("bearerToken", ...) as shown in step one, select Environment.

    2. In VARIABLE NAME, select the name of the variable as defined in your test script (for example, bearerToken).

    3. In PLACE VARIABLE CONTENT IN, select where to send the variable content - Header or Cookie.

    4. In FIELD NAME, select the name of the header or cookie field (for example, Authorization).

    5. In VALUE PREFIX, select an optional prefix added before the variable value (for example, Bearer).

  4. Select Add Variable. You can add multiple variables as needed.

  5. When all variables are configured, select Save and ensure the authentication toggle is set to On.

You can turn this authentication on/off at any time using the Off/On toggle button, or delete the configuration using the Delete button.

Did this answer your question?