Automatically Set Access Tokens in Postman After Login (No More Copy-Paste!)
If you're working with APIs that use access tokens (like JWTs), you've probably dealt with the annoying routine:
- Send a
POST /login
request - Copy the access token from the response
- Paste it into the
Authorization
header of every other request
😩 Repeating this every time the token expires gets old fast.
🚀 What if you could automate it?
This guide shows you how to extract the token automatically after login and set it as a dynamic environment variable in Postman. Then you can reuse it in any request, no manual copying needed!
📦 Step 1: Create or Select a Postman Environment
- Click
New Environment
in the top right of Postman - Add a new environment (e.g.,
Local API
) - Add a variable called
accessToken
, set the type tosecret
, and leave theinitial value
empty
🧪 Step 2: Add a Script to Your Login Request
In your POST /api/v1/auth/login
request, go to the Scripts section, then select the Post-response tab and add this:
const res = pm.response.json();
if (res.success && res.data && res.data.accessToken) {
pm.environment.set("accessToken", res.data.accessToken);
console.log("✅ accessToken saved to environment");
} else {
console.log("❌ Failed to extract accessToken");
}
💬 What does this script do?
- It parses the JSON response returned from your login request.
- It checks if the response contains a valid
accessToken
. - If so, it stores the token in your environment as
accessToken
, making it available across all your other API requests. - You’ll see a confirmation in the Postman console.
You can also save more fields if needed:
pm.environment.set("refreshToken", res.data.refreshToken);
pm.environment.set("userId", res.data.user.id);
🧷 Step 3: Use the Token in Other Requests
Once the accessToken
is saved as an environment variable, you can inject it automatically into your other requests.
✅ Option 1: Use the Authorization Tab
- In your API request, go to the Authorization tab
- Select Bearer Token for the Auth Type
- Set the token to
{{accessToken}}
✅ Option 2: Set the Header Manually
Instead of using the Authorization tab, you can manually add a header:
Authorization: Bearer {{accessToken}}
That’s it! Now your token will automatically update after each login and be used wherever {{accessToken}}
is referenced.
🎁 Bonus: Automate Token Refresh (Optional)
If your API provides a refreshToken
flow (e.g., POST /refresh-token
), you can automate that too!
Create a separate request for refreshing the token, and add a Post-response script:
const res = pm.response.json();
if (res.newAccessToken) {
pm.environment.set("accessToken", res.newAccessToken);
console.log("🔄 accessToken refreshed and updated");
}
Then you can call this request manually or as a pre-request step if a 401 is detected.
🧠 Summary
Here’s what you’ve accomplished:
✅ Automatically saved your accessToken
from the login response
✅ Injected the token into future requests using dynamic variables
✅ Removed the need for manually copying and pasting tokens
✅ Optionally prepared for refresh token logic
🏁 Conclusion
This small but powerful automation trick can save you a lot of time, especially when working with authenticated APIs during development or testing.
No more expired tokens or constant back-and-forth between tabs!
Let me know if you’d like a follow-up guide on chaining token refresh logic or fully automating session flows in Postman and I’d love to hear how you’re using Postman in your workflow.
Happy testing! 🙌
Top comments (0)