Khaled Saeed

Posted on Jul 7, 2025

Automatically Set Access Tokens in Postman After Login (No More Copy-Paste)

#postman #api #automation #productivity

Automatically Set Access Tokens in Postman After Login (No More Copy-Paste!)

If you're working with APIs that use access tokens (like JWTs), you've probably dealt with the annoying routine:

Send a POST /login request
Copy the access token from the response
Paste it into the Authorization header of every other request

😩 Repeating this every time the token expires gets old fast.

🚀 What if you could automate it?

This guide shows you how to extract the token automatically after login and set it as a dynamic environment variable in Postman. Then you can reuse it in any request, no manual copying needed!

📦 Step 1: Create or Select a Postman Environment

Click New Environment in the top right of Postman
Add a new environment (e.g., Local API)
Add a variable called accessToken, set the type to secret, and leave the initial value empty

🧪 Step 2: Add a Script to Your Login Request

In your POST /api/v1/auth/login request, go to the Scripts section, then select the Post-response tab and add this:

const res = pm.response.json();

if (res.success && res.data && res.data.accessToken) {
    pm.environment.set("accessToken", res.data.accessToken);
    console.log("✅ accessToken saved to environment");
} else {
    console.log("❌ Failed to extract accessToken");
}

💬 What does this script do?

It parses the JSON response returned from your login request.
It checks if the response contains a valid accessToken.
If so, it stores the token in your environment as accessToken, making it available across all your other API requests.
You’ll see a confirmation in the Postman console.

You can also save more fields if needed:

pm.environment.set("refreshToken", res.data.refreshToken);
pm.environment.set("userId", res.data.user.id);

🧷 Step 3: Use the Token in Other Requests

Once the accessToken is saved as an environment variable, you can inject it automatically into your other requests.

✅ Option 1: Use the Authorization Tab

In your API request, go to the Authorization tab
Select Bearer Token for the Auth Type
Set the token to {{accessToken}}

✅ Option 2: Set the Header Manually

Instead of using the Authorization tab, you can manually add a header:

Authorization: Bearer {{accessToken}}

That’s it! Now your token will automatically update after each login and be used wherever {{accessToken}} is referenced.

🎁 Bonus: Automate Token Refresh (Optional)

If your API provides a refreshToken flow (e.g., POST /refresh-token), you can automate that too!

Create a separate request for refreshing the token, and add a Post-response script:

const res = pm.response.json();

if (res.newAccessToken) {
    pm.environment.set("accessToken", res.newAccessToken);
    console.log("🔄 accessToken refreshed and updated");
}

Then you can call this request manually or as a pre-request step if a 401 is detected.

🧠 Summary

Here’s what you’ve accomplished:

✅ Automatically saved your accessToken from the login response

✅ Injected the token into future requests using dynamic variables

✅ Removed the need for manually copying and pasting tokens

✅ Optionally prepared for refresh token logic

🏁 Conclusion

This small but powerful automation trick can save you a lot of time, especially when working with authenticated APIs during development or testing.

No more expired tokens or constant back-and-forth between tabs!

Let me know if you’d like a follow-up guide on chaining token refresh logic or fully automating session flows in Postman and I’d love to hear how you’re using Postman in your workflow.

Happy testing! 🙌

DEV Community