Authorization is the process of verifying that a client has permission to access a resource.
Auth
type. Storing Auth Credentials or Bearer Tokens as environment variables, lets you re-use these more safely and efficiently.
Basic Auth
as your authentication type. You’ll then input your verified username and password. When you send the request, Postdata will automatically encode your credentials in the format:
Bearer
from the Authorization tab and enter your access token. Postdata will include the token in the request header as:
API Key
authentication by selecting it from the Authorization tab. Here, you’ll need to fill in two fields: the Key, which is the name the API expects (like api_key
or Authorization
), and the Value, which is your actual API Key. You can also choose whether to pass this API Key as a Header or as a Query Parameter.
OAuth 2.0
from the Authorization Type drop-down.Authorization Code
grant type, ensure the Callback URL is correctly configured (either https://postdata.cn/oauth
for Postdata Cloud or <your-domain>/oauth
for self-hosted editions). Next, provide the Authorization Endpoint and Access Token Endpoint from the API provider, along with the Client ID (and the Client Secret if you choose to use it). You can also specify the desired permissions in the Scope field and pass the token as a Header or as a Query Parameter. Once you’ve filled in these fields, click Generate Token to get your access token.
Using PKCE
Opting for OAuth 2.0 with PKCE (Proof Key for Code Exchange), you gain the option to enhance security. Upon selecting PKCE, you can choose between SHA-256 or Plain algorithms.
Client Credentials
grant type, input the Authorization Endpoint from the API provider, and fill in your Client ID. Including a Client Secret is optional.
Password
credentials grant type in Postdata, provide your API provider’s Authorization Endpoint, along with the Username and Password. Occasionally, you may also be required to supply a Client ID and Secret.
Implicit
grant type in Postdata, make sure the Callback URL is set as required (either https://postdata.cn/oauth
or <your-domain>/oauth
). You will need to further provide the Authorization Endpoint and Client ID to generate the token.
https://postdata.cn/oauth
while for self-hosted editions of Postdata, the callback URL should be set to <your-domain>/oauth
. You must configure this URL as a valid redirect URI in your OAuth provider’s settings. This is important because Postdata handles all OAuth requests on the client side. When your OAuth provider redirects you to this URL, we process the response to obtain the token or authorization code. Any mismatch between the registered callback URL and what Postdata uses will result in errors like INVALID_REDIRECT_URI
during the authorization process.
AWS Signature
in Postdata, enter your AWS Access Key and Secret Key to sign your requests. For advanced configuration, you can also provide details like the AWS Region where your service is hosted (like us-east-1), the Service Name of the specific AWS service you’re accessing (such as s3 or dynamodb), and a Service Token if you’re using temporary security credentials.
inherit
.