Using Authentication token from Postman

I’m testing experience endpoint authentication from an endpoint.

From endpoint 1 (access control set to :all public users), I get a response token, that I’m using in endpoint 2 (Access control set to: “Only authenticated users”). Expires in 300000 milliseconds
In postman, I set the header key “Authentication” to value “Bearer (returned response token)”
But authentication fails.

further info:
(I had to disable the default “Postman-Token” in postman first, not sure if that is necessary, but if not , no other token was visible in the header looking at the Workflow debug console)

Think I found the problem. Looks like I shouldn’t add "Bearer " in from of the token.
Is that correct?

Assuming you are using Postman’s “Authorization” tab with the “Bearer Token” option selected, then no, you should not include the word “Bearer” along with the token.

Now, the actual HTTP request that is being made does include “Bearer” in the value of the “Authorization” header; Postman is simply obfuscating that within their UI. Example cURL code for the screenshot above:

Similarly, if you were to set your token in a header without using the “Authorization” tab, you would need to include the word “Bearer” in the value along with the token:

I was not using the Postman’s Authorization Tab, but instead the “Header” key/Value, as you describe, but if I include "Bearer ", it does not work.

FYI, I’m using {{data.headers.authorization}} as Token template in the authentication node.

but if I include "Bearer ", it does not work.

Can you elaborate on this? Do you still have values in the “Authorization” tab that may be overriding what you have in the Headers tab or vice versa?

Is the request making it to your workflow but the Authenticate Node is failing?

Screenshots with redacted tokens, as always, are the best way to help you solve your issues.

Hi @Lars_Andersson,

Just supplementing what Dylan has asked above, is this value being passed to your Authenticate Node? If so, the literal “Bearer” string would also be included in the value, and would likely cause an authentication error.


Yes it is.
So I would have to strip "Bearer " out?