Mastering Postman's Authorization Schemes: Basic, Digest, Hawk, and OAuth 1.0

Authorization Types Supported by Postman

Postman can work with the following authentication protocols: No Auth, Basic Auth, Digest Auth, OAuth 1.0, and Hawk Authentication.

Basic Auth

Username: postman Password: password Authorization scheme: Basic When these credentials are sent, Postman returns a JSON response confirming successful authentication:

{
  "authenticated": true
}

Digest Auth

Digest authentication is a simple HTTP‑based mechanism that uses hash encryption to avoid transmitting passwords in clear text. It verifies that both parties share a secret.

Example

Request URL: https://postman-echo.com/digest-auth Configuration (same username and password as Basic Auth):

Digest username="postman", realm="Users", nonce="ni1LiL0O37PRRhofWdCLmwFsnEtH1lew", uri="/digest-auth", response="254679099562cf07df9b6f5d8d15db44", opaque=""

Hawk Auth

Hawk is an HTTP authentication scheme that uses a Message Authentication Code (MAC) to provide partial encryption verification of requests. It requires a shared symmetric key established during an initial TLS handshake or other secure exchange.

Example

Request URL: https://postman-echo.com/auth/hawk Key information:

Hawk Auth ID: dh37fgj492je Hawk Auth Key: werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn Algorithm:

sha256

OAuth 1.0

OAuth is an open standard that allows third‑party applications to access a user's private resources without exposing the user's credentials.

Example

Request URL (GET, add authorization data to request headers): https://postman-echo.com/oauth1 Parameter configuration:

Consumer Key: RKCGzna7bv9YD57c Consumer Secret:

D+EdQ-gs$-%@2Nu7