Authorization per Environment

Hi, I have a number of Environments with different username/passwords for login.
Can I configure an Authorization per Environment?

Hi @desmond.kirrane,

Welcome to the community! :clap:

If the type of authorization is the same between environments, you can use environment variables in the authorization tab in order to change your authorization credentials per environment. Assuming Basic Authorization, Simply make a username and password variable in each environment and they’ll get filled in appropriately.

If they are not the same type of authorization (bearer token, hawk, etc) then you can’t do so via the method I explained above. But you can store credentials in your environment with no problem and you can make it work by calling your authorization appropriately.

Just be weary of using sensitive credentials in a environment shared by a team, unless they are shared credentials :wink:.

Hope this helps!

Regards,
Orest

Hi Orest,

sorry to barge into this thread. what if the creds are api key id and secret that is on the body of the first post, say login post. then the asc_ssession_id is generated on the response header.

how can i use the value of the header if the succeeding api calls need the value but with a different header, say asc_xsrf_token?

thanks,
knychtell

Hi @knychtell,

Not a problem! I think I understand what you are asking, though I am not 100% certain.

For succeeding requests using that asc_session_id, you would just place the variable value where its supposed to go. That shouldnt be a problem. First you would save that asc_session_id as a variable when handling the callback response, and then use it wherever.

As for the asc_xsrf_token, that depends on what your web server expects, but if its just a normal XSRF type token, you should be able to generate one client side with no problem. I believe you can just make it some random string of characters. Then you would just place that in your header.

I hope this answers your question!

Best,
Orest

I have a very similar use case. For the test and production environments, I need to use an authToken, but for local development, I need to set it to No Auth.

At the moment, I’m working around this by overriding the auth setting on each request, but it’s not ideal.

Is there any way to set No Auth for all requests in the environment?

From the reply from @odanylewycz it sounds like this isn’t currently available - how can we make this feature request?

Hi @malcolm.young,

Welcome to the community! :clap:

That would be a great feature request. It might be possible to make changes using the Postman Collection SDK, which you can find here Request - Postman Documentation. Now I honestly don’t know if you can use this the adjust the main request using the SDK to set the RequestAuth to nothing, and then reset it to authToken when in production (you can use an environment variable as a flag), however, I don’t think that is quite possible. This would be a good question to ask the development team, and if not possible, you can submit a request on their github page, or in their RFC section of the community.

Hope you can find something to make this a littles less of an annoyance!

Best,
Orest