What Is the Postman-Token Header Attribute in Generated Code from Postman

What is the postman-token header attribute in generated code from Postman?

This is primarily used to bypass a bug in Chrome. If an XMLHttpRequest is pending and another request is sent with the same parameters then Chrome returns the same response for both of them. Sending a random token avoids this issue. This can also help you distinguish between request on the server side.

See docs/settings postman.

Understanding bearer tokens when using Postman and not using Postman?

Postman Token :

So it is just a custom header to track and debug postman requests in the receiving server

It doesn't do any authorization

Why no token in fiddler:

Because you haven't added it . You can add any custom header to the request you are sending

Why it works when used as bearer token

Because in your login call your session is cached . So for subsequent requests it is using cached session

To close the session , update the Connection header from keep-alive to close

Try setting second request to no auth:

and see if the request is still successful to confirm you are using cached session

Sending JWT token in the headers with Postman

For the request Header name just use Authorization.
Place Bearer before the Token. I just tried it out and it works for me.

Authorization: Bearer TOKEN_STRING

Each part of the JWT is a base64url encoded value.

---

Related Topics