Introducing Atlassian’s ASAP authentication in Postman Giridhar November 15, 2023 In the ever-evolving landscape of API development and testing, Postman aims to consistently ensure you have the right set of tools for your API needs. Authentication is one of the key areas in which we’ve seen our users face trouble, and we’ve been working hard to continuously improve our authentication landscape. In the last year, we’ve made well-received improvements, including token refresh support for OAuth 2.0, JWT auth, and even a simpler way to add auth to some of our public APIs. Today, we are excited to announce support for Atlassian’s ASAP (Atlassian Service Authentication Protocol). It is a mechanism used by a resource server to authenticate requests from the client in a client-server communication scenario. ASAP uses familiar concepts for OAuth 2.0 and JWT, like client, resource server, access token, and more, with the goal of being performant and secure. Getting started Getting started using ASAP in Postman is pretty straightforward. You will find the ASAP auth list along with the other authentication protocols in the Authentication section in requests, folders, and collections. After selecting it, you’ll be required to fill in the essentials for creating a token, such as Algorithm, Issuer, Audience, etc. There is also a section for the optional fields, such as subject, additional claims, and expiry. With these details set, the token is created at runtime, i.e., at the time of request sending: We really hope you like these changes. As always, we welcome your feedback in a comment below. Try Postman now In this post Tags: Authentication Product Updates Security Tutorials Giridhar Giridhar is a product manager at Postman. View all posts by Giridhar → What do you think about this topic? Tell us in a comment below. Comment Cancel replyYour email address will not be published. Required fields are marked *Your name Your email Write a public comment Δ This site uses Akismet to reduce spam. Learn how your comment data is processed. 2 thoughts on “Introducing Atlassian’s ASAP authentication in Postman” Daniel M March 28, 2024 I tried using this in Postman 10.24.11 and was unsuccessful. It’s listed, I entered the data, and included the private key, but the token is never added to the request when I analyze it with Fiddler. The Postman Team May 9, 2024 Please contact our support team at http://www.postman.com/support and they’ll be able to help you. You might also like What is a Bearer Token? Understanding API Authentication The Postman Team Quick answer Bearer tokens authenticate API requests by granting access to whoever possesses the token, passed in the Authorization header as Authorization:… Read more → Introducing the CLI Generator Arie Litovsky Turn any Open API spec or Postman Collection into a fully-featured command-line tool Today, we’re excited to announce that Postman users can… Read more → API Security Best Practices: A Developer’s Guide to Protecting Your APIs The Postman Team This guide explains how to secure an API in production. You’ll learn: The most important API security best practices Common vulnerabilities like… Read more →