Postman Tutorial: How to Add Bearer Token for API Testing

This guide walks you through a standard Postman workflow for JWT authentication APIs. We create a Postman environment to store credentials and tokens, and show the requests for register, login, profile, refresh, and logout, and include test and pre-request scripts so Postman automatically manages the Authorization: Bearer {{token}} header.

Step 1 — Create a Postman Environment

1. Go to Environments → Add in Postman.

2. Add these variables:

   • base_url → http://localhost:8000/api

   • email → test@example.com

   • password → password123

   • token → (leave empty)

This environment will store your credentials and JWT token for all authentication requests.

Step 2 — Register a New User

• POST {{base_url}}/auth/register

• Body → raw → JSON:

{
  "name": "Test User",
  "email": "{{email}}",
  "password": "{{password}}",
  "password_confirmation": "{{password}}"
}

Registration is optional if you already have a user account.

Step 3 — Login to Get JWT

• POST {{base_url}}/auth/login

• Body → raw → JSON:

{
  "email": "{{email}}",
  "password": "{{password}}"
}

• Tests tab (save token):

let res = pm.response.json();
if (res.access_token) {
    pm.environment.set("token", res.access_token);
}

This automatically saves the token in the environment variable token.

Step 4 — Get Authenticated User Profile

• POST {{base_url}}/auth/profile

• Authorization → Bearer Token → {{token}}

This endpoint uses the saved token to fetch user info.

Step 5 — Refresh JWT Token

• POST {{base_url}}/auth/refresh

• Authorization → Bearer Token → {{token}}

• Tests tab:

let res = pm.response.json();
if (res.access_token) {
    pm.environment.set("token", res.access_token);
}

Refresh ensures your token stays valid without logging in again.

Step 6 — Logout User

• POST {{base_url}}/auth/logout

• Authorization → Bearer Token → {{token}}

• Tests tab (optional):

pm.environment.unset("token");

Logging out invalidates the token. Optionally, you can clear the environment variable.

Step 7 — Optional: Auto Refresh Token

Add this Pre-request Script at the collection level to automatically login if token is missing or expired:

if (!pm.environment.get("token")) {
    pm.sendRequest({
        url: pm.environment.get("base_url") + '/auth/login',
        method: 'POST',
        header: { 'Content-Type': 'application/json' },
        body: {
            mode: 'raw',
            raw: JSON.stringify({
                email: pm.environment.get("email"),
                password: pm.environment.get("password")
            })
        }
    }, (err, res) => {
        if (!err) {
            let json = res.json();
            if (json.access_token) pm.environment.set('token', json.access_token);
        }
    });
}

Workflow Summary

1. Register (optional) → create a new user.

2. Login → save JWT token automatically.

3. Profile → use token to fetch user info.

4. Refresh → update the token if expired.

5. Logout → invalidate token and optionally clear variable.

Summary

A compact, ready-to-publish tutorial that shows how to register, login, save a JWT (Bearer) token in Postman, use it across all endpoints, refresh it, and logout — plus an optional pre-request script to auto-refresh/login so you never have to copy-paste tokens.

Want the full source code?

Download the complete Laravel 12 JWT API Authentication example on my GitHub repo here.

Happy Coding!