When you import a Postman collection into mabl, mabl ensures that authorization settings are applied correctly. This article explains how auth settings work in Postman and mabl and how authorization settings are imported into mabl.
Postman auth
In Postman, authorization settings can be applied to the collection, a folder within the collection, or an individual request. These authorization settings propagate down to every descendant folder or request with the authorization type "inherit auth from parent," but they are overridden by any child folders or requests with their own authorization setting, including "No auth."
- Collection-level auth applies to every request in the collection, unless overridden by auth settings for a child folder or request.
- Folder-level auth applies to descendant folders and requests, unless overridden by auth settings for a child folder or request.
- Request-level auth applies to the individual request.
mabl auth
In mabl, authorization settings can be applied at the test level or the request level. By default, the auth method for each request is "Use test-level auth", which means the auth settings at the test level propagate down to the request. Otherwise, the auth settings at the request level override auth settings at the test level.
- Test-level auth applies to every request in the API test, unless overridden by auth set at the request level.
- Request-level auth applies to the individual request.
How authorization settings are imported into mabl
When importing a Postman collection, mabl recreates the Postman authorization settings on the created tests.
Importing as separate tests
When importing folders as separate tests, the following rules apply:
- If the folder had its own authorization setting, that auth setting becomes the test-level auth setting for the created API test.
- If the folder inherited an authorization setting from a parent folder or collection, the inherited authorization setting becomes the test-level auth setting for the created API test.
Any requests with a request-level authorization maintain the same request-level authorization in the created API test.
Importing as a single test
When importing an entire Postman collection as a single test, the following rules apply:
- The auth setting for the Postman collection becomes the test-level auth setting for the created API test.
- If any folders had authorization settings that differed from the collection, the Postman requests which inherited that folder's authorization settings are imported as mabl requests with a matching authorization field.
Any requests with a request-level authorization maintain the same request-level authorization in the created test.
Supported authentication types
Currently, mabl supports API key, basic auth, bearer token, and OAuth 1.0 authentication types for API tests. If the Postman collection includes authentication types outside of this supported list, they will not be imported into the created mabl API test(s).
If you need support for additional authentication types, please let us know via the mabl Product Portal.