When you import a Postman collection into mabl, mabl recreates the Postman authorization settings on the created test(s). This article explains how mabl imports auth settings from a Postman collection into a mabl API test.
Understanding authorization levels in Postman and mabl
mabl API auth works similar to Postman. Auth settings that are applied at a higher level propagate down to individual requests, but If you explicitly set auth at a lower level, it will override the higher-level auth setting.
The main difference between auth in Postman and mabl is related to how tests are organized.
Postman auth types
| Type of auth | Description |
| Collection-level auth | Applies to every request in the collection, unless overridden by auth settings for a child folder or request |
| Folder-level auth | Applies to descendant folders and requests, unless overridden by auth settings for a child folder or request |
| Request-level auth | Applies to the individual request |
mabl auth types
| Type of auth | Description |
| Test-level auth | Applies to every request in the API test, unless overridden by auth set at the flow or request level |
| Flow-level auth | Applies to every request in an API flow, unless overridden by auth set at the request level |
| Request-level auth | Applies to the individual request |
How authorization settings are imported into mabl
mabl imports auth settings differently depending on whether you import the Postman collection as separate tests or as a single test.
Importing as separate tests
When importing folders as separate tests, the following rules apply:
- If the folder had its own authorization setting, that auth setting becomes the test-level auth setting for the created API test.
- If the folder inherited an authorization setting from a parent folder or collection, the inherited authorization setting becomes the test-level auth setting for the created API test.
Any requests with a request-level authorization maintain the same request-level authorization in the created API test.
Importing as a single test
When importing an entire Postman collection as a single test, the following rules apply:
- The auth setting for the Postman collection becomes the test-level auth setting for the created API test.
- If any folders had authorization settings that differed from the collection, the Postman requests which inherited that folder’s authorization settings are imported as mabl requests with a matching authorization field.
Any requests with a request-level authorization maintain the same request-level authorization in the created test.
Supported authentication types
Currently, mabl supports API key, basic auth, bearer token, OAuth 1.0, and OAuth 2.0 authentication types for API tests. If the Postman collection includes authentication types outside of this supported list, they will not be imported into the created mabl API test(s).
If you need support for additional authentication types, please let us know via the mabl Product Portal.