What is the postman-token header attribute in generated code from Postman?

d4rty picture d4rty · Apr 27, 2016 · Viewed 33.3k times · Source

I have been using postman to explore a REST interface. When using Postman's code generation feature, regardless of which programming language I select, Postman will always add a postman-token attribute in the header. Why is it there?

See for example PHP Curl:

<?php

$curl = curl_init();

curl_setopt_array($curl, array(CURLOPT_URL => "https://myURL.com,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
  "authorization: Basic abcdefghijklmnop",
  "cache-control: no-cache",
  "postman-token: wt53gwg-e9bb-645d-g53d-e42f8765aut0"
  ),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Answer

d4rty picture d4rty · Apr 27, 2016

This is primarily used to bypass a bug in Chrome. If an XMLHttpRequest is pending and another request is sent with the same parameters then Chrome returns the same response for both of them. Sending a random token avoids this issue. This can also help you distinguish between request on the server side.

See docs/settings postman.