DEV Community

Aashutosh Poudel
Aashutosh Poudel

Posted on

Using Postman and Postman Interceptor to authenticate a session cookie based GraphQL API

Context

I once had to authenticate requests made from Apollo Studio to my local development server. The locally running GraphQL API was using session cookies for authentication. While there were workarounds and configs in order to set cookies correctly for requests sent from Apollo Studio, I wasn't able to reliably make it work. Also, I didn't want to change the cookie configs in my server as it would mess with my frontend setup.

Solution

I used Postman Interceptor to intercept cookies from the frontend. So every time a user logged in, Postman Interceptor would capture the appropriate cookies and store it. Now on every graphql requests made via Postman the stored cookies would be sent and user would get access to protected resource.

Steps:

captured-cookies

  • Next goto Postman and run a privileged query (which should not be available to unauthenticated/public users). The data is returned in the body and the relevant cookies are sent along with the request.

success-response

cookies-set-in-the-header

  • The cookies will be automatically removed/updated once we logout or login as a different user.

References:

Top comments (0)