How to Automate OAuth2 Token Renewal in Postman

Discover how to automatically renew your OAuth2 access token in Postman so you never have to click the “Get New Access Token” button again.

Allen Helton
5 min readJul 12, 2019

Postman is a powerful tool that has an unbelievable amount of functionality. Included in the functionality is the ability to build authorization headers for 9 different authorization and authentication methods. The support comes out of the box and several of them can be parameterized. However, the OAuth2 method requires you to manually click a button to renew the token when it expires.

This can be a burden when you are running tests for an extended period of time and you continue to get disrupted by having to renew the access token. So let’s improve the process. There is a way so you never have to hit that “Get New Access Token” button again.

OAuth 2.0 screen in Postman

Since you’re here, I assume you already know what OAuth2 is, so I’ll cut straight to the point. You are going to need to set up a few variables, but before we do, let’s talk about the different types of variables we will be using.

  • Collection variables — These are immutable variables that belong to a particular collection. They are only relevant to the requests in the collection, and do not need to be shared across multiple collections. Since pre-request scripts and test scripts cannot update the values of the collection variables, be sure you only use these for static values.
  • Environment variables — These are variables that can span across collections and are usable in any request. Pre-request scripts and test scrips are able to update the values of these variables, so values that are subject to change, like an access token, need to be added as environment variables.

The key to the automation is in a collection pre-request script. This script will run before every request in the collection, so we only need to write this code once to make our lives easier. Here is the script we will be adding to the collection:

// Refresh the OAuth token if necessary



Allen Helton

I am an AWS serverless hero with a strong focus on API design and standardization, event-driven architectures, and software automation.