Get Firebase Access Token in POSTMAN

When you want to use Postman only and don't want to build a frontend you can use this auth request in Postman: POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key={API_KEY}

In the Body you should send the following JSON string:

{"email":"{YOUR_EMAIL_ADDRESS}","password":"{PASSWORD}","returnSecureToken":true}

Content type is application/json (will be set automatically in Postman). You can find the Firebase API_KEY in the Firebase project settings (it's the Web-API-key).

As response you will get a JSON object and the idToken is the token you need for all your API requests as Bearer token.

To have a automated setting of this token, you can add the following code in the Tests tab at your auth request:

var jsonData = JSON.parse(responseBody);
postman.setGlobalVariable("id_token", jsonData.idToken);

For all your API requests you should set the Authorization to Bearer Token and the value for the token is {{id_token}}.

Now the token will be automatically used once you executed the auth request and got the response.


An easy way to retrieve the access token from firebase is to:

  1. create an html file in a directory
  2. copy in the html file the content of firebase auth quickstart
  3. replace the firebase-app.js and firebase-auth.js as explained in firebase web setup to point them at the proper cdn location on the web
  4. replace firebase.init script with the initialization code from your app on the console like this:
var config = {
    apiKey: "my secret api key",
    authDomain: "myapp.firebaseapp.com",
    databaseURL: "https://myapp.firebaseio.com",
    projectId: "myapp-bookworm",
    storageBucket: "myapp.appspot.com",
    messagingSenderId: "xxxxxxxxxxxxx"
};
firebase.initializeApp(config);
  1. open the html file in your browser and either sign in or sign up. The Firebase auth currentUser object value should be displayed.

    1. inspect the html and expand the quickstart-account-details element. This should have the json object displayed.

    2. copy the content of accessToken

    3. In postman go to authorization, select bearer token and paste the copied token in the token value field.

You should be now able to call apis that are secured by firebase auth. Keep in mind that this only gets and passes the access token so once the token is expired you may need to request a new one (steps 5 to 8)

you can also look at this
Hope this helps!