Using Auth tokens

In this section, we'll look at passing Authorization and Authentication information in our requests, by accessing the GitHub REST API.

Let's try making a GET request to the URL

You'll get the following response:

  "message": "Requires authentication",
  "documentation_url": ""

This is beacause you are not authorized to access the API and inorder to gain access you would need to authenticate yourself. We use tokens to authenticate a user and to do so we first need to generate an access token from GitHub.

Generating access token

To get access to the GitHub API, you first need to generate a personal access token. For our demonstration we will generate one granting access to public repositories.

  1. Login to GitHub account
  2. Goto your personal access tokens page and click on generate new token
  3. Select tokens (classic)
  4. You should see a page like the one below:

  5. Specify the note as "Hoppscotch API" so that you can remember why you created it
  6. Under the "Select scopes" section only check public_repo
  7. Scoll down and click on Generate token
  8. You just generated your access token, now copy the token to your clipboard

Storing auth token in a variable

  • It is a recommended safe-practice to have your auth details in environment variables rather than inputting it directly to the authorization tab.
  1. Click on the Global environment to add a variable
  2. Create a variable called token and paste the token from GitHub as it's value

  3. Now open the Authorization tab and select Bearer from the dropdown list
  4. Input the token as shown below, make sure that you reference the token in variable format, ie <<token>>

  5. Click on "Send"

You should now see the response including details about your GitHub account.