Test Postman and NextJS secure API endpoints


I set up a NextJS + Auth0 environment following the official guide, and i have some secured APIs that I would like to test with Postman. but I can’t make it work…

I followed this guide: How to Manage a Collection of Secure API Endpoints with Postman (auth0.com) and I managed to get the token. Then I added the request to the collection and set the Authorization to use that token… but still the api returns 401 unauthorized.

Can anybody help me please?

Hi @mattveraldi,

Welcome to the Auth0 Community!

Is there anything else to the error? Is there a description?

Have you decoded the token to see if it is missing any necessary permissions etc.? You can decode it using jwt.io.


Thank you. This is the error:

    "error": "not_authenticated",
    "description": "The user does not have an active session or is not authenticated"

and this is the decoded jwt generated with postman OAuth2 authentication

  "iss": "https://dev-3iba167e.us.auth0.com/",
  "sub": "auth0|610960c6c61fd70077d1657e",
  "aud": [
  "iat": 1628007554,
  "exp": 1628093954,
  "azp": "i4tBFrdpABSoZMMPLBcXN3Jt320mSJ7w",
  "scope": "openid profile email"

The token is sent in headers correctly…
I’m securing the api with the H.O.F. withApiAuthRequired, maybe there is some configuration that I’m missing there?

What endpoint is giving you that error? Can you take a screenshot or code snippit of the request that is returning that?

The endpoint is running locally at localhost:3000/api/link-items and it is a POST call.

This is the POST handler

 * handle POST
 * @param req
 * @param res
const addNewLinkItem = async (req: NextApiRequest, res: NextApiResponse, user: Claims) => {
  const linkItem = req.body as LinkItem;
  try {
    await prisma.linkItem.create({
      data: linkItem,
    res.status(200).send("Link item created");
  } catch (error) {
    res.status(500).send("An error occurred creating link item");

And this is the export
export default withApiAuthRequired(requestHandler);

where requestHandler calls an handler based on the request type (POST in this case).

Did you ever find a solution? I seem to be running into the same issue, using nextjs-auth0 and withApiAuthRequired on the next.js side (works fine on its own), but I am unable to hook up my postman.

For the sake of completeness, I figured out a solution that I found here: https://github.com/auth0/nextjs-auth0/issues/135. It requires installing the desktop app and the chrome interceptor plugin, and snatching the session cookie from the localhost app



thanks for sharing your solution!

Unfortunately I didn’t find any… I just gave it up since I had been moved to another project

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.