Authentication and authorization at Insomnia

Authenticating with Insomnia app

To authenticate with Insomnia, you can use either external authentication (SSO) or native authentication to log in to the Insomnia app.

Insomnia supports federating user authentication through third-party identity providers for access management. You can use any identity provider (IdP) that supports SAML 2.0. With SSO, you can leverage your existing identity management workflow to govern which users can access the application.

Additionally, users must be entitled to the appropriate organizations before they can access specific projects managed in Insomnia.

Set up SSO →

Authenticating requests

To set up authentication for a given request, select the desired authentication type from the Auth dropdown. Then, fill out the required fields.

Insomnia supports the following authentication types for requests:

• Basic Auth: Username/password or API key based.
• Digest Auth: Nonce-based one-time hash authentication.
• OAuth 1.0: Token-based auth for services like Twitter.
• OAuth 2.0: Common standard for GitHub, Google, etc.
• Microsoft NTLM: Used in Windows-based networks.
• AWS IAM v4: Used to authenticate AWS API requests.
• Bearer Token: Supports prefix and optional sending.
• Hawk: MAC-based HTTP authentication.
• Atlassian ASAP: S2S protocol from Atlassian.
• Netrc file: Auto-login using .netrc configuration.

Learn more about request authentication →

Client certificates are used by some APIs as a means of authentication. Insomnia supports assigning a client certificate to a specific domain name and will automatically use them whenever a request to that domain is sent.

Insomnia supports PFX (Mac) and PEM (Windows and Linux) certificates.

Authorization controls who can do what in Insomnia. Authorization ensures users have the correct permissions and that you can access the Insomnia app through allowlisting domains.