Skip to main content

Auth Inheritance

Auth Inheritance lets you configure authentication once at the collection or folder level and have all requests inside it use that auth automatically.

How it Works

Each request and folder can have its Auth type set to Inherit from Parent. Rostyman walks up the hierarchy to find the nearest parent with auth configured:

Collection (Bearer Token: {{collectionToken}})
└── Folder "Users" (Inherit ← uses collection's Bearer Token)
    ├── Subfolder "Admin" (API Key: X-Admin-Key)
    │   ├── GET /admin/users       (Inherit ← uses Admin's API Key)
    │   └── POST /admin/users      (Inherit ← uses Admin's API Key)
    ├── GET /users                  (Inherit ← uses collection's Bearer Token)
    ├── POST /users                 (Basic Auth: admin/pass ← overrides)
    └── DELETE /users/:id           (Inherit ← uses collection's Bearer Token)

Resolution Order

When a request is set to "Inherit from Parent":

  1. Check the request's parent folder — if it has a non-inherit auth, use it
  2. Check the grandparent folder, and so on up the folder chain
  3. If all folders inherit, use the collection's auth
  4. If the collection auth is "No Auth", the request has no authentication

The first non-inherit auth found in the chain wins.

Setting Up Collection-Level Auth

  1. Click the collection name in the sidebar to open the Collection tab
  2. Go to the Authorization sub-tab
  3. Configure the authentication type and credentials
  4. Set individual requests to Inherit from Parent

Setting Up Folder-Level Auth

  1. Click a folder name in the sidebar to open its Folder Settings tab
  2. Go to the Authorization sub-tab
  3. Choose an auth type (or leave as "Inherit from Parent" to pass through from the collection)
  4. All requests inside the folder that use "Inherit from Parent" will use this folder's auth

Resolved Auth Preview

When a request uses "Inherit from Parent", the Auth tab shows:

  • The resolved auth type and which parent it comes from (e.g., "Inheriting Bearer Token from Users folder")
  • A read-only preview of the resolved auth fields
  • A link to Edit Auth in [parent name] — clicking it opens that folder or collection's Authorization tab

Override at Any Level

You can override inherited auth on any individual request or folder by setting a different auth type directly. The most specific (deepest) auth configuration wins.

When to Use Inheritance

  • All requests in a collection use the same API key or bearer token
  • Most requests share auth but a few endpoints use different credentials
  • You want to change auth for all requests by updating it in one place
  • Different folders need different auth (e.g., admin vs. public endpoints)