> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getpostchi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Folder Settings

> Configure a base URL and authentication scheme for a folder so every request inside it inherits them automatically.

Right-click any request folder and choose **Settings** to open the Folder Settings.

## Nested settings

Only the nearest folder's settings apply. Settings do not merge between levels — a deeper folder's settings fully replace the ones above it for requests in that folder.

This means you can set a default base URL at the root, then override it for specific subfolders without touching any other requests.

<Tip>
  Group requests by service or domain and set a base URL. This way you only need to update it in one place when an endpoint changes.
</Tip>

***

## Authentication

Each folder can have an authentication scheme. When configured, Postchi injects the appropriate auth headers into every request in that folder — and all subfolders — automatically.

Open the Folder Settings for any folder to configure authentication. Each auth scheme appears as a card where you fill in the environment variable names to use. Use the **Show Environments** button to manage those values directly from the folder settings.

<Tip>
  Keep credentials out of your settings. The auth config only names the environment variables to use — the actual values come from your active environment in `environments.cenv` or `secrets.cenv`.
</Tip>

### Bearer token

The **Bearer Token** card shows a **Token Variable** field. Enter the name of the environment variable that holds your token (e.g. `api_token`).

Postchi adds `Authorization: Bearer <value>` to every request in the folder.

### Basic auth

The **Basic Auth** card shows a **Username Variable** and a **Password Variable** field. Enter the environment variable names for each.

Postchi Base64-encodes the credentials and adds `Authorization: Basic <value>` to every request.

### API key

The **API Key** card shows a **Key Variable** field. Enter the environment variable name that holds your key.

Postchi adds the key as a header to every request using the header name defined in your settings.

<Note>
  Only header-based API keys are auto-injected. Query and cookie placement is not currently supported.
</Note>

### Multiple schemes

You can have more than one auth scheme configured on a folder — each appears as its own card. Postchi uses the first method defined, in a later version you will be able to choose what method to use from insdie a request.

### Per-request override

If a request has an authorization header set the inherited auth will be ignored.

You can also disable the inherited authorization by setting the value of authorization header to the function `noAuth()`:

```http theme={null}
GET https://api.example.com/admin/report
Authorization: noAuth()
```
