it worked without a 'complete' NLAuth header in postman? maybe there IS a way then, i'm certainly no expert. 🙂

This will work if postman has an active NS login session (i.e. cookie) when it made the request