By using Postman, you’re accessing your route outside of an authenticated session. Only requests from the Strapi front end have a user session associated with them, and even those need to be made using the helper plugin to add the session token. If one could just copy a session token and use it from elsewhere, it would leave Strapi with a big hole in its security.
There may be a way to get Postman to use the authentication api route to get an active session for a known user, but I haven’t tried to do that, and don’t know how. Perhaps if you re-frame your question [i.e. ask a new one about that] you may find someone who can help.
I suspect it wouldn’t help you to create an API token and use that for testing, because you want to obtain details of the current user - and an API token doesn’t have one.