Retrieve an Access Token
Retrieve an Access Token
Every API call requires an Access Token to identify the authenticated user. For security purposes, Access Tokens expire after 60 minutes. If you are using OAuth 2.0, use the provided Refresh Token to obtain a new Access Token. If you are using server authentication, JWT or Client Credentials Grant, make an API call to the token endpoint to request a new Access Token.
OAuth 2.0
If your application leverages OAuth 2.0 for authentication, you can follow the steps below to obtain a token pair via Postman.
- The
grant_type
will always beauthorization_code
. - The
client_id
andclient_secret
values can be obtained from the Configuration tab for your application in the Developer Console.
To obtain the value for code
, build and visit your
authorization URL in your browser. Complete the OAuth 2.0 flow and,
upon redirecting to your configured redirect URL, the authorization code will be
at the end of the URL. As a reminder, this authorization code is only valid for
30 seconds. This means you must enter it to the designated field in Postman and
click Send before it expires. Therefore, we recommend entering the other
values so the API call is ready to send as soon as you get the code.