Every API call requires an Access Token to identify the authenticated user.
For security purposes, Access Tokens expire after 60 minutes. If you are using
OAuth 2.0, use the provided Refresh Token to obtain a new Access
Token. If you are using server authentication, JWT or
Client Credentials Grant, make an API call to the token endpoint
to request a new Access Token.
If your application leverages OAuth 2.0 for authentication, you can
follow the steps below to obtain a token pair via Postman.
The grant_type will always be authorization_code.
The client_id and client_secret values can be obtained from the Configuration tab for your application in the Developer Console.
To obtain the value for code, build and visit your
authorization URL in your browser. Complete the OAuth 2.0 flow and,
upon redirecting to your configured redirect URL, the authorization code will be
at the end of the URL. As a reminder, this authorization code is only valid for
30 seconds. This means you must enter it to the designated field in Postman and
click Send before it expires. Therefore, we recommend entering the other
values so the API call is ready to send as soon as you get the code.
