Introduction

Postman is a powerful tool for testing APIs and automating workflows. This guide explains how to configure Postman to authenticate with the Unimicro Platform API using OAuth 2.0 with PKCE flow. We will set up environment variables for better organization and flexibility across test, development, and production environments.

Prerequisites

The user must create a new ClientID. Please see the article Authentication Guide on how to configure a web auth ClientID.

Ensure that the redirect URL https://oauth.pstmn.io/v1/browser-callback is added to the Web Auth ClientID configuration.

Setting Up OAuth 2.0 PKCE in Postman

To connect to an API requiring OAuth 2.0 PKCE authentication, Postman’s built-in authorization tools can be used to obtain and refresh access tokens automatically.

Step 1: Creating a Collection

  1. Open Postman and click on Collections.
  2. Create a new collection, e.g., Unimicro API.
  3. In the Authorization tab of the collection, set the following:
    • Type: OAuth 2.0
    • Grant Type: Authorization Code (With PKCE)
    • Callback URL: https://oauth.pstmn.io/v1/browser-callback
    • Auth URL: {{AuthUrl}}
    • Access Token URL: {{AccessTokenUrl}}
    • Client ID: {{ClientID}}
    • Scope: {{Scope}} (Dependent on the access rights chosen in the ClientID configuration. You can copy scopes directly from the Developer Portal App ClientID configuration.)
    • PKCE Code Challenge Method: SHA-256
  4. Click Get New Access Token, log in using your credentials, and Postman will retrieve a token.
  5. Save the token and ensure that all requests in the collection inherit authorization from the parent.

Managing Environments in Postman

To handle different environments (test, dev, production), we use global environment variables. This ensures easy switching between environments without modifying requests manually.

Step 2: Setting Up Environment Variables

In Postman, navigate to Environments and create a new environment, e.g., Test Environment.

  1. Add the following key-value pairs:KeyValueCompanyKey4f6d2833-891f-4437-a39e-f841457bc786 (Example)ClientIDcee05c7f-9df7-42d2-bf26-ee540caa6bfeClientSecretwqj0FOhHONfPlb4X7tyfFC9qcKOfT5tRLmE1H7jgT0rhgl0eQRIIWgy0mXsSLsboBaseUrlhttps://test.unimicro.no/apiAdminBaseUrlhttps://test-admin.unimicro.no/apiAuthUrlhttps://test-login.unimicro.no/connect/authorizeAccessTokenUrlhttps://test-login.unimicro.no/connect/tokenScopeAppFramework Sales.Admin openid profile email offline_access
  2. Save the environment and switch to it before making API requests.

Making API Requests

Once the authentication is set up, you can make API calls using BaseUrl and inherited authorization.

Step 3: Creating API Requests

  1. Create a new request under your collection.
  2. Set the method (e.g., GET, POST, PUT, DELETE).
  3. Use environment variables in the URL, e.g., {{BaseUrl}}/customers
  4. In the Headers tab, ensure Authorization is set to Bearer {{access_token}} (automatically handled by Postman).
  5. Click Send to execute the request.

Conclusion

Using Postman for API testing with OAuth 2.0 PKCE simplifies authentication and provides an easy way to switch between environments. By setting up authorization at the collection level and using environment variables, you can efficiently manage API interactions across different stages of development.

Next Steps

  • Automate token refresh with Pre-request scripts.
  • Use Postman monitors for scheduled API tests.
  • Explore Postman collections for sharing API workflows with teams.

For more details, visit the Unimicro Developer Portal.