Using Postman to Authenticate and Call APIs

Fetching an Access Token

You must use an access token to access protected APIs. This guide will show you how to obtain one using OAuth 2.0 Client Credentials.

Step 1: Open Postman

  1. Open Postman on your computer.

Step 2: Create a New Request

  1. Click on New > Request.

  2. Name your request (e.g., "Get Access Token") and save it to a collection.

Step 3: Set the Request Type and URL

  1. Change the request type to POST.

  2. Set the request URL to:

    https://gwg.cloud.utmost.co/api/gwg/supplier/oauth/token

Step 4: Set Authorization Method

  1. Go to the Authorization tab in Postman.

  2. Select Basic Auth from the dropdown.

  3. Enter your Client ID in the Username field.

  4. Enter your Client Secret in the Password field.

  5. Postman will automatically encode these credentials in Base64 and add them to the request.

Step 5: Set Headers

  1. Under the Headers tab, ensure the following key-value pair is present:

    Key

    Value

    Content-Type

    application/x-www-form-urlencoded

Step 6: Set the Body Parameters

  1. Under the Body tab:

    • Select x-www-form-urlencoded.

    • Add the following key-value pair:

      Key

      Value

      grant_type

      client_credentials

Step 7: Send the Request

  1. Click the Send button.

  2. If successful, you will receive a JSON response containing the access token.

    Example Response:

    {
   "access_token": "your_generated_token",
   "token_type": "Bearer",
   "expires_in": 3600
}

  3. Copy the access_token value for use in API calls.

Calling an Authenticated API

After obtaining the access token, use it in API requests.

Step 1: Create a New Request

  1. Click New > Request.

  2. Name your request (e.g., "Fetch Data") and save it to a collection.

Step 2: Set the Request Type and URL

  1. Change the request type to GET.

  2. Enter the API endpoint URL you wish to call.

Step 3: Set Headers

  1. Under the Headers tab, add:

    Key

    Value

    Authorization

    Bearer <your_generated_token>

    • Replace <your_generated_token> with the actual token obtained earlier.

Step 4: Send the Request

  1. Click Send.

  2. If successful, the API will return the requested data.

  3. If the token is invalid or expired, you will receive a 401 Unauthorized error.

Troubleshooting

  • Ensure that your Client ID and Client Secret are correct.

  • Verify that Postman is automatically encoding the credentials when using Basic Auth.

  • Check that the access token is not expired before making authenticated requests.

This guide enables suppliers to authenticate and use APIs securely via Postman.