Client Credentials Tutorial

In this section you will learn how to try an API using the Postman collections from the API reference documentation, in a Client Credentials OAuth2 grant flow.

Prerequisites

To run this tutorial you need:

  1. A recent installation of Postman on your computer.
  2. A valid FusionCreator account.
  3. An application on the portal registered with the APIs that you want to try.

When you add an IP to your application whitelist, you allow only the requests made using that IP to interact with your application. If you completed IP Whitelist section while you registered your application on FusionCreator, you must follow the Postman tutorials from an IP that is available on the list. The following formats are supported: IPv4 for IPs and IPv4 CIDR for IP ranges.

Postman Tutorial

To import the Postman collections from the API reference documentation

  1. From the API reference documentation, click Actions, and then select Download Postman collection. The Postman collection JSON definition file is downloaded to your computer.

Download the Postman collection from the API reference documentation.

  1. Launch Postman.
  2. (Optional) Close the start-up panel.
  3. From the toolbar, click Import.

Import a Postman collection.

  1. On the IMPORT dialog box, select Import file.
  2. Click Chose Files, browse to the location where you saved the file at the step 1, and select it. The collection is imported, and the requests are listed under the Collections tab.

A Postman collection is imported.

To retrieve the access token from the Authorization Server

  1. From the Collections section, select a request that you want to test.
  2. In the Authorization section, open the TYPE menu and select OAuth2 from the list.
  3. Click Get New Access Token. The GET NEW ACCESS TOKEN form opens.

Import a Postman collection.

  1. Fill in the GET NEW ACCESS TOKEN form as follows.
Token Name
A name for the token, that is relevant to you.
Grant Type
Select Client Credentials.
Access Token URL

The token_endpoint of the Discovery Service. 

tokenUrl
Client ID
The Client ID of your application.
Client Secret
The Secret Key of your application.
Scope
Enter openid.
Client Authentication
Select Send as Basic Auth Header.

The GET NEW ACCESS TOKEN form for an HTTP request, in the Client Credentials Grant Flow, with Postman.

  1. Click Request Token. The Access Token is retrieved from the Authorization Server, and saved with the name you provided.
  2. (Optional) Scroll down the window, and click Use Token. The token is added to the HTTP request where you initiated the authorization request.

The Access Token is retrieved from the Authorization Server.

To call an API endpoint with the Authorization Token

  1. From the collection that you downloaded and opened in Postman, select a request.
  2. In the Authorization section, open the TYPE menu and select OAuth2 from the list.
  3. Open the Available Tokens menu and select a saved token. The token will be added to your selected API request.

Select a previously retrieved Access Token

  1. Click Send. The request is sent to the API, and the response is retrieved and displayed in the main window.

The response retrieved from an FusionFabric.cloud API endpoint