Using Postman to Test API Access Token Request

This is a simple example of how to create an Installed App in Marketing Cloud and using Postman to test your API call. Note that the V1 endpoint has been deprecated in August 2019 so we will be using V2 endpoints.

Background

REST API and Web Services SOAP API based on OAuth 2 exposes a much broader access to Marketing Cloud capabilities and also provides for much more comprehensive access to email functionality. Getting the access token is just one aspect for obtaining credentials for authentication for your API integration and usually required to use other API calls.

Create Installed Package

First create the Installed Package in the Setup section in Marketing Cloud. You will need Administrator and Marketing Cloud Administrator access.

Setup > Apps > Installed Packages

Component Type

In this example, we will select an API Integration as the component type. More on each of the component types below:

Add Component Type

Integration Type

Integration Type

In this example, we will use a Server-to-Server integration type. More on the different integration types below:

Server-to-Server: A type of OAuth 2.0 API integration in enhanced packages. A server-to-server integration performs tasks on behalf of the integration without an end-user context, user interaction, or user interface.

Web App: A type of OAuth 2.0 API integration in enhanced packages. A web app allows applications that can securely store a client secret to integrate with Marketing Cloud on behalf of an end user using the intersection of the app’s and the user’s permissions.

Public App: A type of OAuth 2.0 API integration in enhanced packages. A public app allows applications that can’t securely store a client secret to integrate with Marketing Cloud on behalf of an end user using the intersection of the app’s and the user’s permissions. Examples of public apps include a single-page application or a native mobile application.

Server-to-Server: A type of OAuth 2.0 API integration in enhanced packages. A server-to-server integration performs tasks on behalf of the integration without an end-user context, user interaction, or user interface.

Properties

Next you can set the Read/Write privileges. In our example, we are only retrieving the access token so we will not need any additional access.

Server-to-Server Properties

Take note of the Summary page below after you create the app. For this exercise, you’ll need:

  • Authentication Base URI
  • Client Id
  • Client Secret

Also take a look at the OAuth 2.0 API Integration Considerations when using OAuth 2.0 API integrations.

Installed App Details

Postman

Download and install Postman. If you have any questions on how to use Postman, check out their Learning Center. Some basic screenshots will be shown below as we are retrieving the access token.

First create a Request. You can save this request and refer back to it at anytime. I save a bunch of test API calls in my SFMC folder:

Save Request

Next, use the Authentication Base URI where you’ll send the request. Note the Content-Type is application/x-www-form-urlencoded

Header

The in the Body, you’ll want to include the following keys. The values for the client_id and client_secret are in the Installed App you have created above. The grant_type must be client_credentials.

  • client_id
  • client_secret
  • grant_type: client_credentials

Click send and you should get the result with the access_token and other details for authentication.

access_token

Leave a Reply

Your email address will not be published. Required fields are marked *