Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 8 Next »

This guide provides step-by-step instructions on utilizing <client_id> and <client_secret> for secure authentication, ensuring the confidentiality of sensitive credentials.

Please when using Postman, exercise caution when entering your client ID and client secret. Make sure to clear any sensitive information from the request history or environment variables in Postman after use. Additionally, consider using Postman's built-in authorization mechanisms, such as the "Basic Auth" feature, and securely manage your Postman environment settings to prevent accidental exposure of your credentials.

Postman guide:

to make HTTP request to get access token by postman, please follow these steps:

  1. Open Postman and create a new request by clicking on the "New" button in the top-left corner.

  2. Select the HTTP method as "POST" from the dropdown menu next to the URL input field.

  3. Go to the "Authorization" tab, from the "Type" dropdown menu, select "Basic Auth" since you are using the client ID and client secret for authentication..

  4. In the "Username" field, enter your client ID, In the "Password" field, enter your client secret.

    • Key: username, Value: <your_client_id>

    • Key: password, Value: <your_client_secret>

  5. Go to the "Body" tab and select "x-www-form-urlencoded" as the data format.

  6. Add the following key-value pair in the body:

    • Key: grant_type, Value: client_credentials

    • Key: client_id, Value: <your_client_id>

  7. Click the "Send" button to make the request.

  8. Postman will display the response, including the access token.

Please be cautious and ensure the confidentiality of your client ID and client secret. Treat these credentials as sensitive information and avoid sharing them publicly or storing them in insecure locations. If possible, consider using environment variables or secure storage mechanisms to store and retrieve these credentials securely.

Python code:

Javascript code:

PHP code:

Handling Access Token Expiration in the Client Application

Regarding access token management, it's important to be aware that the access token comes with a limited lifespan and will eventually expire. To ensure uninterrupted access, your client application must proactively handle the expiration of the access token. This can be achieved by implementing a robust mechanism that automatically obtains a new access token when the current one nears expiration

Python code:

Javascript code:

PHP code:

  • No labels