Postman Authorization Use Cases ============================================================================= In this article, you will learn how to use the postman to start dealing with |coreapi|_. To be able to use postman to issue requests to any API that is being authorized by |cognito| authorizer we need to send an |auth| header with a value of a valid |accesstoken|. Generating id token through Postman ----------------------------------------------------------------------------- 1. From Postman create new dummy API and set authorization to be oauth2, and set the Header Prefix to Bearer. .. image:: /_static/auth_type.png 2. Fill the info in the rest of the page as the following table. .. image:: /_static/authorization_api_1.png DEV Environment Configurations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +-------------------+---------------------------------------------------------------------------+ | Field | Value | | | | +===================+===========================================================================+ | Grant Type | Authorization Code | +-------------------+---------------------------------------------------------------------------+ | Callback URL | http://localhost | +-------------------+---------------------------------------------------------------------------+ | Auth URL | https://envase-dev.auth.us-east-1.amazoncognito.com/oauth2/authorize | +-------------------+---------------------------------------------------------------------------+ | Access Token URL | https://envase-dev.auth.us-east-1.amazoncognito.com/oauth2/token | +-------------------+---------------------------------------------------------------------------+ | Client ID | issued-client-id | +-------------------+---------------------------------------------------------------------------+ | Client Secret | issued-client-secret | +-------------------+---------------------------------------------------------------------------+ | Scope | | +-------------------+---------------------------------------------------------------------------+ | State | test | +-------------------+---------------------------------------------------------------------------+ STG Environment Configurations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +-------------------+---------------------------------------------------------------------------+ | Field | Value | | | | +===================+===========================================================================+ | Grant Type | Authorization Code | +-------------------+---------------------------------------------------------------------------+ | Callback URL | http://localhost | +-------------------+---------------------------------------------------------------------------+ | Auth URL | https://envase-stg.auth.us-east-1.amazoncognito.com/oauth2/authorize | +-------------------+---------------------------------------------------------------------------+ | Access Token URL | https://envase-stg.auth.us-east-1.amazoncognito.com/oauth2/token | +-------------------+---------------------------------------------------------------------------+ | Client ID | issued-client-id | +-------------------+---------------------------------------------------------------------------+ | Client Secret | issued-client-secret | +-------------------+---------------------------------------------------------------------------+ | Scope | | +-------------------+---------------------------------------------------------------------------+ | State | test | +-------------------+---------------------------------------------------------------------------+ PRD Environment Configurations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +-------------------+---------------------------------------------------------------------------+ | Field | Value | | | | +===================+===========================================================================+ | Grant Type | Authorization Code | +-------------------+---------------------------------------------------------------------------+ | Callback URL | http://localhost | +-------------------+---------------------------------------------------------------------------+ | Auth URL | https://envase.auth.us-east-1.amazoncognito.com/oauth2/authorize | +-------------------+---------------------------------------------------------------------------+ | Access Token URL | https://envase.auth.us-east-1.amazoncognito.com/oauth2/token | +-------------------+---------------------------------------------------------------------------+ | Client ID | issued-client-id | +-------------------+---------------------------------------------------------------------------+ | Client Secret | issued-client-secret | +-------------------+---------------------------------------------------------------------------+ | Scope | | +-------------------+---------------------------------------------------------------------------+ | State | test | +-------------------+---------------------------------------------------------------------------+ .. image:: /_static/authorization_api_2.png 3. Click on |gnat| button will open a new sign in window for username and password. You should use the user name and password provided for your user account. .. image:: /_static/postman_signin.png 4. After signing in you will get the token details, copy the |accesstoken| to be used in authorization header of any other postman calls that will need |cognito| |accesstoken|. .. image:: /_static/id_token.png 5. In your actual API call add a new header called '|auth|' with the value of the |accesstoken| that you have copied from the previous step and don't forget to add the |apikey| also if needed. +-------------------+---------------------------------------+-------------------------------------------+ | Environment | Base URL | API KEY | | | | | +===================+=======================================+===========================================+ | DEV | https://core-dev.envaseconnect.cloud | issued-api-key | +-------------------+---------------------------------------+-------------------------------------------+ | STG | https://core-stg.envaseconnect.cloud | issued-api-key | +-------------------+---------------------------------------+-------------------------------------------+ | PRD | https://core.envaseconnect.cloud | issued-api-key | +-------------------+---------------------------------------+-------------------------------------------+ .. image:: /_static/authorization_header.png