Get Access Token Using Postman

April 21, 2023

---

 

The purpose of this tutorial is to elaborate How to get the token using Postman.

With this blog, we will cover the following point:

1. Get the Access Token.
2. Get the Refresh Token.
3. Get the Token from the Refresh Token.
4. Get the Token Expiration Time.

 

What is Postman?

Postman is one of the most popular software testing tools that we can use for create, update, delete and upsert the records and also, we can do some more other things that we want with Salesforce APIs. This is an easy way for the developers to creating, testing and document the APIs. But we have to get the access token using this tool to do all these things in salesforce.

So, let us discuss one by one with the help of the following points:

 

1. How to get Access Token

First, we have to create a connected App through the link: 

Create a connected app if you have not created it already in your Salesforce org.

Authentication:

Follows the Steps:

Open the Postman tool and select the Post method.

 

 

Use link in endpoint of Postman tool- https://login.salesforce.com/services/oauth2/token?client_id=<YOUR CLIENT ID> 

Use consumer key instead of client_id generated from your connected app.

Note: Make sure you have enabled the Allow OAuth Username-Password Flows setting in OAuth and OpenID Connect Settings from setup in your salesforce org.

In theParams tab of the request, pass the parameters:

• username: Username of your Salesforce Org.
• password: Password of your Salesforce Org.
• grant_type: write password word in the field.
• client_id: Consumer key from connected app.
• client_secret: Customer Secret from connected app.

 

 

 Hit the send button to get the access token to access your Salesforce Org in the Postman using API.

 

 

After that, you will see the access token like in the below figure: (If you still see an error invalid grant_type like this, then go to the Setting from your avatar and write reset my token in the setup box and click on reset my token. After that you will get an email for the token, copy the token and paste it after your org password value without any space.)

 

 

2. How to get Refresh Token

 To get the refresh token, our connected app should have a refresh token scope added. I have added a below screenshot of the connected app.

 

 

First, we have to get the code. So, Login to your salesforce org and enter the following URL in a new tab in your favorite browser: 

https://<YOUR_INSTANCE>.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<CONSUMER_KEY>&redirect_uri=https://login.salesforce.com/

 

Note: Please change <YOUR_INSTANCE> with your Salesforce Org instance name from company information and change <CONSUMER_KEY> with your consumer key from your Salesforce Org. Then hit the enter button.

 

 

After that you will see that Browser will redirect a new link with code, so copy this code and save in notepad. Don not worry, we will use this code at later. The code like show in picture:

 

 

Open to the Postman tool and select the Post method.

 

 

Do you know the term Instance in Salesforce?

Because we used the instance in the above URL that why we should know about instances in the salesforce org. Let us dive into this word. You must be thinking, what is an instance in salesforce? The salesforce instance refers to the server which we use to host our salesforce organization. There are many instances on the server and one instance can host many salesforce organizations at a time. When the instances host our salesforce org, this technology is known as Multi-tenancy.

 

How can you check the instance name in your Salesforce org?

Yes, you can also check the instance name in your Salesforce org by following these steps:

1. Login to your salesforce Org then click on setup from the gear icon at the top right.

 

 

2. Write company in the quick find box then selectcompany information. 

 

 

3. When you click on company information, you will see an instance name like below picture:

 

 

Set this URL in the Postman endpoint:

 

https://<YOUR_INSTANCE>.salesforce.com/services/oauth2/token?code=<CODE>&grant_type=authorization_code&client_id=<CONSUMER_KEY>&client_secret=<CONSUMER_SECRET>&redirect_uri=https://login.salesforce.com/ 

 

• Replace <YOUR_INSTANCE> with your instance name from your Salesforce Org.
• Replace <CODE> with your code we recently saved in notepad. Code is used in Server Authentication.
• Replace <CONSUMER_KEY> with your consumer key from the connected app in the Salesforce Org.
• Replace <CONSUMER_SECRET> with your consumer secret from a connected app in Salesforce Org.

 

 

Hit the send button and you will get Access Token and Refresh Token like in figure: 

 

 

3. How to get Token from Refresh Token

• Open to the Postman tool and select the Post method.

 

• Set this URL in Postman endpoint: https://login.salesforce.com/services/oauth2/token?client_id=<YOUR CLIENT ID>
• Set the parameter in the Param tab of the Post method: 
• client_id: Your Client id
• client_secret: your client secret form connected app.
• grant_type: write refresh_token word in this field.
• refresh_token:  paste your refresh token we got in the above steps.

 

 

Hit the send button and you will get Access Token from Refresh Token like in figure: 

 

 

4. How to get Token Expiration Time

This API call is used when we want to retrieve the expiration time of a token. Expiration time helps to decide when to refresh the token. In the connected app, we use the below API call for this process which was introduced by salesforce recently.

• Open to the Postman tool and select the Post method.

 

• Use this URL in endpoint of the Postman tool: https://login.salesforce.com/services/oauth2/introspect
• Set the parameter in the body of the Post method:
• client_id: Your Client id
• client_secret: your client secret form connected app.
• token: pass the access token we got recently in the above steps.
• token_type_hint: access_token

 

 

• Hit the send button and you will get Token Expiration like in the below figure:

 

 

In the above picture, we can see the exp that shows the expiration time of the token. This expiration time is in Timestamp format. If you want to check this expiration time, you can convert this expiration time with the help of Timestamp Date to Converter app.

The main purpose of the token expiration time is that we can get a refresh token again before the token expires.