ServiceAPI + Postman, a match in heaven

You may also like...

17 Responses

  1. Magnus says:

    Pst, use the Authorization-tab to setup the token-generation/binding instead.
    No need to copy paste tokens and can reuse the token on multiple nodes.

  2. Scott Reed says:

    I love postman, one thing you can do with this scenario that we do with our Azure resources is if you create an Environment from the environment config in the right side and add a variable you can then dynamically set it using

    var jsonData = JSON.parse(responseBody);
    postman.setEnvironmentVariable(“token”, jsonData.access_token);

    This will be set each time you do the call so you can not only make it easy to request and save the token but if you are using the runner feature you can automate a series of calls easily.

    • vimvq1987 says:

      Good tip!
      I usually use Postman for basic scenarios (mostly for quickly testing/verifying things), so I don’t my that manual step.

  3. David says:


    I have currently setting up the EpIServer api and trying to test it using Postman.
    My configuration is the same that you described in your article but I am getting a 400 Bad Request with the following content:

    “error”: “invalid_grant”

    Any clue ?


    • vimvq1987 says:

      Hi David
      Make sure you send data in tab body with x-www-form-urlencoded content type.

      • David says:

        Thanks for the quick reply.
        That’s what I do. My request is exactly the same your first screenshot shows.
        However in that same screenshot, it seems like you’ve set 4 values in the header of your request. The header of my request contains only 1: “Content-Type:application/x-www-form-urlencoded”.

        What are the 3 other values you set in the header of your request ?


        • vimvq1987 says:

          I don’t have the access to the environment now, but that would be the headers for grant_type, username and password, which I un-selected when moving to body.

          • David says:

            Ok Thanks.

            I have the impression that my authencication setup might be wrong.

            I am using the Quicksilver demo to which I added the EpiServer.ServiceApi.Commerce (on the Site) following the documentation linked in your post.

            I am not sure what the Startup.cs should contain to allow oAuth2 authentication. The cookie authentication is setup by default, so I added :

            app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager, ApplicationUser>();

            AND / OR (all combinations)


            To enable the Authentication on for the API, whitou success.

            Which extension method should be called to set it up properly? Did I miss something ?


  4. mclausing says:

    I came here to say the same as lot of others. I found having a reusable collection that I can copy with environment variables very useful. It’s a little bit of a learning curve, but pretty easy to use after some trial and error.

  5. MAnoj says:

    Hi, I used app.UseServiceApiIdentityTokenAuthorization(); in startup.cs, still get the error {“error”:”invalid_grant”}

  6. Daniel says:

    When I am Calling /episerverapi/token with the setup you specified above I get an error: unsupported_grant_type. I have chosen x-www-form-urlencoded and specified grant_type to password.

  7. daniel says:

    I now know why I received this error. I was not specifying https in my request, which made Postman believe my granting was problematic. Problem solved =)

  8. Daniel says:

    Now I recieve a “User is not authorized for this request instead” =/

    • vimvq1987 says:

      It sounds like you need to grant some permissions to that user. Episerverserviceapiread/write IIRC. Check permissions for functions in CMS Admin

  9. Daniel says:

    Seems the user is part of the administrator Group, which has permissions to those funcitons. What is IIRC?

  10. Daniel says:

    oh yes, you are correct. I got it to work now. I downloaded Postman as an app, and specified the key “Accept” with value “application/json” in the headers, and I got a JSON answer.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: