OrderCloud uses OAuth 2.0 for token-based authentication, which means that each API request to OrderCloud requires a valid access token. Since access tokens (and refresh tokens) have a defined expiry, the access token will need to be manually refreshed periodically when using an API Client like Postman, which is an integral part of the software development lifecycle while building solutions with OrderCloud.
This access token retrieval can be automated using Postman’s in-built pre-request script option, which allows running prerequisite scripts each time before the intended API request(s). The below script retrieves the access token and appends it to the intended API request’s header. This script needs to be placed within the Pre-request script tab of the request/collection/folder in Postman.
For this example, I have used the most common Client Credentials OAuth Workflow,
When using OrderCloud Postman Collection, the below script which follows Password Grant Type OAuth Workflow can be added to the Collection’s Pre-request Script as indicated in the below demo. Ensure to populate the collection variables(clientID_seller, admin_username, admin_password, baseApiUrl).