27 Jun 2016

Using 3 legged OAuth for Forge API's with Postman

Default blog image

Important! Changes in the way you have to provide parameters - see 3-legged authentication with Postman

Already mentioned Postman in a previous blog post. Now I'll provide the steps to test the Autodesk Forge API's using 3 legged authentication inside Postman.

First you need to create a Forge application with the correct "Callback URL": https://www.getpostman.com/oauth2/callback
Just go to https://developer.autodesk.com/, log in with your Autodesk ID and create a new app:


Then you can select the API's you want to use and also provide information about the app. Here just make sure that you set the "Callback URL" correctly:


Now you can use the credentials of the app with Postman. Just click the "Authorization" tab and select "OAuth 2.0" as "Type" then click "Get New Access Token". 

You should use the following values:
- Token Name = You can choose anything here
- Auth URL = https://developer.api.autodesk.com/authentication/v1/authorize
- Access Token URL = https://developer.api.autodesk.com/authentication/v1/gettoken
- Client ID = Client ID of your Forge app
- Client Secret = Client Secret of your Forge app
- Scope = the list of values depend on the functionality of the Forge API's you want to use later on
- Grant Type = Authorization Code


Now you can just click "Request Token" to get a token which then will show up under the "Existing Tokens" section, and you can start using them in your requests. When you click "Use Token" then its value will be automatically added to the header of the request:


Now you can just click "Send" to test the request using the newly created access token.

That should be it :)


Related Article