For developers wanting to use our Authentication or Management APIs we have a pretty great experience in place with our API Explorer which allows the developers to test API calls from within their browser.

We are now extending that support to Postman, by making available a Postman collection for the Management API, and one for the Authentication API following soon.

"We are making available a Postman collection for our Authentication and Management API."

In this blog post I will walk you through this experience.

Installing the Collection

Before continuing, please ensure that you are signed into your Auth0 account

To install the collection you will need to have either the Postman Chrome App or the Postman Mac App installed.

Next, head over to our new API Landing Page, scroll down to the Management API v2 section and click on the "Run in Postman" button.

At this point Postman will prompt you whether you want to open the Collection in the Mac App or the Chrome App

Select the one you have installed. In this blog post I will open it in the Chrome App, but the experience is similar in the Mac App.

At this point Postman will do 2 things:

  1. It will install the Auth0 Management API collection
  2. It will create an environment for you based on the tenant account you are signed into Auth0 with.

The Auth0 Management API Collection is organized into folders which categorizes the various API calls according to the endpoint, so you will for example find all the Users methods under the Users folder.

If you want to execute an API call, simply browse to the API call in the Sidebar and select it. The information for the API call will appear in the Request Builder.

At this point trying to execute an API call will result in an error

The reason for this is that you will need to generate a token with the correct scopes in order to execute API calls.

Generating a token

To generate a token you can use the existing Token Builder which is part of the Management API Explorer. In the API Explorer, browse to the API call you want to make and ensure that the required scopes for that API call is selected. Copy the token which was generated.

The next step is to set the value for the token in Postman. All API calls in the Postman collection already has an Authorization Header with a Bearer Token with the value of a variable called auth0_token defined, so all you need to do is set the value for the variable in your environment.

From the enviromnents menu in Postman, select the Manage Environments option

Select the environment you want to manage

Add a variable called auth0_token with the value of the token generated by the API Explorer

Save the settings and close the environments dialog. Now you can go back to Request Builder and execute the API call:

A word about storing tokens in Postman variables

We do need to point out that storing tokens in Postman as environment variables could pose a potential security risk. If you are signed in to the Postman application it will automatically try and synchronize some entities such as Collections and Environments with the Postman servers. This means that a token, which could allow someone else to gain access to your Management API, is leaving the privacy of your computer and uploaded Postman's servers.

At also has to be said that Postman has taken measures to ensure that this information is encrypted, and indeed encourages users to store this sort of information in Environment Variables. You can read more about this on their website.

If you feel that this still poses too much of a risk for you, then you will need to sign out of Postman to ensure that environment variables are not synchronized.