ASP.NET Core Web API Using your API
In order to make calls to your API, you will need to obtain an
access_token can be obtained in a number of ways, depending on the type of application you are building. These are referred to as authorization grant flows, and you can refer to the API Authorization section for more information of the types of flows and to determine which one is most appropriate for your client application.
Once you have obtained an
access_token you can pass that along in the
Authorization header of requests to your API as a Bearer token.
Here is a sample RAW request:
GET /api/ping/secure HTTP/1.1 Host: localhost:5000 Authorization: Bearer <your access_token>
Or using RestSharp:
var client = new RestClient("http://localhost:5000/api/ping/secure"); var request = new RestRequest(Method.GET); request.AddHeader("authorization", "Bearer <your access_token>"); IRestResponse response = client.Execute(request);
Testing your API in Postman
During development, you may want to test your API with Postman. If you make a request to the
/ping/secure endpoint you will notice that the API returns an HTTP status code 401 (Unauthorized):
As mentioned, you will need to pass along an
access_token in the HTTP Authorization header. A quick and easy way to obtain an
access_token for test purposes is from the Test tab of your API settings:
You can then use the
access_token and pass it along in the Authorization header as a Bearer token:
To test the endpoints which require a
scope, pass an
access_token containing the correct
scope as a Bearer token in the Authorization header.
If the required
scope is present, the API call will succeed:
If the required
scope is not present, an HTTP Status 403 (Forbidden) will be returned:
- If your experience problems with your API, please refer to the Troubleshooting section.