Postman API Calls

Hey everyone, I can’t find any references regarding using postman to “test” the endpoints on my dev server. I’m looking for the following:

  • https://{{url}}/api/v1/accounts/verify_credentials
  • https://{{url}}/api/v1/apps/verify_credentials

In both cases, the api is looking for user authentication. When I run the auth endpoint: https://{{url}}/oauth/authorize?client_id=wiO6OHaFljwy38PunZ-9-2n2M-LJu33QrcYfv5T3MQE&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code
I’m getting the login page for our mastodon instance.

when I cut/paste this into a browser. I get a page that has authorize/deny. Doesn’t do me any good if I don’t know where to submit

What I probably need to know is what is the authorize button doing: what api is being called.

Hey Kyle! I’m not sure I understand your question. The authorize button does not call an API. It takes your existing login session and turns it into a API token that you can use. That’s how oAuth works. The reason that it works in your browser but not in postman is because you’re logged in to mastodon in your browser, but not in postman. You can’t do this from the API because the user needs to consent to giving your API application the permissions you’ve requested.

These docs should explain how to configure your Postman app to use oAuth 2 in development: https://learning.postman.com/docs/sending-requests/authorization/#oauth-20. Let me know if you get stuck or have any questions!

Hey Nightpool, thank you! that got me over the hump. For others using postman, do the following:
When you create an app, you’ll get the client key and client secret. You’ll need those

  • Set access token to available Tokens
  • put your client key in the next field
  • set the header prefix to bearer
    Next you’ll need to “configure New Token”
  • Name the token… I used “AuthToken”
  • Set Grant type to “implicit”
  • Check Authorize using Browser
  • set the Auth url to "https://{{your instance}}/oath/authorize
  • set the client id to the client key
  • Set the scope. I used read:accounts
  • Set Client authentication to “Send client credentials in body”

Make sure your endpoint is properly defined and click send.
That should do it