How to use Authorization Code Flow with PKCE with Vantage Public API Client in Postman

Question

How to use Authorization Code Flow with PKCE with Vantage Public API Client in Postman?

 

Answer

Use an existing Postman collection (folder) or import the ready-to-use Vantage Public API Postman collection (Vantage Public API.postman_collection.json) for the below process.

  1. On the Configuration > Public API Client page on Vantage Portal make sure that Authorization Code Flow with PKCE is enabled in the OAuth 2.0 Flows Settings for a client (token refresh is optional but may be enabled as well for ease of use and quick access token refresh in Postman). Add the "https://app.getpostman.com/oauth2/callback" to the list of Authorized Redirect URLs list.
  2. Set the Variables for the Postman collection (folder):
    - baseUrl - https://vantage-{region}.abbyy.com, the region depends on the Vantage instance location where the was created: us, eu, or au;
    - apiUri - /api/publicapi/v1, doesn't need to be changed;
    - clientId - the application identifier (can be copied from the Public API Client page from step 1);
    - clientSecret - secure application key (can be created on the Public API Client page from step 1);
    - scope - specifies the permission scope, to get a refresh token, it is required to add offline_access to the scope.
  3. Navigate to the Authorization tab of the Vantage Public API - Code Flow auth folder or Postman working folder where the requests will be created and set the settings as shown in the two below screenshots.
    The Callback URL field value is "https://app.getpostman.com/oauth2/callback".

    The Refresh Token URL field is optional if there is no need for the token refresh.
  4. Use the Get New Access Token button at the bottom of the page, which will open the following window, where the Vantage credentials or SSO should be used to sign in.

  5. After sign-in is completed the window will close and the token manager window will be opened showing the access token, its details, and optionally the refresh token. Click Use Token to select the generated token to be used for the current collection (folder).
  6. Navigate to the Auth tab of the List all available skills request inside the Skills folder and make sure the Inherit auth from parent authentication option is selected to inherit the generated access token from the collection (folder). Send the request to test the configuration. If the "200 OK" response is returned, the authorization was set up correctly.
  7. If the refresh token was set up, the Authorization tab of the Vantage Public API - Code Flow auth folder or your Postman working folder will have the Refresh option to refresh the token on demand and Auto-refresh token toggle for it to be refreshed on expiration.

Additional infomation

Authorization Code Flow (vantage-us.abbyy.com)

Authorization Code Flow (vantage-eu.abbyy.com)

Authorization Code Flow (vantage-au.abbyy.com)

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.