Introduction
OAuth 2.0 authentication can be used to verify linked services to run Kintone API requests. For more information on Kintone's OAuth 2.0 option, refer to the How to add OAuth clients article.
This article illustrates the benefits of using the OAuth Client method for authentication and demonstrates an example of calling an API utilizing the OAuth Client method on the Postman API development platform.
Postman is a collaboration platform for API development. Users can easily call RESTful APIs and create various tests and environments. Download the app from the Download Postman app web page.
Benefits of the OAuth Client method
With the password authentication method, Kintone login credentials must be shared with the linked service. This method effectively grants the linked service all privileges held by the user. The password authentication method does not allow for granting specific privileges per service. Also, the linked service's access to Kintone is affected every time the user changes their login credentials.
However, with the OAuth Client method, the OAuth 2.0 protocol is used to grant specific privileges to the linked service. This method allows for linked services to have specified access to Kintone without sharing the user's login credentials. Maintaining the integration will be simpler since the linked service's access to Kintone will not be affected by the user changing their login credentials.
Steps to authenticate Postman using the OAuth Client method
Follow the steps below to call the Kintone Get records API with Postman using the OAuth Client method. This linked service example demonstrates how to use the OAuth Client authentication option in Kintone.
Register an OAuth Client
Follow the 7 steps listed in the Register your application to Kintone section of the How to add OAuth clients article.
During Step 4, enter the URL https://www.getpostman.com/oauth2/callback for the Redirect endpoint.
Set all the other parameters according to the How to add OAuth clients article.
Implement OAuth Authorization Framework in Postman App
Follow the steps below to execute the OAuth authentication framework from the Postman app.
- On the Authorization tab, configure the new request as follows:
- For the TYPE dropdown, select OAuth 2.0
- For the Add authorization data to dropdown, select Request Headers
- Finally, click the Get New Access Token button.
- When the popup appears, enter the following information:
- Token Name: Any name
Example: Kintone
- Grant Type: Authorization Code
- Auth URL: The URL of the OAuth authorization endpoint.
Example: https://{subdomain}.kintone.com/oauth2/authorization
- Access Token URL: The URL of the OAuth token endpoint URL
Example: https://{subdomain}.kintone.com/oauth2/token
- Client ID: The unique ID created when Postman app was registered to Kintone
Example: L.1.1a2b3c4d5f6g7h8i9j0k1l2m3n4o5p6s
- Client Secret: The client Secret created when Postman app was registered to Kintone
Example: 123456789012345678901234567890asdfghjklasdfghjklasdfghjklasdfghj
- Scope (Optional): The scope determines the level of access to grant to the Postman app.
Example: k:app_record:read
*For more Kintone OAuth Client scope options, refer to the Scope table.
- State: Set a random value in order to prevent CSRF(Cross-site request forgery).
Example: state1
After entering the information, click the Request Token button.
For more information on Authorizing requests on Postman, refer to Postman's OAuth 2.0 documentation.
- Token Name: Any name
- A Kintone authentication page will appear when the Request Token button is clicked.
Login to Kintone and approve the authorization request.
- Upon approving authorization, the Postman app will generate a token.
Postman's Token corresponds to Kintone's Access Token.
Select the newly generated Token and then click the Use Token button.
This Access Token will be set as the Token on the Authorization tab.
- Enter the Kintone REST API URL in the Request URL field. In this example, it looks like this, https://{subdomain}.kintone.com/k/v1/records.json?app={app_id} and then click Send.
The response should include the record data, as shown below:
Walkthrough Video
The video below illustrates the steps described in this tutorial to link Kintone and Postman with the OAuth Client authentication method.
Finally
This article outlines the benefits of using the OAuth Client method and the steps required to executing an API call on the Postman app authenticated with OAuth 2.0.
With the OAuth Client method, Kintone APIs can be safely executed by linked services.
For more information on OAuth 2.0 authentication protocol, refer to the OAuth 2.0 documentation.
For more information on authenticating Kintone API calls with tokens, refer to the Using API token authentication article.
For any trouble handling OAuth Client on Kintone, please post an issue in the Kintone Developer Program community.
Limitations
Access tokens acquired by Postman are valid for 10 minutes.