Call Kintone REST API with Postman using OAuth Client

Introduction

OAuth 2.0 authentication can be used to verify linked services to run Kintone API requests. For more information on Kintone's OAuth 2.0 option, refer to the How to add OAuth clients article.

This article illustrates the benefits of using the OAuth Client method for authentication and demonstrates an example of calling an API utilizing the OAuth Client method on the Postman API development platform.

Postman is a collaboration platform for API development. Users can easily call RESTful APIs and create various tests and environments. Download the app from the Download Postman app web page.

Benefits of the OAuth Client method

With the password authentication method, Kintone login credentials must be shared with the linked service. This method effectively grants the linked service all privileges held by the user. The password authentication method does not allow for granting specific privileges per service. Also, the linked service's access to Kintone is affected every time the user changes their login credentials.

However, with the OAuth Client method, the OAuth 2.0 protocol is used to grant specific privileges to the linked service. This method allows for linked services to have specified access to Kintone without sharing the user's login credentials. Maintaining the integration will be simpler since the linked service's access to Kintone will not be affected by the user changing their login credentials.

Graphic illustrating the difference between Password Authentication and OAuth Client methods as described above.

Steps to authenticate Postman using the OAuth Client method

Follow the steps below to call the Kintone Get records API with Postman using the OAuth Client method. This linked service example demonstrates how to use the OAuth Client authentication option in Kintone.

Register an OAuth Client

Follow the 7 steps listed in the Register your application to Kintone section of the How to add OAuth clients article.
During Step 4, enter the URL https://www.getpostman.com/oauth2/callback for the Redirect endpoint.
Set all the other parameters according to the How to add OAuth clients article.

Screenshot of System Administration setting's Add OAuth Client page. The Redirect Endpoint URL field is highlighted and includes the url mentioned above.

Implement OAuth Authorization Framework in Postman App

Follow the steps below to execute the OAuth authentication framework from the Postman app.

    1. On the Authorization tab, configure the new request as follows:
      • For the TYPE dropdown, select OAuth 2.0
      • For the Add authorization data to dropdown, select Request Headers
      • Finally, click the Get New Access Token button.

      Screenshot of Postman with a highlight of OAuth 2.0 and Request Headers dropdown fields and Get New Access Token button.

    2. When the popup appears, enter the following information:
      • Token Name: Any name
        Example: Kintone
      • Grant Type: Authorization Code
      • Auth URL: The URL of the OAuth authorization endpoint.
        Example: https://{subdomain}.kintone.com/oauth2/authorization
      • Access Token URL: The URL of the OAuth token endpoint URL
        Example: https://{subdomain}.kintone.com/oauth2/token
      • Client ID: The unique ID created when Postman app was registered to Kintone
        Example: L.1.1a2b3c4d5f6g7h8i9j0k1l2m3n4o5p6s
      • Client Secret: The client Secret created when Postman app was registered to Kintone
        Example: 123456789012345678901234567890asdfghjklasdfghjklasdfghjklasdfghj
      • Scope (Optional): The scope determines the level of access to grant to the Postman app.
        Example: k:app_record:read
        *For more Kintone OAuth Client scope options, refer to the Scope table.
      • State: Set a random value in order to prevent CSRF(Cross-site request forgery).
        Example: state1

      After entering the information, click the Request Token button.


      For more information on Authorizing requests on Postman, refer to Postman's OAuth 2.0 documentation.

      03.png



    3. A Kintone authentication page will appear when the Request Token button is clicked.
      Login to Kintone and approve the authorization request.

      04.png

    4. Upon approving authorization, the Postman app will generate a token.
      Postman's Token corresponds to Kintone's Access Token.
      Select the newly generated Token and then click the Use Token button.

      05.png

      This Access Token will be set as the Token on the Authorization tab.

      06.png

    5. Enter the Kintone REST API URL in the Request URL field. In this example, it looks like this, https://{subdomain}.kintone.com/k/v1/records.json?app={app_id} and then click Send.

      07.png

      The response should include the record data, as shown below:

      08.png

Walkthrough Video

The video below illustrates the steps described in this tutorial to link Kintone and Postman with the OAuth Client authentication method.

 

 

Finally

This article outlines the benefits of using the OAuth Client method and the steps required to executing an API call on the Postman app authenticated with OAuth 2.0.
With the OAuth Client method, Kintone APIs can be safely executed by linked services.

For more information on OAuth 2.0 authentication protocol, refer to the OAuth 2.0 documentation.
For more information on authenticating Kintone API calls with tokens, refer to the Using API token authentication article.
For any trouble handling OAuth Client on Kintone, please post an issue in the Kintone Developer Program community.

Limitations

Access tokens acquired by Postman are valid for 10 minutes.

Was this article helpful?
0 out of 0 found this helpful
Do you have any questions or issues related to this article?
Please share your views with us in the Community forums!