What is Postman?

  • A Postman is an HTTP Client Tool.
  • It is a software which lets you create/edit HTTP Requests.
  • It has capability to create multiple Collections - Ie, Group of Requests.
  • It has capability to create multiple Environments - Ability to save different environments variables with values.
  • It has capability to create multiple Workspaces - Collection, Environments, Requests can all be grouped into Workspace.

Installing Postman Salesforce APIs

Step 1: Download Postman

Step 2: Create a New Workspace

  • Create a new Workspace called Salesforce APIs
  • Choose Personal Option. If you are using Paid Product, Teams are available to share environments.

Step 3: Import Collections

  • You will be able to see all the Salesforce APIs imported in the left Nav Bar.

Step 4: Clone and Create your new Environment

  • Since we imported the JSON file, you would notice that Salesforce Template Environment is created for us.

  • Clone Salesforce Template Environment and create a new Dev Environment

Step 5: Update Variables from newly created Environment

Step 6: Authentication

  • There are many ways to Authenticate to Salesforce Environments.
  • Most popular ways are the follows:
    • SOAP Login Flow (Requires Username + Password + Security Token) [Most Easiest Way]
    • OAUTH Web Server Flow (Requires Connected App Setup + Client ID + Client Secret + Redirect URI) [Most Secure Way, Requires one-time setup]
  • My method of Choice is OAUTH Web-Server Flow. The reason are of follows:
    • It is a secure authentication mechanism compared to SOAP Login as Username and Password are not stored in Postman.
    • Ability to revoke access from Connected App and track Postman usage from Connected App Usage Page.
    • This is compatible with all Salesforce Environments where SAML SSO is enabled (Salesforce acting as a Service Provider)
      • NOTE: When Salesforce is not the Identity Provider, Passwords are not generated for Users. This forces us to use OAUTH flows for Authentication.
    • OAUTH using Connected App can be scoped based on the permissions we set in our App.
  • It consist of 6 distinct Steps.
    • A. Creating Connecte App in Salesforce Environment (One-Time Setup)
    • B. Updating Client ID, Client Secret, Redirect URI in Postman Environment Variables (One-Time Setup)
    • C. Getting Authorization Code from Salesforce using Web-Server Flow 1 [GET] (One-Time Setup)
    • D. Authenticating Postman from Browser (One-Time Setup)
    • E. Getting token from Salesforce using Web-Server Flow 2 [POST] (One-Time Setup)
    • F. Get a new Access Token using Refresh-Token Flow [POST] (Everytime when a new Access Token is required)

Step 6.A : Creating Connecte App in Salesforce Environment

  • Go to Setup –> App Manager –> Create a new Connected App
  • Name: Postman Connect App
  • Redirect URI: https://www.postman.com/oauth2/callback
  • Scope: Select Appropriate scope as required.

Step 6.B : Updating Client ID, Client Secret, Redirect URI in Postman Environment Variables

  • Updating Client ID, Client Secret, Redirect URI in Postman Environment Variables

  • NOTE: Don’t worry about other Variables for now. Once we execute our first OAUTH Step, most of the variables will be automatically populated.

Step 6.C : Getting Authorization Code from Salesforce using Web-Server Flow 1

  • Navigate to Salesforce APIs > Auth Section in Postman
  • Choose Web Server Flow 1 and click SEND.

  • You should receive a HTML response from Postman. (I can’t figure out a way to make Postman redirect directly in Browser. Hence this step is required for now)
  • Click on the Link Command + Click to open it in a new Browser Tab.

Step 6.D : Authenticating Postman from Browser

  • You will be redirected to the Browser and Salesforce will request user to “Allow Access” to “Postman Connected App”
  • Choose “Allow” and then you will be redirected to Redirect URI with code embedded as configured in Connected App.

Step 6.E : Getting token from Salesforce using Web-Server Flow 2

  • From the URL, copy the following code aPrxPT6EtEwV_A4JG28CckI6bzLaR5OOHdKdjK.RgQ7FLQpviXGA4GlN.h_GPo8CWHDXlWX18g%3D%3D
  • Replace %3D%3D with == as we are converting encoded String before pasting the code in Postman.
  • Final Code should look like aPrxPT6EtEwV_A4JG28CckI6bzLaR5OOHdKdjK.RgQ7FLQpviXGA4GlN.h_GPo8CWHDXlWX18g==

  • Paste the Code under Body of Postman code

  • Before we send Post Request, add the following line of code to Test section.
    • pm.environment.set("_refreshToken", jsonData.refresh_token);
    • Variables starting with _ are private variables and they will be automatically populated in Environment Variables when an request is executed.
    • If _refreshToken variable does not exist, please create one under Environment Variables.

  • After the Request is executed, we should be able to get the access_token, refresh_token, instance_url, id - all being autopopulated in Environment Variables for future use.

Step 6.F : Get a new Refresh Token when a new Session Id is required

  • That’s it!! If you are successful up until this step, you are good to execute any API request as Access Token is automatically stored under Environment Variables.
  • If the Access Token is expired, just execute Refresh Token Flow under Auth in Left Nav Bar.

Sample API Request using POSTMAN

Credits:

  • Developer Evangelist from Salesforce @@PhilippeOzil
  • Open Source Github Repo Link: https://github.com/forcedotcom/postman-salesforce-apis