What is Postman?
- A Postman is an HTTP Client Tool.
- It is a software which lets you create/edit HTTP Requests.
- It has capability to create multiple Collections - Ie, Group of Requests.
- It has capability to create multiple Environments - Ability to save different environments variables with values.
- It has capability to create multiple Workspaces - Collection, Environments, Requests can all be grouped into Workspace.
Installing Postman Salesforce APIs
Step 1: Download Postman
Step 2: Create a New Workspace
- Create a new Workspace called
PersonalOption. If you are using Paid Product,
Teamsare available to share environments.
Step 3: Import Collections
You can download Salesforce API Collection JSON File here: Salesforce API Collection
Drag and drop this JSON file here.
- You will be able to see all the Salesforce APIs imported in the left Nav Bar.
- You can learn more about Salesforce API collection from this Github Repository: Postman Salesforce APIs
Step 4: Clone and Create your new Environment
- Since we imported the JSON file, you would notice that
Salesforce Template Environmentis created for us.
Salesforce Template Environmentand create a new
Step 5: Update Variables from newly created Environment
Step 6: Authentication
- There are many ways to Authenticate to Salesforce Environments.
- Most popular ways are the follows:
- SOAP Login Flow (Requires Username + Password + Security Token) [Most Easiest Way]
- OAUTH Web Server Flow (Requires Connected App Setup + Client ID + Client Secret + Redirect URI) [Most Secure Way, Requires one-time setup]
- My method of Choice is
OAUTH Web-Server Flow. The reason are of follows:
- It is a secure authentication mechanism compared to SOAP Login as Username and Password are not stored in Postman.
- Ability to revoke access from Connected App and track Postman usage from Connected App Usage Page.
- This is compatible with all Salesforce Environments where SAML SSO is enabled (Salesforce acting as a Service Provider)
- NOTE: When Salesforce is not the Identity Provider, Passwords are not generated for Users. This forces us to use OAUTH flows for Authentication.
- OAUTH using Connected App can be scoped based on the permissions we set in our App.
- It consist of 6 distinct Steps.
- A. Creating Connecte App in Salesforce Environment (One-Time Setup)
- B. Updating Client ID, Client Secret, Redirect URI in Postman Environment Variables (One-Time Setup)
- C. Getting Authorization Code from Salesforce using Web-Server Flow 1 [GET] (One-Time Setup)
- D. Authenticating Postman from Browser (One-Time Setup)
- E. Getting token from Salesforce using Web-Server Flow 2 [POST] (One-Time Setup)
- F. Get a new Access Token using Refresh-Token Flow [POST] (Everytime when a new Access Token is required)
Step 6.A : Creating Connecte App in Salesforce Environment
- Go to Setup –> App Manager –> Create a new Connected App
Postman Connect App
- Redirect URI:
- Scope: Select Appropriate scope as required.
Step 6.B : Updating Client ID, Client Secret, Redirect URI in Postman Environment Variables
- Updating Client ID, Client Secret, Redirect URI in Postman Environment Variables
- NOTE: Don’t worry about other Variables for now. Once we execute our first OAUTH Step, most of the variables will be automatically populated.
Step 6.C : Getting Authorization Code from Salesforce using Web-Server Flow 1
- Navigate to Salesforce APIs > Auth Section in Postman
Web Server Flow 1and click SEND.
- You should receive a HTML response from Postman. (I can’t figure out a way to make Postman redirect directly in Browser. Hence this step is required for now)
- Click on the Link
Command + Clickto open it in a new Browser Tab.
Step 6.D : Authenticating Postman from Browser
- You will be redirected to the Browser and Salesforce will request user to “Allow Access” to “Postman Connected App”
- Choose “Allow” and then you will be redirected to
Redirect URIwith code embedded as configured in Connected App.
Step 6.E : Getting token from Salesforce using Web-Server Flow 2
- From the URL, copy the following code
==as we are converting encoded String before pasting the code in Postman.
- Final Code should look like
- Paste the Code under Body of Postman
- Before we send Post Request, add the following line of code to
- Variables starting with
_are private variables and they will be automatically populated in Environment Variables when an request is executed.
_refreshTokenvariable does not exist, please create one under Environment Variables.
- After the Request is executed, we should be able to get the
id- all being autopopulated in Environment Variables for future use.
Step 6.F : Get a new Refresh Token when a new Session Id is required
- That’s it!! If you are successful up until this step, you are good to execute any API request as
Access Tokenis automatically stored under Environment Variables.
- If the
Access Tokenis expired, just execute
Refresh Token Flowunder Auth in Left Nav Bar.
Sample API Request using POSTMAN
- Developer Evangelist from Salesforce @@PhilippeOzil
- Open Source Github Repo Link: https://github.com/forcedotcom/postman-salesforce-apis