This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Google Cloud
- Articles & Information
- Cloud Product Articles
- Automating Apigee SSO token generation for Postman...
Topic Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
LinkedIn
Twitter
hareeshkuttiyat
New Member
Topic Options
- Article History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
0
0
806
Making management API requests in Postman is a bit cumbersome when basic authentication is disabled in an on-premise installation. If a passcode is needed, the workflow involves first getting a passcode from Apigee SSO in a browser, getting an OAuth token with the get_token script and then setting it in Postman.
Here is a Postman script to generate SSO token in a pre-request script that can be attached to your API request or a folder or a collection. The script needs a passcode to first generate an access token, but for subsequent requests it will first try to reuse the access token (default validity is half an hour) or get a new access token with the refresh token (default validity is a day). If it cannot do that, it will get a new access token with a passcode and store that and the refresh token as environment variables for future use. If a token cannot be fetched, the script will throw an error and will not execute the API.
function getExistingOrNewToken() {
if (pm.environment.get('BEARERTOKEN') && pm.environment.get('LAST_ACCESS_TOKEN_EXPIRY')) {
console.log('Checking if previous bearer token is still valid');
if ((new Date().valueOf() / 1000) < pm.environment.get('LAST_ACCESS_TOKEN_EXPIRY') - 5) {
console.log('Token is still valid.');
} else {
console.log('Token has expired. Trying to get new token with refresh token...');
if (!pm.environment.get('REFRESHTOKEN')) {
console.log('No refresh token found. Getting new token with passcode...');
getNewTokenWithPasscode();
return;;
}
if ((new Date().valueOf() / 1000) < pm.environment.get('LAST_REFRESH_TOKEN_EXPIRY') - 5) {
console.log('Refresh token is still valid.');
const refreshTokenRequest = {
url: pm.environment.get('SSO_LOGIN_URL') + '/oauth/token',
method: 'POST',
header: {
'Authorization': 'Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0',
'Accept': 'application/json;charset=utf-8',
'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8'
},
body: {
mode: 'urlencoded',
urlencoded: [
{key: "grant_type", value: "refresh_token", disabled: false},
{key: "refresh_token", value: pm.environment.get("REFRESHTOKEN"), disabled: false}
]
}
};
console.log('Created new request: ' + refreshTokenRequest);
performRequestAndStoreTokens(refreshTokenRequest)
} else {
console.log('Previous refresh token also has expired. Getting new token...')
getNewTokenWithPasscode();
}
}
} else {
console.log('No previous token found. Getting new token...')
getNewTokenWithPasscode();
}
}
function getNewTokenWithPasscode() {
if (!pm.environment.get('PASSCODE')) {
console.error('Passcode missing')
throw new Error('PASSCODE environment variable is missing. Get a passcode from ' + pm.environment.get('SSO_LOGIN_URL') + '/passcode and set it.');
}
const tokenRequest = {
url: pm.environment.get('SSO_LOGIN_URL') + '/oauth/token',
method: 'POST',
header: {
'Authorization': 'Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0',
'Accept': 'application/json;charset=utf-8',
'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8'
},
body: {
mode: 'urlencoded',
urlencoded: [
{key: "grant_type", value: "password", disabled: false},
{key: "response_type", value: 'token', disabled: false},
{key: "passcode", value: pm.environment.get("PASSCODE"), disabled: false}
]
}
};
performRequestAndStoreTokens(tokenRequest);
}
function performRequestAndStoreTokens(tokenRequest) {
pm.sendRequest(tokenRequest, function (err, res) {
console.log(err ? err : res.json());
if (err === null) {
if (res.code == 200) {
var responseJson = res.json();
console.log("Fetched new SSO token. Setting BEARERTOKEN = " + responseJson.access_token);
pm.environment.set("BEARERTOKEN", responseJson.access_token);
pm.environment.set("LAST_ACCESS_TOKEN_EXPIRY", JSON.parse(atob(responseJson.access_token.split('.')[1])).exp)
pm.environment.set("REFRESHTOKEN", responseJson.refresh_token);
pm.environment.set("LAST_REFRESH_TOKEN_EXPIRY", JSON.parse(atob(responseJson.refresh_token.split('.')[1])).exp)
} else {
console.error("Got non-success status code " + res.code);
throw new Error(res.code + " - " + res.status + ". '" + res.json().error_description + "'. Get a new passcode from " + pm.environment.get('SSO_LOGIN_URL') + "/passcode and set as PASSCODE variable");
}
} else {
console.error(err);
throw new Error("Getting token failed due to " + err);
}
});
}
//Invoke script
getExistingOrNewToken();
Required Postman environment variables are SSO_LOGIN_URL (as in https://docs.apigee.com/api-platform/system-administration/auth-tools#install) and PASSCODE (when a new token has to be fetched).
In your API request (or folder or collection), set Authorization as Bearer Token or as OAuth 2.0 and set the token value as {{BEARERTOKEN}}. The script will set value of this variable.
Inspired by this StackOverflow answer - https://stackoverflow.com/a/55004018/10313610
Topic Labels