Obtain M2M access tokens in minutes with Postman
Learn how to use Postman to obtain a machine-to-machine access token and call Logto management API in minutes.
Background
Logto Management API is a set of APIs that gives developers full control over their Logto instance, enabling tasks such as managing users, customizing sign-in experience and managing organizations to be handled programmatically. To access these APIs, authentication via the machine-to-machine (M2M) flow is required to obtain an access token.
In our previous posts, we've introduced how to use Logto Management API in a step-by-step guide, and also showcased typical scenarios to explore its full potential.
Despite these resources, some of our users still find it challenging to get started at the very beginning - obtaining the access token. When evaluating the API or building a quick prototype, setting up a complete M2M authentication flow in your server code might seem like an unnecessary hassle. Sometimes, you just need a token quickly.
Fortunately, there is now a way to do it without writing a single line of code, using the tool that almost every developer has on their machine - Postman.
Let's go through the steps to learn how to do it in just a few minutes.
Prerequisites
- Postman: If you haven't already, download and install Postman.
- A Logto instance: Either a Logto Cloud account, or a self-hosted instance.
Create a M2M app in Logto Admin Console
Follow the steps in this tutorial to create the M2M app, and assign the built-in M2M role to it.
This role will grant the all
permission to the M2M app by default. You can always customize your M2M roles with fine-grained access control later.
Configure Postman
- Create a new request, and in the "Authentication" tab, select
Oauth 2.0
as the auth type.
-
Scroll down to the "Configure New Token" section, and fill in the following fields:
-
Token Name: A name for your token generator, e.g.,
Logto M2M Token
. -
Grant Type: Select
Client Credentials
. -
Access Token URL: The URL to obtain the access token.
You can find it in the "ENDPOINT & CREDENTIALS" section in the M2M app details page. Defaults to:
https://[tenant-id].logto.app/oidc/token
. -
Client ID: The ID of the M2M app.
-
Client Secret: The client secret of the M2M app.
-
Scope: The scope of the token. Set it to
all
if you are using the built-in M2M role.
-
-
In "Advanced" section, find "Token Request", and add the following key-value pair, ensuring it is sent in the
Request Body
- resource:
https://[tenant-id].logto.app/api
(You can find the resource URL in the "API resources" page in Logto Admin Console.)
- resource:
You're all set! Click the "Get New Access Token" button to test your configuration. If everything is set up correctly, you should see the JWT access token returned in the response.
Test your access token
- After obtaining the token, you can directly click the "Use Token" button in Postman to automatically add the token to the Authorization header of your requests.
- Now send a request to Logto Management API endpoint, e.g.,
GET https://[tenant-id].logto.app/api/applications
. You should see the response with a list of applications in your Logto instance. - You can "Refresh" your access token if it expires, without going through the entire process again.
Summary
In this tutorial, we've learned how to obtain a machine-to-machine access token using Postman with just a few copy-pastes and mouse clicks. With this token, you can now tinkering with Logto Management API without writing any code, and explore the full potential of Logto's capabilities.
If you are just starting with Logto Management API, this is a quick and easy way to get started without writing any code. We hope you find it helpful!