English
  • m2m
  • machine-to-machine
  • access-token
  • postman
  • management-api
  • api-key
  • api-token
  • oauth2

Obtain M2M access tokens in minutes with Postman

Learn how to use Postman to obtain a machine-to-machine access token and call Logto management API in minutes.

Charles
Charles
Developer

Background

Logto Management API is a set of APIs that gives developers full control over their Logto instance, enabling tasks such as managing users, customizing sign-in experience and managing organizations to be handled programmatically. To access these APIs, authentication via the machine-to-machine (M2M) flow is required to obtain an access token.

In our previous posts, we've introduced how to use Logto Management API in a step-by-step guide, and also showcased typical scenarios to explore its full potential.

Despite these resources, some of our users still find it challenging to get started at the very beginning - obtaining the access token. When evaluating the API or building a quick prototype, setting up a complete M2M authentication flow in your server code might seem like an unnecessary hassle. Sometimes, you just need a token quickly.

Fortunately, there is now a way to do it without writing a single line of code, using the tool that almost every developer has on their machine - Postman.

Let's go through the steps to learn how to do it in just a few minutes.

Prerequisites

  • Postman: If you haven't already, download and install Postman.
  • A Logto instance: Either a Logto Cloud account, or a self-hosted instance.

Create a M2M app in Logto Admin Console

Follow the steps in this tutorial to create the M2M app, and assign the built-in M2M role to it.

Create machine-to-machine application

This role will grant the all permission to the M2M app by default. You can always customize your M2M roles with fine-grained access control later.

Configure Postman

  1. Create a new request, and in the "Authentication" tab, select Oauth 2.0 as the auth type.
Postman auth type
  1. Scroll down to the "Configure New Token" section, and fill in the following fields:

    • Token Name: A name for your token generator, e.g., Logto M2M Token.

    • Grant Type: Select Client Credentials.

    • Access Token URL: The URL to obtain the access token.

      You can find it in the "ENDPOINT & CREDENTIALS" section in the M2M app details page. Defaults to: https://[tenant-id].logto.app/oidc/token.

    • Client ID: The ID of the M2M app.

    • Client Secret: The client secret of the M2M app.

    • Scope: The scope of the token. Set it to all if you are using the built-in M2M role.

  2. In "Advanced" section, find "Token Request", and add the following key-value pair, ensuring it is sent in the Request Body

    • resource: https://[tenant-id].logto.app/api (You can find the resource URL in the "API resources" page in Logto Admin Console.)
Advanced settings

You're all set! Click the "Get New Access Token" button to test your configuration. If everything is set up correctly, you should see the JWT access token returned in the response.

JWT token response

Test your access token

  1. After obtaining the token, you can directly click the "Use Token" button in Postman to automatically add the token to the Authorization header of your requests.
Use M2M token
  1. Now send a request to Logto Management API endpoint, e.g., GET https://[tenant-id].logto.app/api/applications. You should see the response with a list of applications in your Logto instance.
  2. You can "Refresh" your access token if it expires, without going through the entire process again.

Summary

In this tutorial, we've learned how to obtain a machine-to-machine access token using Postman with just a few copy-pastes and mouse clicks. With this token, you can now tinkering with Logto Management API without writing any code, and explore the full potential of Logto's capabilities.

If you are just starting with Logto Management API, this is a quick and easy way to get started without writing any code. We hope you find it helpful!