Testing APIs with Postman

Back in the old days I’d use SoapUI extensively for testing soap based connections. With M3CE we now work leverage the ION APIs which are REST based so nowadays I use Postman for my testing. As I tend to work many different tenants on a fairly regular basis I set up my Postman tenant in a specific way.

This post runs through how I have Postman set up and also shows how we can set up Postman to retrieve the OAuth2 bearer token automatically when we call our API. Please note that if you are planning on calling the APIs a lot, then you should cache the bearer token and handle the expiry. We should really expire the bearer token once we are finished but I haven’t looked at whether we can do that with Postman.

Create an Authorised Application in the ION APIs

We need to set up a backend authorised application for usage.

Navigate to the ION APIs -> Authorised Apps and click on the + to add a new Authorised App

Provide a Name and description, select Backend Service

Download the .ionapi file by clicking on Download Credentials

Select Create Service Account and select a service account with an account with the appropriate rights and then click on Download

Set up an Environment

I set up an environment for each of the tenants that I plan to access. This way I can test the same APIs across multiple tenants which is often what I end up doing. Each environment will have the values from the .ionapi plugged in to it. We will use these values in a script to retrieve our bearer token

Launch Postman

Click on Manage Environment

Select Add

I normally name the environment the tenant that I am setting up. Then set up the various variables that we will use and then populate them from the .ionapi file

Variable ION API File Value
Tenant ti
tokenUrl pu + ot
clientId ci
clientSecret cs
userName saak (if you don’t have this field you probably didn’t download the ionapi with a service account)
passWord sask (if you don’t have this field you probably didn’t download the ionapi with a service account)

Click on Add and you should be taken back to your Manage Environments window

Determine the Call Method and the API URL you want to call

In M3, navigate to the Infor ION API -> Available APIs -> <Suite eg. Infor M3>

Find the API you are after. In the instance of M3, typically you should be using the v2 APIs (they are more efficient) and select the documentation icon

Search for the specific API you want to call, I’m interested in the general APIs, click on the Documentation

I’m going to test the GetCurrentUser, the method is GET

Click on it to expand

Click on Try it Out

Click on Execute

We are interested in the Request URL ā€“ we can use this in Postman

Set up an API call

Now we can test an API call

Change your Environment to the environment you just set up

Click on the +

For many of the M3 requests, they are using the GET message, so we can leave it as is. You can check this by locating the API in ION API -> Available APIs -> <Suite eg. Infor M3> as noted in the previous section. Paste the Request URL in to Postman

Change the Authorization to OAuth 2.0 and set the Access Token so it has a variable of {{accessToken}}

Select the Pre-request Script and we want to paste the following code. This will retrieve the values from our Environment set up, retrieve an OAuth2 token and then populate our {{accessToken}} variable with the bearer token. I don’t recall where I got this script from so can’t give credit

And the script

** Postman as of the date of this writing does not support auto-refreshing of Oauth-2 tokens.
** This is an exmaple on how in one can refresh their Oauth-2 tokens just using the pre-request scripts.
** Pre-requisites: You need to have a refresh token. You can use the Postman app to get one.

// Set all these variables in an environment or at collection level
let tokenUrl = pm.variables.get('tokenUrl'),
clientId = pm.variables.get('clientId'),
clientSecret = pm.variables.get('clientSecret'),
refreshToken = pm.variables.get('refreshToken'),
userName = pm.variables.get('userName'),
passWord = pm.variables.get('passWord')

requestOptions = {
method: 'POST',
url: tokenUrl,
headers: {'content-type': 'application/json'},
body: {
mode: 'urlencoded',
urlencoded: [
key: 'grant_type',
value: 'password'
key: 'client_id',
value: clientId
key: 'client_secret',
value: clientSecret
key: "username",
value: userName
key: "password",
value: passWord

console.log({ requestOptions });

pm.sendRequest(requestOptions, (err, response) => {
let jsonResponse = response.json(),
newAccessToken = jsonResponse.access_token;

console.log({ err, jsonResponse, newAccessToken })

// If you want to persist the token
pm.environment.set('accessToken', newAccessToken);

// Or if you just want to use this in the current request and then discard it
pm.variables.set('accessToken', newAccessToken);

Now we can click on the Send button to test our API and we should get a response back, hopefully with some expected data

The nice thing here is that if we have multiple tenants, we can just select the Environments to change to a new tenant, hit Send and we will issue the same query against that new tenant.

This entry was posted in IONAPI, M3CE, Misc. Bookmark the permalink.

2 Responses to Testing APIs with Postman

  1. Hi, Nice post šŸ‘.
    I would not use the pre-requests on all calls though. I usually have a call that is just a separate all and if Iā€™m testing APIs I just run that one call once and then it will set the token as a variable. But I can use that token for at least an hour or so. Which means I can just use it until I get a token error, then I call it again.

    With this approach you get a new token each time.

    • potatoit says:

      Thanks Karin.

      Yeah, very true, I really shouldn’t be retrieving a new token each time.
      Ideally I’d like to record the date/time when the token is retrieved and refresh the token after a while. I’ve been a little too lazy as I usually I find that I’ll only call the API a few times šŸ™‚

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s