---
title: Grant flows collection
description: Use the OAuth 2.0 and OpenID Connect Postman collection to try out AM flows. The REST calls and their prerequisites are provided as a downloadable JSON file collection.
component: pingam
version: 8.1
page_id: pingam:am-oauth2:oauth2-grant-flow-collection
canonical_url: https://docs.pingidentity.com/pingam/8.1/am-oauth2/oauth2-grant-flow-collection.html
keywords: ["OAuth 2.0", "Endpoints", "Grant Flow", "JSON"]
page_aliases: ["oauth2-guide:oauth2-grant-flow-collection.adoc"]
---

# Grant flows collection

Use the OAuth 2.0 and OpenID Connect [Postman](https://www.postman.com/) collection to try out AM flows. The REST calls and their prerequisites are provided as a downloadable JSON file collection.

1. Download and install [Postman](https://www.postman.com/downloads).

2. Download the [OAuth 2.0 and OpenID Connect Collection](../_attachments/collections/ForgeRock_OAuth_Collection.json).

3. Import the collection in Postman:

   * Go to File > Import …​ > Upload Files.

   * Select the collection you downloaded, and click Open. Then, click Import.

4. Configure the collection's variables to suit your environment:

   * In Postman, on the Collections tab, select the OAuth 2.0 and OpenID Connect Collection. Click the `…​` button, and then on Edit.

   * Click on the Variables tab, and change at least the value of the following variables:

     * `URL_base`

     * `admin_password`

   * Click Update to save your changes.

     You are ready to start running the collection.

The collection is divided into the following folders:

* `Prerequisites`, containing REST calls to configure AM as an authorization server, and to create the clients and users required to run the collection.

* `OAuth 2.0 Flows`, containing the flows explained in [OAuth 2.0 grant flows](oauth2-implementing-flows.html).

* `OpenID Connect Flows`, containing the flows explained in [OpenID Connect grant flows](../am-oidc1/oidc-implementing-flows.html).

  The Backchannel (CIBA) grant is not included, since it requires push notifications and an additional device to work.

* `Refresh Token Flow`, containing calls explained in [Refresh tokens](oauth2-refresh-tokens.html) and [/oauth2/token/revoke](oauth2-token-revoke-endpoint.html).

* `Token Exchange Flows`, containing the token exchange flows explained in [Token exchange](token-exchange.html).