In order to make calls to an API, your application will provide an access token to the API resource server. You’ll use Postman, acting as the banking application, to get the access token from PingOne.

To get started, let’s walk through downloading the Postman collection and assigning values to variables used in the requests.

  1. Import a copy of the Postman collection:
    1. Click the Run in Postman button below.
    2. Click the import a copy link.
    3. If you use workspaces in Postman, select a workspace and click Import.
  2. Go to Collections, click PingOne Authorize: API Access Management Tutorials to open the collection, and then click the Variables tab.
    Screen capture of the PingOne Authorize: API Access Management Tutorials collection in Postman showing the Variables tab.
  3. If you are outside of North America, update the current value of the authUrl to use the data center closest to your geographic region.
    Variable Canada Europe Asia Pacific


  4. On the Configuration tab of your AAM Tutorial Banking Client application in PingOne, expand the General section, then copy the following values into corresponding current values on the Variables tab in Postman.

    If you need to find the AAM Tutorial Banking Client application in PingOne, go to Applications > Applications. If you have trouble copying values in PingOne, refresh the browser.

    • Client ID: The Postman variable is bankClientId.
    • Client Secret: The Postman variable is bankClientSecret.
    • Environment ID: The Postman variable is envId.
    Screen capture of banking app Configuration tab showing the Client ID, Client Secret, Environment ID, and associated copy icons.
  5. In Postman, click Save to save the current values you assigned.

    You’re ready to send a request to get an access token.

  6. In Postman, select the Get Token as Bank App request and click Send.
    Screen capture of the Get Token as Bank App request in Postman.

    The access token is in the response, and it has the banking scope.

    Screen capture of the access token response body in Postman.

    Try a request to see if your banking application has access to the Meme Game API.

  7. In Postman, select the Get all memes by user.0 request and click Send.

    You get a 200 OK response. Your banking application has access because Kong Gateway isn’t configured yet. Like most API gateways, Kong is configured initially with zero authorization rules by default.

    Not getting the right results? See Viewing API Access Management events in your PingOne environment audit log.

You’ve granted access to the banking application in PingOne, but haven’t enforced any access to resources in Kong Gateway yet.

Configure the authorization plugin for Kong Gateway.