Get an access token with permissions for an OAuth resource server.
In order to make calls to an API, an API resource server typically requires an access token from your application. You’ll use Postman, acting as the banking application, to get the access token from PingOne.
To get started, let’s walk through downloading the Postman collection and assigning values to variables used in the requests.
Import a copy of the Postman collection:
- Click the Run in Postman button below.
- Click the import a copy link.
- If you use workspaces in Postman, select a workspace and click Import.
Go to Collections, click PingOne Authorize:
API Access Management Tutorials to open the collection, and then
click the Variables tab.
If you are outside of North America, update the current value of the
authUrl to use the data center closest to your
Variable Canada Europe Asia Pacific
On the Configuration tab of your AAM Tutorial
Banking Client application in PingOne, expand the
General section, then copy the following values into
corresponding current values on the Variables tab in
If you need to find the AAM Tutorial Banking Client application in PingOne, go to . If you have trouble copying values in PingOne, refresh the browser.
- Client ID: The Postman variable is bankClientId.
- Client Secret: The Postman variable is bankClientSecret.
- Environment ID: The Postman variable is envId.
In Postman, click Save to save the current values you
You’re ready to send a request to get an access token.
In Postman, select the Get Token as Bank App request and
The access token is in the response, and it has the banking scope.
Try a request to see if your banking application has access to the Meme Game API.
In Postman, select the Get all memes by user.0 request
and click Send.
You get a 200 OK response. Your banking application has access because Kong Gateway isn’t configured yet. Like most API gateways, Kong is configured initially with zero authorization rules by default.
Not getting the right results? See Viewing API Access Management events in your PingOne environment audit log.
You’ve granted access to the banking application in PingOne, but haven’t enforced any access to resources in Kong Gateway yet.
Configure the authorization plugin for Kong Gateway.