This article introduces how to use Postman to send API requests to Kintone using OAuth 2.0 .

Postman is a collaboration platform for API development. Users can call RESTful APIs and create various tests and environments. Download the app from the Download Postman app web page.

With the password authentication method, Kintone login credentials must be shared with the linked service. This method effectively grants the linked service all privileges held by the user. The password authentication method does not allow for granting specific privileges per service. Also, the linked service's access to Kintone is affected every time the user changes their login credentials.

With the OAuth Client method, the OAuth 2.0 protocol is used to grant specific privileges to the linked service. This method allows for linked services to have specified access to Kintone without sharing the user's login credentials. Maintaining the integration will be simpler since the linked service's access to Kintone will not be affected by the user changing their login credentials.

Create an App in Kintone with any fields inside. After activating the App, add some records inside.

Follow the 7 steps listed in the Register your application to Kintone section of the How to add OAuth clients article. On Step 4, enter the URL https://www.getpostman.com/oauth2/callback for the Redirect endpoint option. Set all the other parameters according to the How to add OAuth clients article.

On the Authorization tab, configure settings as follows:

• TYPE: OAuth 2.0
• Add authorization data to: Request Headers

After filling in the settings, click the Get New Access Token button.

Postman will display settings for getting a new access token.

Enter the following information for the Get New Access Token settings.

Field	Data to Enter	Example
Token Name	Any name	Kintone
Grant Type	Authorization Code	Authorization Code
Auth URL	The URL of the OAuth authorization endpoint	https://{subdomain}.kintone.com/oauth2/authorization
Access Token URL	The URL of the OAuth token endpoint URL	https://{subdomain}.kintone.com/oauth2/token
Client ID	The unique ID created when the Postman app was registered to Kintone	L.1.1a2b3c4d5f68i9k1l2m3n4o5p6s
Client Secret	The client Secret created when the Postman app was registered to Kintone	123456789012345678901234567890asdfghjklasdfghjklasdfghjklasdfghj
Scope	The scope determines the level of access to grant to the Postman app.	k:app_record:read
State	A random value in order to prevent CSRF(Cross-site request forgery)	state1

After entering the information above, click the Request Token button.

A Kintone authentication page appears when the Request Token button is clicked. Log in to Kintone and approve the authorization request.

Upon approving authorization, the Postman app generates a token. Postman's term "Token" corresponds to Kintone's Access Token. Select the newly generated Token and then click the Use Token button.

This Access Token is set as the Token in the Authorization settings.

Enter the Kintone REST API URL in the Request URL field. In the screenshot below, the Get Records endpoint is used. The App ID of the App created in this article is placed in the URL parameter.

• https://{subdomain}.kintone.com/k/v1/records.json?app={app_id}

Click Send to make the API Request. The response body should be displayed on Postman.

• How to add OAuth clients
• Postman's OAuth 2.0 documentation
• Walkthrough video