Make Kintone REST API Requests with Postman using OAuth

Contents

Overview

This article introduces how to use Postman (External link) to send API requests to Kintone using OAuth 2.0 (External link).

Postman

Postman (External link) is a collaboration platform for API development. Users can call RESTful APIs and create various tests and environments. Download the app from the Download Postman app (External link) web page.

Benefits of the OAuth Client Method

Using the password authentication method

With the password authentication method, Kintone login credentials must be shared with the linked service. This method effectively grants the linked service all privileges held by the user. The password authentication method does not allow for granting specific privileges per service. Also, the linked service’s access to Kintone is affected every time the user changes their login credentials.

Using the OAuth client method

With the OAuth Client method, the OAuth 2.0 protocol is used to grant specific privileges to the linked service. This method allows for linked services to have specified access to Kintone without sharing the user’s login credentials. Maintaining the integration will be simpler since the linked service’s access to Kintone will not be affected by the user changing their login credentials.

Comparison image

Screenshot: Showing the comparison between the two methods of authentication.

Prepare Kintone

Create an App

Create an App (External link) in Kintone with any fields inside. After activating the App, add some records inside.

Register an OAuth Client

Follow the 7 steps listed in the Register your application to Kintone section of the How to add OAuth clients article. On Step 4, enter the URL https://www.getpostman.com/oauth2/callback for the Redirect endpoint option. Set all the other parameters according to the How to add OAuth clients article.

Screenshot: The Add OAuth Client settings in Kintone.

Prepare Postman

Configure the Authorization Settings

On the Authorization tab, configure settings as follows:

  • TYPE: OAuth 2.0
  • Add authorization data to: Request Headers

After filling in the settings, click the Get New Access Token button.

Screenshot: Postman on the Authorization tab.

Postman will display settings for getting a new access token.

Configure the Get New Access Token settings

Enter the following information for the Get New Access Token settings.

Field Data to Enter Example
Token Name Any name Kintone
Grant Type Authorization Code Authorization Code
Auth URL The URL of the OAuth authorization endpoint https://{subdomain}.kintone.com/oauth2/authorization
Access Token URL The URL of the OAuth token endpoint URL https://{subdomain}.kintone.com/oauth2/token
Client ID The unique ID created when the Postman app was registered to Kintone L.1.1a2b3c4d5f68i9k1l2m3n4o5p6s
Client Secret The client Secret created when the Postman app was registered to Kintone 123456789012345678901234567890asdfghjklasdfghjklasdfghjklasdfghj
Scope The scope determines the level of access to grant to the Postman app. k:app_record:read
State A random value in order to prevent CSRF(Cross-site request forgery) state1

After entering the information above, click the Request Token button.

Screenshot: The GET NEW ACCESS TOKEN settings in postman with values filled in.

Allow Postman to access Kintone

A Kintone authentication page appears when the Request Token button is clicked. Log in to Kintone and approve the authorization request.

Screenshot: Kintone's authentication page asking if the user will allow Postman to access Kintone

Select to use the Access Token

Upon approving authorization, the Postman app generates a token. Postman’s term “Token” corresponds to Kintone’s Access Token. Select the newly generated Token and then click the Use Token button.

Screenshot: Postman showing the MANAGE ACCESS TOKENS settings with Kintone's information inside.

This Access Token is set as the Token in the Authorization settings.

Screenshot: Postman with the Access Token being set in the Authorization settings.

Make a Kintone REST API Request from Postman

Enter the REST API parameters

Enter the Kintone REST API URL in the Request URL field. In the screenshot below, the Get Records endpoint is used. The App ID of the App created in this article is placed in the URL parameter.

  • https://{subdomain}.kintone.com/k/v1/records.json?app={app_id}

Check the response

Click Send to make the API Request. The response body should be displayed on Postman.

Screenshot: Postman with the response from the REST API call displayed

Reference