Make Kintone REST API Requests with Postman using OAuth
Overview
This article introduces how to use
Postman
to send API requests to Kintone using
OAuth 2.0
.
Postman
Postman
is a collaboration platform for API development. Users can call RESTful APIs and create various tests and environments. Download the app from the
Download Postman app
web page.
Benefits of the OAuth Client Method
Using the password authentication method
With the password authentication method, Kintone login credentials must be shared with the linked service. This method effectively grants the linked service all privileges held by the user. The password authentication method does not allow for granting specific privileges per service. Also, the linked service's access to Kintone is affected every time the user changes their login credentials.
Using the OAuth client method
With the OAuth Client method, the OAuth 2.0 protocol is used to grant specific privileges to the linked service. This method allows for linked services to have specified access to Kintone without sharing the user's login credentials. Maintaining the integration will be simpler since the linked service's access to Kintone will not be affected by the user changing their login credentials.
Comparison image
Prepare Kintone
Create an App
Create an App
in Kintone with any fields inside. After activating the App, add some records inside.
Register an OAuth Client
Follow the 7 steps listed in the Register your application to Kintone section of the How to add OAuth clients article. On Step 4, enter the URL https://www.getpostman.com/oauth2/callback for the Redirect endpoint option. Set all the other parameters according to the How to add OAuth clients article.
Prepare Postman
Configure the Authorization Settings
On the Authorization tab, configure settings as follows:
- TYPE: OAuth 2.0
- Add authorization data to: Request Headers
After filling in the settings, click the Get New Access Token button.
Postman will display settings for getting a new access token.
Configure the Get New Access Token settings
Enter the following information for the Get New Access Token settings.
| Field | Data to Enter | Example |
|---|---|---|
| Token Name | Any name | Kintone |
| Grant Type | Authorization Code | Authorization Code |
| Auth URL | The URL of the OAuth authorization endpoint | https://{subdomain}.kintone.com/oauth2/authorization |
| Access Token URL | The URL of the OAuth token endpoint URL | https://{subdomain}.kintone.com/oauth2/token |
| Client ID | The unique ID created when the Postman app was registered to Kintone | L.1.1a2b3c4d5f68i9k1l2m3n4o5p6s |
| Client Secret | The client Secret created when the Postman app was registered to Kintone | 123456789012345678901234567890asdfghjklasdfghjklasdfghjklasdfghj |
| Scope | The scope determines the level of access to grant to the Postman app. | k:app_record:read |
| State | A random value in order to prevent CSRF(Cross-site request forgery) | state1 |
After entering the information above, click the Request Token button.
Allow Postman to access Kintone
A Kintone authentication page appears when the Request Token button is clicked. Log in to Kintone and approve the authorization request.
Select to use the Access Token
Upon approving authorization, the Postman app generates a token. Postman's term "Token" corresponds to Kintone's Access Token. Select the newly generated Token and then click the Use Token button.
This Access Token is set as the Token in the Authorization settings.
Make a Kintone REST API Request from Postman
Enter the REST API parameters
Enter the Kintone REST API URL in the Request URL field. In the screenshot below, the Get Records endpoint is used. The App ID of the App created in this article is placed in the URL parameter.
- https://{subdomain}.kintone.com/k/v1/records.json?app={app_id}
Check the response
Click Send to make the API Request. The response body should be displayed on Postman.