Trustbuilder Safe-T
Trustbuilder Safe-T
Breadcrumbs

Use Trustbuilder APIs with Postman

Trustbuilder access tokens are used to authenticate requests to Trustbuilder APIs. When calling a Trustbuilder API endpoint, you need to supply a valid access token in the HTTP Authorization header. You should prefix the value with the bearer which specifies the authentication scheme used.

1. Get client credentials in Trustbuilder

From the admin portal:

  1. Go to Applications > Applications.

  2. Click on + Set up app integration.

  3. Select OAuth .

  4. Give your application a name and select Regular Web App.

    image-20250922-133850.png

  5. Click Next.

  6. Configure the following settings:

    • Subject management: leave the default value

    • API & Scopes:

      • Select Internal API and click on View.

        image-20250922-134254.png

      • Check the scopes.

    • Authentication methods: select Client Secret POST.

    • Redirect URIs: enter Postman callback URI (generally

      https://oauth.pstmn.io/v1/callback or https://oauth.pstmn.io/v1/browser-callback).

    • Policies: default value

    • Access Token: RS256

  7. Click on Submit.

  8. Copy the client secret from the pop-up.
    ⚠️ It will not be displayed again for security reasons.

  9. Click on Done.
    The main configuration is complete.

  10. In Endpoints tab, you can copy the various endpoints.

2. Get an access token in Postman

  1. Log in to Postman.

  2. Create a new collection or a new request.

  3. Go to Auth tab.

  4. Configure Authorization parameters:

    • Auth type: OAuth 2.0

    • Add auth data to: Request Headers

    • Header Prefix: Bearer

    • Token name: define a token name

    • Grant type: Authorization Code

    • Callback URL: generally

      https://oauth.pstmn.io/v1/callback or https://oauth.pstmn.io/v1/browser-callback
      ⚠️ it should match one of the Redirect URIs set in TrustBuilder.

    • Auth URL: the Authorization endpoint of your OAuth application in Trustbuilder.
      You can get it in your OAuth application in Trustbuilder > Endpoints tab.
      It looks like https://api.trustbuilder.io/api/v1/sso/oauth2/{client_id}/authorize.

    • Access Token URL: the Token endpoint of your OAuth application in Trustbuilder.
      You can get it in your OAuth application in Trustbuilder > Endpoints tab.
      It looks like https://api.trustbuilder.io/api/v1/sso/oauth2/{client_id}/token.

    • Client ID: paste the Client ID generated in TrustBuilder

    • Client Secret: paste the Client secret generated in TrustBuilder

    • Scope: insert the required scopes
      It should be a checked scope of the OAuth application in TrustBuilder, space separated users:read users:write

    • Client Authentication: select Send client credentials in body.

  5. Click on Get New Access Token.

  6. Authenticate as an admin in the pop up windows. Once authenticated, you get a confirmation.

    image-20250922-152328.png

  7. Click on Use Token to use this access token in your request.

    image-20250922-152656.png

The access token has been generated and automatically added as the current token to use.

image-20250922-153719.png

3. Make a request

For example, make a GET request to https://api.trustbuilder.io/api/v1/users to retrieve the list of users in the tenant:

  1. Select the request method GET.

    https://docs.trustbuilder.com/__attachments/4124278802/image-20231127-101339.png?inst-v=09515b48-d407-4d0a-92a2-d727c73378ac

  2. Enter the request URL https://api.trustbuilder.io/api/v1/users

    https://docs.trustbuilder.com/__attachments/4124278802/image-20231127-101542.png?inst-v=09515b48-d407-4d0a-92a2-d727c73378ac

  3. Click on Send.

The response should list the users and their attributes.

More information about Postman requests creation