Release: OpenRemote Postman API Collection with fix for OAuth Authentication

OpenRemote Manager REST API.postman_collection.json.txt (1.1 MB)
If you’re having any issues, make sure to rename the file from .txt to .json

Good evening everyone,

Attached you will find a collection.json file for the OpenRemote HTTP REST API. I have setup all of the required variables and Authentication to be able to make requests simply by importing the collection. You can see how to import the collection by clicking here.

To be able to make requests to the API, you will need to first go to the variables page and fill in all of the variables you see.

After setting the variables, go to the authentication tab of the root page of the collection, and press the “Get New Access Token”. If that is successful, then you are authenticated and can go make any request you would like.

There is a bug that I’ve identified, which prohibits keycloak from sending refresh tokens for OAuth authentication when authenticating via Client Credentials (what is used for Service Users). You can check that after getting a new OAuth token and then checking if a refresh token is included in the response.

Below are the steps to fix this:

  • Create your service user
  • Go onto the Keycloak web UI as admin (or any elevated user)
  • Make sure you are in the correct realm → Clients → [Your service client username] → scroll to the bottom → OpenID Connect Compatibility Modes → Use Refresh Tokens For Client Credentials Grant → turn this to ON.

Now, whenever you want to make a request, if the access token is expired, Postman will automatically request a new access token.

Thank you to Postman for releasing openapi-to-postmanv2, which is what made this possible.

Happy API development!

3 Likes

Correction, on the OAuth authentication process, make sure to change the access token URL to {{baseLocation}}/auth/realms/{{realm}}/protocol/openid-connect/token, so that you can connect to any realm.

1 Like

Thanks so much for sharing, this was really helpful!

1 Like