Postman – Access token

Many modern RestAPI these days use a token based system and my preferred API tool , Postman, can handle several different ways of authenticating to gain the access token. While using Postman I started looking for a way to automatically populate my access token into my API calls, in particular in conjunction with Veeam Availability Console.

Veeam Availability Console uses the Oauth2.0 Authorisation Framework to obtain an access and refresh token.

This involves making a POST call to https://<vac-server>/token with the following text contained within the request body.


Where <username> and <password> are relevant to your environment.

When the call is made, and if the credentials are valid, then the following response is returned :-


You will then need to copy the ‘access_token‘ and paste this into any subsequent API calls you want to make against your environment.

However there is a quicker way to ensure that the access_token is automatically imported into your Postman Environment.

Using Postman to generate access token variable

With Postman you can define individual environments with their own set of variables.

From the Postman console click on the cog icon, over on the right hand side.


Now select ‘Manage Environments’

Click ‘Add’

Add the following keys/values NB access_token and refresh_token values are left blank, the upcoming script will take care of that for you.

Just remember to substitute <username> and <password> with your credentials for accessing your APIs.


Click update the close the Manage Environment window.

Now that you have defined your environment you must ensure you are running your API calls against the correct environment.

From the drop down list in the top right hand corner, select your VAC environment.

Now you will need to update your POST call to auto populate the access_token and refresh_token variables.

Select your POST call and click on ‘Body’.

Now add the following key/values.

Now click on the ‘Tests’ tab.

And enter the following :-

var data = JSON.parse(responseBody);
postman.setEnvironmnetVariable("access_token", data.access_token);
postman.setEnvironmentVariable("refresh_token", data.refresh_token);

Finally click ‘Save’.

Now if you run your POST call, the access_token will be automatically applied to your subsequent calls.

This can be verified by hovering over the variable which will show the current value.


So now all you need to do is run your POST call to gain your access/refresh tokens and you’re good to go.

Nice and easy 🙂

Leave a Reply