We recommend downloading, installing, and using Postman to test API requests and verify responses.
Set up Postman using OpenID Connect
To use the Implicit grant type with your requests in Postman, you need to grant access to a multi-tenant app in Azure AD to use CDF with Postman. To grant access, you need to be an Azure AD tenant administrator.
Follow the steps in How to register Cognite API to register the app.
When you have registered the app, you will be able to sign in with your Azure AD credentials.
Step 1: Import your Postman collection
In Postman, select Import > Link and enter the URL to import your latest API V1 Postman collection:
Select Continue > Import to import the collection.
Step 2: Set up environment variables
To create a new environment, navigate to Environments on the left sidebar. Click + Create new Environment and give it a name.
Add the variables:
tenant-id: This is your Directory (tenant) ID. To find the tenant ID, go to your Azure Active Directory. You can find your Tenant ID on the Overview page.NOTE
We recommend that you work with the current value of a variable to prevent sharing sensitive and confidential information with your team.
token: Using OAuth 2.0, we will generate a new token. It will populate automatically, so you will leave it blank as an environment variable.
baseURL: You can find your baseURL from the CDF project. Navigate to your CDF project. Under Manage & Configure > Manage access, select Open ID connect tab. The URL in the audience field is the baseURL.
project: This is your CDF project name.
Step 3: Update authorization
To update the authorization, navigate to the Authorization tab in the collection overview.
Select OAuth 2.0 as Type and Request Headers as Add auth data.
Select Configure New Token and specify these configuration options:
Enter a Token Name.
Select the Grant Type as Implicit.
Input the Callback URL as
If you don't select the checkbox Authorise using browser, you can input the Callback URL. Otherwise, the Callback URL gets auto-populated on selection. You will be redirected to the Callback URL once your application is authorized.
Enter the Auth URL as
https://login.microsoftonline.com/$tenant-id/oauth2/v2.0/authorize. Replace the tenant-id obtained from the previous step.
Input the Client ID as
The Scope is
$baseUrl/$scope, where $baseUrl is as above in 2.2, and $scope is
user_impersonationgrants all permissions to the user assigned to access the API. The
DATA.VIEWscope grants read-only access to data in CDF, for example, to view files, time series, RAW, and other CDF resources. To know more about CDF's scopes, see the different Access token scopes.tip
While using a scope for the first time, the admin has to define the scope explicitly. The admin must then consent to use this scope for the authorization process.
Select Client Authentication as Send as Basic Auth header.
Select Get New Access Token > Proceed > Use Token.
You are now ready to use Postman with OIDC as the authentication method.