step 3 / 6

Get an authorization code

The authentication of CLP API calls is secured with JWT Tokens which are generated from IdentityServer. To be able to obtain this token for your requests, you need to setup your API request call client. You can find the Postman setup example as follows:


Configure your Environments in Postman as follows:

Select ‘Manage Environments’ from the upper right corner on the main window, as shown below
Postman tool screen
Add a new Environment
Postman tool screen
Enter your Environment values as shown below. Please pay attention to the URLs entered: 
In the Environments, the URLs should be formatted as
Postman tool screen
Please select the Environment you configured in the main window.

Enter {{indentity_server_url}}/connect/token as URL in the main window.


Select Authorization tab in the main window, and select ‘Basic Auth’ as Type.


Enter your Username(client_id) and Password(client_secret). Then select “Save helper data to request” checkbox as shown below:

Postman tool screen

When you click on ‘Update Request’ button, you should be able to see the “Headers” tab is filled in, as shown below:

Postman tool screen

In order not to copy the Access Token every time it is requested, you can use our custom solution:

tests["Status code is 200"] = responseCode.code === 200; var jsonData = JSON.parse(responseBody); tests["Access token isset"] = jsonData.access_token !== undefined; postman.setEnvironmentVariable("at", jsonData.access_token); Postman tool screen
This code piece will fill in the {{at}} environmental value you initially left blank, with the returning result.

Please go to the Body tab in the main window, and select the request format as x-www-form-urlencoded and insert key-value pairs as shown below:

Postman tool screen

When you click on the Send button, you will receive the following reply:

{     "access_token": "access token 
 5oA3fAtVIMGiC7wGtgDNSMMs9bO1WTNiWaiXxcXOEUZMRldzro",      "expires_in": 3600,      "token_type": "Bearer" }


access_token: used to authenticate this user in all API calls
expires_in: expiry time of the access token in seconds

Whenever the access token is expired, request for a new one from the same endpoint.