DocumentationCommunityAcademyPlatformFeedback
API Documentation
Start typing to search…

Postman Library Setup

# Setting Up Postman for API Testing

Postman is a versatile tool for testing and interacting with APIs, including the Silverfin API. It allows you to experiment with different endpoints and view responses in a user-friendly format.

You can download Postman here:\
[Postman Downloads](https://www.postman.com/downloads/)

While Postman offers a wide range of features, it is primarily used to test API calls and instantly view the responses.

## Getting Started with Silverfin's Postman Collection

Once Postman is installed, setting it up with the Silverfin API is straightforward.

[<img src="https://run.pstmn.io/button.svg" alt="Run In Postman" style={{ width: "128px", height: "32px" }}>](https://god.gw.postman.com/run-collection/3500236-c0247376-d788-4f1a-9f55-e8a423182719?action=collection%2Ffork\&source=rip_markdown\&collection-url=entityId%3D3500236-c0247376-d788-4f1a-9f55-e8a423182719%26entityType%3Dcollection%26workspaceId%3D50ca877b-eadc-4730-b097-a6f7fbf0247d)

To import the collection, simply click the button above. The library will be automatically added to your Postman workspace. Alternatively, you can create your own collection by clicking the "+" button in your Postman workspace, but we recommend using the pre-built library for convenience.

## Setting Up Authorization

To make authorized API calls, you'll need to configure authorization settings in Postman. This can be done using one of two methods:

1. **Automated Process**  
2. **Manual Process**

### Automated Process

If you imported the Postman library correctly, you should see both a collection and an environment in your Postman workspace. Select the `Silverfin Public` environment from the dropdown in the top-right corner of Postman.

The environment includes the following variables:

* `client_id`
* `secret`
* `access_token`
* `refresh_token`
* `expires_at`
* `enable_auto_refresh_access_token`
* `callback_url`
* `firm_id`

You only need to fill in the following variables manually:

* `client_id`
* `secret`
* `callback_url`
* `firm_id`

Optionally, you can toggle `enable_auto_refresh_access_token`. If set to `true`, Postman will automatically generate a new token upon expiry. The remaining variables (`access_token`, `refresh_token`, `expires_at`) will populate automatically after completing the steps below.

#### Generating an Authorization Code

1. Open a web browser and navigate to your `/authorize` URL. Replace placeholders with your specific details:

[https://live.getsilverfin.com/oauth/authorize?client\_id=`{{client_id}}`\&redirect\_uri=`{{callback_url}}`\&response\_type=code\&scope=user%3Aprofile+user%3Aemail+webhooks+administration%3Aread+administration%3Awrite+permanent_documents%3Aread+permanent_documents%3Awrite+communication%3Aread+communication%3Awrite+financials%3Aread+financials%3Awrite+financials%3Atransactions%3Aread+financials%3Atransactions%3Awrite+links+workflows%3Aread](https://live.getsilverfin.com/oauth/authorize?client_id=`{{client_id}}`\&redirect_uri=`{{callback_url}}`\&response_type=code\&scope=user%3Aprofile+user%3Aemail+webhooks+administration%3Aread+administration%3Awrite+permanent_documents%3Aread+permanent_documents%3Awrite+communication%3Aread+communication%3Awrite+financials%3Aread+financials%3Awrite+financials%3Atransactions%3Aread+financials%3Atransactions%3Awrite+links+workflows%3Aread)

Replace the scopes, with the scopes specified in your API client details.

2. Alternatively, within Postman, open the `Authorize` request in the `Authentication` folder, go to the `code` tab, and copy the generated URL. Paste it into your browser.

3. Log in to the Silverfin platform using your credentials. For SSO users, modify the URL to use your subdomain (e.g., `https://subdomain.getsilverfin.com`).

4. After logging in, you will see an `authorization_code`. Copy this code and paste it into the `Access Token` request in the `Authentication` folder.

5. Send the request in Postman to receive your `access_token` and `refresh_token`. These tokens will be automatically stored in the environment and used for subsequent API requests.

#### Using Access Tokens

Ensure that each endpoint uses the `{{access_token}}` variable for authorization:

1. Open an endpoint in Postman.
2. Navigate to the `Authorization` tab.
3. Select `OAuth2` and input the `{{access_token}}` variable.

If `enable_auto_refresh_access_token` is `false`, you must manually refresh the token using the steps described below.

### Manual Process

If you choose not to enable automatic token refreshing, follow these steps:

1. Use the `Access Token` request in the `Authentication` folder to retrieve an `access_token`. Tokens are valid for 2 hours (7200 seconds).
2. Copy the `access_token` and paste it into the `Authorization` tab for each endpoint.
3. To refresh the token after expiry, use the `Refresh Token` request:

* Input the `refresh_token` in the required field.
* Send the request to generate a new `access_token` and `refresh_token`.

Repeat this process to maintain access.

***

With this guide, you should be ready to efficiently set up and use Postman with the Silverfin API. For further assistance, please consult the [Silverfin API documentation](https://developer.silverfin.com/reference/authentication).