Setting Up Postman for API Testing

Postman is a versatile tool for testing and interacting with APIs, including the Silverfin API. It allows you to experiment with different endpoints and view responses in a user-friendly format.

You can download Postman here: Postman Downloads

While Postman offers a wide range of features, it is primarily used to test API calls and instantly view the responses.

Getting Started with Silverfin's Postman Collection

Once Postman is installed, setting it up with the Silverfin API is straightforward.

To import the collection, simply click the button above. The library will be automatically added to your Postman workspace. Alternatively, you can create your own collection by clicking the "+" button in your Postman workspace, but we recommend using the pre-built library for convenience.

Setting Up Authorization

To make authorized API calls, you'll need to configure authorization settings in Postman. This can be done using one of two methods:

Automated Process
Manual Process

Automated Process

If you imported the Postman library correctly, you should see both a collection and an environment in your Postman workspace. Select the Silverfin Public environment from the dropdown in the top-right corner of Postman.

The environment includes the following variables:

client_id
secret
access_token
refresh_token
expires_at
enable_auto_refresh_access_token
callback_url
firm_id

You only need to fill in the following variables manually:

client_id
secret
callback_url
firm_id

Optionally, you can toggle enable_auto_refresh_access_token. If set to true, Postman will automatically generate a new token upon expiry. The remaining variables (access_token, refresh_token, expires_at) will populate automatically after completing the steps below.

Generating an Authorization Code

Open a web browser and navigate to your /authorize URL. Replace placeholders with your specific details:

https://live.getsilverfin.com/oauth/authorize?client_id=`{{client_id}}`&redirect_uri=`{{callback_url}}`&response_type=code&scope=user%3Aprofile+user%3Aemail+webhooks+administration%3Aread+administration%3Awrite+permanent_documents%3Aread+permanent_documents%3Awrite+communication%3Aread+communication%3Awrite+financials%3Aread+financials%3Awrite+financials%3Atransactions%3Aread+financials%3Atransactions%3Awrite+links+workflows%3Aread

Replace the scopes, with the scopes specified in your API client details.

Alternatively, within Postman, open the Authorize request in the Authentication folder, go to the code tab, and copy the generated URL. Paste it into your browser.
Log in to the Silverfin platform using your credentials. For SSO users, modify the URL to use your subdomain (e.g., https://subdomain.getsilverfin.com).
After logging in, you will see an authorization_code. Copy this code and paste it into the Access Token request in the Authentication folder.
Send the request in Postman to receive your access_token and refresh_token. These tokens will be automatically stored in the environment and used for subsequent API requests.

Using Access Tokens

Ensure that each endpoint uses the {{access_token}} variable for authorization:

Open an endpoint in Postman.
Navigate to the Authorization tab.
Select OAuth2 and input the {{access_token}} variable.

If enable_auto_refresh_access_token is false, you must manually refresh the token using the steps described below.

Manual Process

If you choose not to enable automatic token refreshing, follow these steps:

Use the Access Token request in the Authentication folder to retrieve an access_token. Tokens are valid for 2 hours (7200 seconds).
Copy the access_token and paste it into the Authorization tab for each endpoint.
To refresh the token after expiry, use the Refresh Token request:

Input the refresh_token in the required field.
Send the request to generate a new access_token and refresh_token.

Repeat this process to maintain access.

With this guide, you should be ready to efficiently set up and use Postman with the Silverfin API. For further assistance, please consult the Silverfin API documentation.