Real noob question: how to get a bearer token?

I don’t know how to get the bearer token… I’m starting today to learn about APIs. I wanted to test the free banking APIs at, and tried following the guide over there.
I have setup a collection and an API here in Postman. Then following the guide I chose Bearer token in Postman as authorization type, but now, I have to put the token value in the Token box, and… I don’t know how to get it.
At nordigen, they say to "Under Authorization, change the authorization value from true to Bearer YOUR_TOKEN"

And they indicate that, to get the token, I should
“get your user secret from [Nordigen’s Open Banking Portal] in section User Secrets.”
This I have done correctly (I think).
Afterwards I should “Use those secrets to create an access token (referenced as ACCESS_TOKEN in the following steps).”
They indicate to run this code:

curl -X POST "" 
-H  "accept: application/json" 
-H  "Content-Type: application/json" 
-d "{

which I do and I get the following response:

  "access": "string",
  "access_expires": 86400,
  "refresh": "string",
  "refresh_expires": 2592000

Which I guess some part of it is the token I have to introduce in the Token box in Postman, but what part?
I have tried to introduce the string after “access”, also the entire snippet, but it doesn’t seem to work.

Real noob here, thanks for helping…

Just taking an example from their documentation, you would need to manually add a new header called Authorization and then add Bearer <token> as the value.

curl -X GET "" 
-H  "accept: application/json" 
-H  "Authorization: Bearer ACCESS_TOKEN"

You can use use the Bearer Token helper in the Authorization tab of the request, this will auto-create the header once you add the value.

1 Like

Thanks for your answer.
I was trying to introduce the token here:

But following your answer I guess I should introduce the snippet here instead, right?

If this is the correct place, I’m still a bit confused because the POST JWT Obtain states it will inherit from parent (parent being Nordigen Account Information Services API - that’s why I tried to introduce the value there):

The first call would be made to get the token, once you have the token value from the response, you would use that in the header for the other requests made to that API.

The examples under your requests (the ones you have in the images) are used for Mock Server responses and for documentation.

I still don’t understand what I have to do, thanks for trying to explain though :slight_smile:
I’m going to do the Postman tutorial, then I’ll try again.

The Collection you have isn’t really in the right order, to be honest, as you would need a token first, to authenticate yourself against the other endpoints of the API.

From the Quickstart guide:

The first thing you do is make a POST request to the with the secret values that you have most likely got from creating an account with that service.

First, you’ll need to get your user secret from Nordigen’s Open Banking Portal in section User Secrets. Use those secrets to create an access token (referenced as ACCESS_TOKEN in the following steps).

The response of this is going to be the token information that you will use to make a request to a different endpoint.

  "access": "someSecretValue",
  "access_expires": 86400,
  "refresh": "someRefreshSecretValue",
  "refresh_expires": 2592000

In this example from the Quickstart guide, the ACCESS_TOKEN value, is the same value as the token value from the response of the first request. This has an expiry time (I think it’s 24 Hours) so once that’s run out, you will need to request a fresh token and reset the clock.

There are different methods of automatically extracting the response values into a variable and using that in the headers, I would initially get this working by hardcoding the values first and then refactoring what you have.

Once you’re ready, you can get the token by adding this to the Tests section of the token request:

pm.globals.set('token', pm.resonse.json().token);

You will then be able to use the variable syntax to replace the header values:

Thx for your patience.
This part is clear and I did it already:

What I don’t know is what do I put next in what seems the correct place to put it in, ie.:

Is it the entire above snippet, the “access” value, any other value?

An object is returned from that response with a bunch of keys (access, access_expires, refresh and refresh_expires) each key has a value.

Your token is the value of the access key.

Very helpful, thanks a lot for your help. I’ll keep on with the nordigen tutorial now.