Real noob question: how to get a bearer token?

New to APIs/Postman
1

I don’t know how to get the bearer token… I’m starting today to learn about APIs. I wanted to test the free banking APIs at nordigen.com, and tried following the guide over there.
I have setup a collection and an API here in Postman. Then following the nordigen.com guide I chose Bearer token in Postman as authorization type, but now, I have to put the token value in the Token box, and… I don’t know how to get it.
At nordigen, they say to "Under Authorization, change the authorization value from true to Bearer YOUR_TOKEN"

And they indicate that, to get the token, I should
“get your user secret from [Nordigen’s Open Banking Portal] in section User Secrets.”
This I have done correctly (I think).
Afterwards I should “Use those secrets to create an access token (referenced as ACCESS_TOKEN in the following steps).”
They indicate to run this code:

curl -X POST "https://ob.nordigen.com/api/v2/token/new/" 
-H  "accept: application/json" 
-H  "Content-Type: application/json" 
-d "{
     \"secret_id\":\"string\",
     \"secret_key\":\"string\"}"

which I do and I get the following response:

{
  "access": "string",
  "access_expires": 86400,
  "refresh": "string",
  "refresh_expires": 2592000
}

Which I guess some part of it is the token I have to introduce in the Token box in Postman, but what part?
I have tried to introduce the string after “access”, also the entire snippet, but it doesn’t seem to work.

Real noob here, thanks for helping…

2

Just taking an example from their documentation, you would need to manually add a new header called Authorization and then add Bearer <token> as the value.

curl -X GET "https://ob.nordigen.com/api/v2/institutions/?country=gb" 
-H  "accept: application/json" 
-H  "Authorization: Bearer ACCESS_TOKEN"

You can use use the Bearer Token helper in the Authorization tab of the request, this will auto-create the header once you add the value.

image
image1630×730 56 KB

image
image1712×286 13.4 KB

1 Like
3

Thanks for your answer.
I was trying to introduce the token here:

image
image1102×373 33.9 KB

But following your answer I guess I should introduce the snippet here instead, right?

image
image788×694 39 KB

If this is the correct place, I’m still a bit confused because the POST JWT Obtain states it will inherit from parent (parent being Nordigen Account Information Services API - that’s why I tried to introduce the value there):

image
image783×379 33.1 KB

4

The first call would be made to get the token, once you have the token value from the response, you would use that in the header for the other requests made to that API.

The examples under your requests (the ones you have in the images) are used for Mock Server responses and for documentation.

5

I still don’t understand what I have to do, thanks for trying to explain though :slight_smile:
I’m going to do the Postman tutorial, then I’ll try again.

6

The Collection you have isn’t really in the right order, to be honest, as you would need a token first, to authenticate yourself against the other endpoints of the API.

From the Quickstart guide:

The first thing you do is make a POST request to the https://ob.nordigen.com/api/v2/token/new/ with the secret values that you have most likely got from creating an account with that service.

First, you’ll need to get your user secret from Nordigen’s Open Banking Portal in section User Secrets. Use those secrets to create an access token (referenced as ACCESS_TOKEN in the following steps).

image
image3262×1278 187 KB

The response of this is going to be the token information that you will use to make a request to a different endpoint.

{
  "access": "someSecretValue",
  "access_expires": 86400,
  "refresh": "someRefreshSecretValue",
  "refresh_expires": 2592000
}

image
image3252×1268 200 KB

In this example from the Quickstart guide, the ACCESS_TOKEN value, is the same value as the token value from the response of the first request. This has an expiry time (I think it’s 24 Hours) so once that’s run out, you will need to request a fresh token and reset the clock.

There are different methods of automatically extracting the response values into a variable and using that in the headers, I would initially get this working by hardcoding the values first and then refactoring what you have.

Once you’re ready, you can get the token by adding this to the Tests section of the token request:

pm.globals.set('token', pm.resonse.json().token);

image
image3234×722 107 KB

You will then be able to use the variable syntax to replace the header values:

image
image3218×842 147 KB

7

Thx for your patience.
This part is clear and I did it already:

What I don’t know is what do I put next in what seems the correct place to put it in, ie.:

image
image1180×361 40.7 KB

Is it the entire above snippet, the “access” value, any other value?

8

An object is returned from that response with a bunch of keys (access, access_expires, refresh and refresh_expires) each key has a value.

Your token is the value of the access key.

image
image2422×872 114 KB

9

Very helpful, thanks a lot for your help. I’ll keep on with the nordigen tutorial now.