Rotate Adobe Experience Platform API via Postman

New to APIs/Postman
,
1

Adobe Experience Platform (AEP) uses OAuth 2.0 authentication, requiring a new access token every 60 minutes. How to keep API calls running smoothly, in automate token rotation in Postman.
How to use JavaScript in Postman’s pre-request scripts to handle API key rotation.

2

This is a reasonably complicated subject.

What have you researched so far?

There are a lot of topics on here that discuss this.

Some things to consider.

  1. Have you tried the Postman Authentication helpers. These can be setup to automatically renew tokens within the clients (Desktop and web), but can’t be used for automated test suites through the Newman CLI or the new Postman Cloud CLI.

  2. What type of OAuth authentication grant is being used. Only certain grant types like client credentials and password can be automated via scripting. If its using a grant type that requires user\browser interaction, then these cannot be fully automated (and is where the Authentication helpers come into play).

3

Hi Mike Jones, thanks for the hints, yes it is complicated, I am studying another options like Python Requests, I have searched around but no use case like it.

4

You haven’t mentioned the GRANT type being used.

That will dictate what options are available.

5

I wrote this blog post a few years ago that uses pre-request scripts to renew OAuth tokens. Based on how the specific setup is of the Adobe Experience Platform, you might have to change a couple of things, but this is at least the skeleton to make things work.

6

Hi Mike, actually are using client credentials. I will check Postman documentation helpers. Thank you very much for your time.

7

Just to clarify:
Adobe Experience Platform (AEP) uses OAuth 2.0 authentication, meaning access tokens expire every 60 minutes. To keep API calls running smoothly, how can I automate token rotation in Postman?

Specifically, how can I use JavaScript in Postman’s pre-request scripts to request a new token when needed and ensure all API calls use the latest token? Any best practices or examples would be helpful!

8

Client_Credentials can be scripted.

Here is an example authenticating against Microsoft which checks the expiry for the token.

If the API doesn’t return the expiry date, then you will have to pull apart the token like in this example.

let moment = require('moment');
let currentDateTime = moment(new Date()).format("YYYYMMDDHHmmss");
let tokenExpiry = moment(pm.environment.get("bearerTokenExpiresOn")).format("YYYYMMDDHHmmss");

// console.log("currentDateTime: " + currentDateTime);
// console.log("tokenExpiry: " + tokenExpiry);
// console.log(pm.environment.get("bearerToken"));


if (!pm.environment.get("bearerToken") || currentDateTime > tokenExpiry) {
    pm.test("Pre-request check for Environment Variables", function () {
        let vars = ['client_id', 'scope', 'tenant_id', 'client_secret', 'scope'];
        vars.forEach(function (item) {
            // console.log(item);
            pm.expect(pm.environment.get(item), item + " variable not set").to.not.be.undefined;
            pm.expect(pm.environment.get(item), item + " variable not set").to.not.be.empty;
        });
        pm.sendRequest({
            url: 'https://login.microsoftonline.com/' + pm.environment.get("tenant_id") + '/oauth2/v2.0/token',
            method: 'POST',
            header: 'Content-Type: application/x-www-form-urlencoded',
            body: {
                mode: 'urlencoded',
                urlencoded: [
                    { key: "client_id", value: pm.environment.get("client_id"), disabled: false },
                    { key: "scope", value: pm.environment.get("scope"), disabled: false },
                    { key: "client_secret", value: pm.environment.get("client_secret"), disabled: false },
                    { key: "grant_type", value: "client_credentials", disabled: false },
                ]
            }
        }, function (err, res) {
            if (err) {
                console.log(err);
            } else {
                pm.test("Pre-request Microsoft login Status code is 200", () => {
                    pm.expect(res).to.have.status(200);
                    let resJson = res.json();
                    // console.log(resJson);
                    let token = resJson.access_token;
                    // console.log(token);

                    function parseJwt(token) {
                        var base64Url = token.split('.')[1];
                        var base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
                        var jsonPayload = decodeURIComponent(atob(base64).split('').map(function (c) {
                            return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
                        }).join(''));

                        return JSON.parse(jsonPayload);
                    }

                    let decoded = parseJwt(token);
                    // console.log(decoded);
                    let expiryDate = new Date(decoded.exp * 1000);
                    // console.log(expiryDate);

                    pm.environment.set("bearerToken", token);
                    pm.environment.set("bearerTokenExpiresOn", expiryDate);
                    // console.log("bearerTokenExpiresOn: " + pm.environment.get("bearerTokenExpiresOn"));
                });
            }
        });
    });
};