Prerequisites:

  • The client ID and client secret (Consumer Key and Consumer Secret) for the Salesforce Connected App.
  • The Postman callback URL (or redirect URI) for the client application.

The following steps show how to use Postman to obtain access and refresh tokens from Salesforce.

  1. Open Postman.
  2. Select the Authorization tab.
  3. Select OAuth 2.0. Then, enter required values. For example:

    Token Name: MySalesforceToken

    Grant Type: Authorization Code

    Callback URL: Depending on the version of Postman you are using, this may be either of the following endpoints:

    • https://oauth.pstmn.io/v1/callback
    • https://www.getpostman.com/oauth2/callback

    Auth URL: https://login.salesforce.com/services/oauth2/authorize

    Token URL: https://login.salesforce.com/services/oauth2/token

    Client ID: client-id

    Client Secret: client-secret

    Scope: scope where scope is the list of scopes that define application permissions. In most cases, the client application will be granted full access to Salesforce resources at any time. In this scenario, the following scopes would be specified:

    • Full access (full): Allows access to all data accessible by the logged-in user, and encompasses all other scopes.
    • Perform requests at any time (refresh_token, offline_access): Allows a refresh token to be returned when the requesting client is eligible to receive one.
  4. Press Get New Access Token.

    Salesforce returns the access and refresh tokens to Postman.

Results:

You have obtained access and refresh tokens for OAuth access to Salesforce.