While writing the next article for my "Integrating .Net and Salesforce" series, I created a custom web service in Salesforce and I tried to test it with Postman. I found out that there's a lot of outdated information out there, so when I finally got it working I thought it would be useful to share the results.
We're going to use OAuth2 and the authorization code flow.
Create a connected app
A connected app is conceptually an authentication and permission endpoint in Salesforce. External applications don't authenticate directly with a Salesforce org, but with a connected app instead. This allows system administrators to set different permissions to different apps, and revoke access if necessary.
You can see how to create a connected app in my previous post.
As an additional step, you need to ensure you add
https://www.getpostman.com/oauth2/callback to the callback URL list (see below). This is the Postman endpoint that will receive the token.
OAuth with Postman
Postman has built-in OAuth-base authorization. In Postman, click on the Authorization tab and select "OAuth 2.0".
Click on Get New Access Token to launch the OAuth dialog. Use the following values:
Token Name: (Any friendly, descriptive name)
Access Token URL:
Client ID: (the consumer key from your connected app)
Client Secret: (the consumer secret from your connected app)
Scope: (you can leave this empty)
Grant Type: Authorization Code
Click on Request Token. This will take you to the Salesforce login screen, where you can type your credentials.
Once the OAuth flow is complete, you will see the token in Postman. The left side of the panel shows all the tokens you have obtained, and clicking on any of them will show the details (see below).
Click on the token you received to show the details. Note that there is a field named instance_url. Take note of its value, as you will use it in the following step.
Click on Use Token and in the Add token to drop-down, select "Header", so that the token will be added to the HTTP request headers. You're now ready to call your web service.
Make the request
Let's start by testing the REST API.
Type the following in the request URL: (instanceURL)/services/data/v36.0/sobjects/contact
If all went well, you should see something like this in the response body:
And that's it! You have successfully authenticated and called the Force.com REST API.
Postman is an excellent tool for testing RESTful web services. A good first step when developing an app that connects to Salesforce is to use Postman to make sure that authentication is working and to explore the data returned by the endpoints. This can save you a lot of headaches when troubleshooting your app. Postman can be used to test the Force.com REST API or any custom REST web service. We'll see how to create one in our next post.