Getting authenticated

In order to gain access to the API endpoints you first have to be authenticated. For this you will need two things: your Client ID & Secret and a user on SALTO KS. The Client ID & Secret should have already been securely shared with you by now. The first user has to be created manually on the SALTO KS website, this can be done by going to After you have done this you are ready to get authenticated using the API!

We use OpenID & OAuth for authentication. There are several different flows you can follow for authentication but by default, your tenant will be activated for the Authorization Code Flow. The following steps describe how to get an access token using Postman using the Password Grant flow. This flow should generally not be used in production, but it is easy to test API calls with it.

Password as grant type is just for demo purpose, we are not providing Password as grant type for the API partners. In order to get the access token please check the Authorization Code Flow link

1. Setting up your environment

A. Setup an environment in postman with these 4 variables. Of course don't forget to change the URL's of the servers to the environment your using.

2. Creating the request

A. Create a POST request to {{identityserverurl}}/connect/token. The value {{identityserverurl}} will automatically be replaced by the URL you have put in your environment variable.

B. Add Basic Auth as authorization to your request and for the username use your Client ID and for the password use your Client Secret.

3. Adding the body

A. Add a body to the request with the following keys and values. In the username and password field you have to fill in the user email and user password for the SALTO KS user you created earlier.

4. Copying the token

A. For this step add the following code to the Tests section of the request. This will automatically copy your access token and refresh token to the environment variables so you don't have to manually copy/paste them every time.

5. Getting the token

A. If all goes well, as soon as you hit send, you should receive a response that has the status "200 OK" and the response body should contain an access token.

B. You are now ready to make API requests!


App storePlay store