Getting authenticated

In order to gain access to the API endpoints you first have to be authenticated. For this you will need two things: your Client ID & Secret and a user on SALTO KS. The Client ID & Secret should have already been securely shared with you by now. The first user has to be created manually on the SALTO KS website, this can be done by going to https://app.saltoks.com. After you have done this you are ready to get authenticated using the API!

We use OpenID & OAuth for authentication. There are several different flows you can follow for authentication but by default your tenant will be activated for the Authorization Code Flow. The following steps describe how to get an access token using Postman using the Password Grant flow. This flow should generally not be used in production, but it is easy to test API calls with it. Ask api@my-clay.com to change the authorization flow for you if you want use the Password Grant flow. Postman also supports other authorization flows, but this is a bit more manual work to set-up.

1

Setting up your environment

Setting up the environment
A
Setup an environment in postman with these 4 variables. Of course don't forget to change the URL's of the servers to the environment your using.
2

Creating the request

Creating Request
A
Create a POST request to {{identity_server_url}}/connect/token. The value {{identity_server_url}} will automatically be replaced by the URL you have put in your environment variable.
B
Add Basic Auth as authorization to your request and for the username use your Client ID and for the password use your Client Secret.
3

Adding the body

Adding the body
A
Add a body to the request with the following keys and values. In the username and password field you have to fill in the user email and user password for the SALTO KS user you created earlier.
4

Copying the token

Copying the token
A
For this step add the following code to the Tests section of the request. This will automatically copy your access token and refresh token to the environment variables so you don't have to manually copy/paste them every time.
5

Getting the token

Getting the token
A
If all goes well, as soon as you hit send, you should receive a response that has the status "200 OK" and the response body should contain an access token.
B
You are now ready to make API requests!