Resource Owner Password Flow

WARNING: This page describes authentication flow that should only be used for legacy systems. It is not secure, and has been criticized multiple times. We provide it here because we have integration partners that use this flow.

We use OpenID & OAuth for authentication. There are several different flows you can follow for authentication but by default your tenant will be activated for the Authorization Code Flow. The following steps describe how to get an access token using Postman using the Password Grant flow. This flow should generally not be used in production, but it is easy to test API calls with it. Ask api@my-clay.com to change the authorization flow for you if you want use the Password Grant flow. Postman also supports other authorization flows, but this is a bit more manual work to set-up.

1. Setting up your environment

Setup an environment in postman with these 4 variables. Of course don't forget to change the URL's of the servers to the environment your using.

2. Creating the request

Create a POST request to {{identity_server_url}}/connect/token. The value {{identity_server_url}} will automatically be replaced by the URL you have put in your environment variable.

Add Basic Auth as authorization to your request and for the username use your Client ID and for the password use your Client Secret.

3. Adding the body

Add a body to the request with the following keys and values. In the username and password field you have to fill in the user email and user password for the SALTO KS user you created earlier.

4. Copying the token

For this step add the following code to the Tests section of the request. This will automatically copy your access token and refresh token to the environment variables so you don't have to manually copy/paste them every time.

5. Getting the token

If all goes well, as soon as you hit send, you should receive a response that has the status "200 OK" and the response body should contain an access token.

You are now ready to make API requests!