Using SeaCat Auth with Postman

Postman is a useful development tool for debugging apps that interact with SeaCat Auth. The major advantage is that Postman natively handles OAuth2.0 authentication and provides tools for auth token management.

Prerequisites

Running instance of SeaCat Auth
- Check the [general] section in the config to make sure auth_webui_base_url and public_api_base_url variables point to the actual URLs of your SeaCat Auth WebUI
Running instance of SeaCat Auth WebUI
- Auth WebUI is required for authenticating in SeaCat Auth
- Check the proxy routing (in Nginx) to make sure it points to you SeaCat Auth backend correctly

Configure your Postman environment

Import the latest collection from the SeaCat Auth repo (located at doc/seacat-auth-api.postman_collection.json)
Set up a SeaCat Auth Postman environment. The following variables need to be defined:
- BASE_URL should contain the base URL of your SeaCat API, for example https://my-domain.int/seacat/api/seacat_auth
- AUTH_URL should contain the base URL of your SeaCat Auth, for example https://my-domain.int/auth. It is used for authenticating your session.

Create an OAuth2 authorized session

In the Collections panel, open the context menu of your SeaCat Auth collection and choose Edit.
Navigate to Authorization tab.
For Authorization type choose OAuth 2.0
Request a new access token and log in to your SeaCat Auth WebUI
Your Postman session is now authenticated!

Postman access token details

Grant type: “Authorization Code”
Callback URL: http://localhost:8080/???? (???)
Auth URL: http://localhost:8080/openidconnect/authorize
Access Token URL: http://localhost:8080/openidconnect/token
Client Id: [any string]
Client Secret: [any string]
Scope: openid
State: [empty string]
Client Authentication: Send client credentials in the body

NOTE Some API requests will be fulfilled only if you have access to specific admin resources (authz:superuser or authz:tenant:admin). Check the description of those calls to see if there is any access restriction.