Skip to content

Using SeaCat Auth with Postman

Postman is a useful development tool for debugging apps that interact with SeaCat Auth. The major advantage is that Postman natively handles OAuth2.0 authentication and provides tools for auth token management.


  • Running instance of SeaCat Auth
  • Check the [general] section in the config to make sure auth_webui_base_url and public_api_base_url variables point to the actual URLs of your SeaCat Auth WebUI
  • Running instance of SeaCat Auth WebUI
  • Auth WebUI is required for authenticating in SeaCat Auth
  • Check the proxy routing (in Nginx) to make sure it points to you SeaCat Auth backend correctly

Configure your Postman environment

  • Import the OpenAPI specs from /asab/v1/openapi in the SeaCat Auth API.
  • Set up a SeaCat Auth Postman environment. The following variables need to be defined:
  • BASE_URL should contain the base URL of your SeaCat API, for example
  • AUTH_URL should contain the base URL of your SeaCat Auth, for example It is used for authenticating your session.

Create an OAuth2 authorized session

  • In the Collections panel, open the context menu of your SeaCat Auth collection and choose Edit.
  • Navigate to Authorization tab.
  • For Authorization type choose OAuth 2.0
  • Request a new access token and log in to your SeaCat Auth WebUI
  • Your Postman session is now authenticated!

Postman access token details

  • Grant type: "Authorization Code"
  • Callback URL: http://localhost:8080/???? (???)
  • Auth URL: http://localhost:8080/openidconnect/authorize
  • Access Token URL: http://localhost:8080/openidconnect/token
  • Client Id: [any string]
  • Client Secret: [any string]
  • Scope: openid
  • State: [empty string]
  • Client Authentication: Send client credentials in the body

NOTE Some API requests will be fulfilled only if you have access to specific admin resources (authz:superuser or authz:tenant:admin). Check the description of those calls to see if there is any access restriction.