By Deepak Kumar

2015-01-20 12:49:17 8 Comments

I am a beginner to magento REST API, how i will get token and token secret to be fill in Postman REST resquest. I have only consumer key and consumer secret. Please provide me the steps to follow.


@Farid Movsumov 2018-06-18 13:21:03

Example request in Postman version 6.x.x


And response of this request is


You can get this credentials from Magento Admin. Click on edit icon in Integrations page.


@Gem 2018-10-24 12:14:45

like same how can i get customer list?

@mancocapac 2016-08-25 03:44:51

@Franklin P Strube Unfortunately, I don't have enough reputations to add a comment.

I would like to add the following. The Magento REST API does not require both outh params on the URL AND Oauth headers. This is not actually stated above. See the last note where it says you need to "add params to header". You do need to do this, but when you do you will find it sends both url params and oauth headers. You don't need the url parms, it will work fine without them. btw: the franklin response worked great!

@Franklin P Strube 2015-01-21 17:03:19

First, you want to request a valid OAuth token and secret. Do this by hitting the /oauth/initiate URL of your Magento store with a GET parameter for oauth_callback. We're going to use httpbin so that we can echo anything that is passed to our callback. Make sure you have "Auto add parameters" checked on the OAuth 1.0 settings for Postman.

OAuth Token Request

That will give you an oauth_token and oauth_token_secret, which are only temporary. These are referred to as a "request token" and secret. Save these values somewhere because you will need them later.

OAuth Token Response

Now, assemble a new regular HTTP request to the /admin/oauth_authorize URL of your Magento store. This will return a login form where you can accept the oauth token and authorize your app, however since we're using Postman we aren't able to interact with the form.

OAuth Authorization Form

Instead, view the source and pull out the form_key hidden input value. Then assemble a new HTTP request to fake the submission of the authorization form. Make sure it is a POST request. Your new HTTP request should look like this.

OAuth Authorization Form Submit

Now, you need to actually confirm the authorization. Simply issue a GET to the /admin/oauth_authorize/confirm URL of your Magento store with the oauth_token as your parameter. When you send this request it will redirect to your oauth_callback from the first step. Now, you can see why we used httpbin as our callback in the first step.

OAuth Authorization Confirmation

OK. So, we're almost home. The last piece of the puzzle is to use the oauth_token, oauth_secret, and oauth_verifier all together to get a valid and persistent "access token". So, take the oauth_token_secret from the first step, and combine and assemble a new OAuth request like so.

OAuth Token

You should get a returned token and secret. These will never expire! You can use them to query products and stuff.

OAuth Token Response

Now, you can assemble your OAuth requests like this. Edit: Note, you must check the "Add params to header" checkbox in order for Magento REST calls to work properly.

OAuth REST Request

@Deepak Kumar 2015-01-23 12:39:11

Thanks a provided me what i actually need..thanks

@Sebastian Buckpesch 2015-02-09 13:05:16

Thanks a million... Exactly what I need to start requesting the Magento REST API!

@nr5 2015-11-30 07:45:45

@Franklin P Strube I am accessing it from an iOS app. Is this the right way to bypass the login window in step 2 (fetching the form_key)? I dont want the user to type in the username and password

@ThisDarkTao 2016-05-05 07:52:40

This answer was incredibly helpful. The Magento API documentation is rather loose and only covers basic information.

@Gowsik K C 2016-09-02 06:33:38

Hi...can u help me with the same process in magento 2.1....Rest api oauth

@Thomas Harding 2017-05-02 16:19:43

Hi, I'm getting a bit stuck on the 4th step of the guide "Instead, view the source and pull out the form_key hidden input value. Then assemble a new HTTP request to fake the submission of the authorization form" - If I do this, it doesn't accept the form_key value, tells me that it's invalid.

@Holistic Developer 2018-01-11 20:28:40

It looks like the current version of Postman (5.5.0) doesn't properly handle oauth_verifier when signing the request for the access token. There's is an open issue for it.

@Bala Sivagnanam 2018-02-12 04:26:48

Thanks a lot this provided me the details and it was clearly explained.. Just following what ever is mentioned here got me the things working..

@Mike W 2018-04-16 13:46:23

In Step 2 I had to use /oauth/authorize instead of /admin/oauth_authorize

Related Questions

Sponsored Content

7 Answered Questions

[SOLVED] How to make calls to Twitter API using Postman client

  • 2015-08-23 20:46:56
  • learner
  • 25940 View
  • 48 Score
  • 7 Answer
  • Tags:   twitter postman

1 Answered Questions

1 Answered Questions

REST API URLs for Magento

3 Answered Questions

Not able to get OAuth token for Magento Rest Client on OS X

  • 2015-03-17 12:07:59
  • Bhavna Gupta
  • 1583 View
  • 1 Score
  • 3 Answer
  • Tags:   rest magento oauth

0 Answered Questions

1 Answered Questions

[SOLVED] How to get Access Token and Access Token Secret from Magento 1.7 REST API

0 Answered Questions

How to get Access Token and Access Token Secret for Magento?

  • 2015-12-02 12:36:26
  • Gopal
  • 679 View
  • 1 Score
  • 0 Answer
  • Tags:   rest magento

1 Answered Questions

[SOLVED] In Magento how to get AccessToken and Access Secret Token

1 Answered Questions

How to get oauth_access token and secret in Magento 1.7

Sponsored Content