App-only token

Use this approach if you want an access token to have app-only context. In this case, EmbedFAST will use an app-only token for authentication and retrieve user identification from the ‘embedfast-user-id’ header parameter to use for authorization (access control and validation).

Note:

  • The EmbedFAST Admin API does not support this approach.

  • The EmbedFAST User (Client) API can use this approach if you need to integrate with any available authentication providers.

  1. Log into Postman.

  2. Go to the Workspaces tab > My Workspace.

  3. Click on the + icon next to the Overview tab to create a new request.

  1. This will take you to a new request page.

  1. Click on the Authorization tab below the entry field.

  1. From the drop-down menu next to Type, select OAuth 2.0.

  1. Add parameters under the Configure New Token section as detailed in the table below:

Parameters

Inputs

Token Name

Create and enter a token name

Grant Type

Select Client Credentials

Access Token URL

https://login.microsoftonline.com/<Your-Tenant-ID>/oauth2/v2.0/ token

Client ID

Enter the client ID of the EmbedFAST API's app registration

Client Secret

Enter the client secret of the EmbedFAST API's app registration

Scope

api://<Client-ID>/.default

Client Authentication

Send as basic Auth header

Reminder: Ensure that the callback URL is added as a redirect URI in the app registration for the EmbedFAST API, as detailed in previous sections.

  1. Click on Get New Access Token after entering the parameters detailed above.

  1. A dialog box will appear which confirms the completion of the authentication.

  1. You can copy the access token from the page shown below.

Last updated