Hi,
I’m trying to test Acumatica’s OAuth Authorization flow using Postman. I need to implement an API that will generally be called from a website (our customer portal) and return some information from our company’s Acumatica via OData.
I followed the steps in the I300 Web Services course: https://openuni.acumatica.com/courses/integration/i300-web-services-basic-data-retrieval/
as well as in the reference documents: https://help-2021r1.acumatica.com/(W(2))/Wiki/ShowWiki.aspx?pageid=2930d2f7-e081-4d0e-8879-93907ce82607
I am able to use the Resource Owner Password Credentials flow successfully, but we need to implement the Authorization flow, using a client_id + client_secret approach.
I already created a Client in the Connected Applications screen, and set the flow to Authorization Code.
Please correct me if I’m wrong: I understand that every time this API will be called, it will need to first request an authorization code from (GET) https://<Acumatica ERP instance URL>/identity/connect/authorize, and then use that code to get a token from (GET) https://<Acumatica ERP instance URL>/identity/connect/token. Then that token can be used to successfully authenticate our main API call to retrieve information from OData.
When I try to test the first part of this process in Postman (retrieving the authorization code) I’m just getting this:
If I try the URL directly in the browser with the same parameters, I get this:
Could you please let me know what am I doing wrong?
I’m currently using https://oauth.pstmn.io/v1/callback as the redirect uri value (and I also included it in the client’s Redirect URIs page in the Connected Applications screen in Acumatica). In fact I would also like to know what should I use as the redirect uri if all this will be initially triggered by a javascript function when the website loads, which will trigger an API call to a function in AWS, which will run the authentication/token calls above.
(Any comments or suggestions to help improve this process are more than welcome)
Thanks in advance!