I’m trying to test Acumatica’s OAuth Authorization flow using Postman. I need to implement an API that will generally be called from a website (our customer portal) and return some information from our company’s Acumatica via OData.
I followed the steps in the I300 Web Services course: https://openuni.acumatica.com/courses/integration/i300-web-services-basic-data-retrieval/
as well as in the reference documents: https://help-2021r1.acumatica.com/(W(2))/Wiki/ShowWiki.aspx?pageid=2930d2f7-e081-4d0e-8879-93907ce82607
I am able to use the Resource Owner Password Credentials flow successfully, but we need to implement the Authorization flow, using a client_id + client_secret approach.
I already created a Client in the Connected Applications screen, and set the flow to Authorization Code.
Please correct me if I’m wrong: I understand that every time this API will be called, it will need to first request an authorization code from (GET) https://<Acumatica ERP instance URL>/identity/connect/authorize, and then use that code to get a token from (GET) https://<Acumatica ERP instance URL>/identity/connect/token. Then that token can be used to successfully authenticate our main API call to retrieve information from OData.
When I try to test the first part of this process in Postman (retrieving the authorization code) I’m just getting this:
If I try the URL directly in the browser with the same parameters, I get this:
Could you please let me know what am I doing wrong?
(Any comments or suggestions to help improve this process are more than welcome)
Thanks in advance!