How are on-premises Orchestrator and Postman configured to use client credentials for confidential external application API calls?

Description

Current API documentation does not provide clear guidance for on-premises API calls for confidential external applications, which require the use of client credentials.

Resolution

The following is a generic guide to setting up an external application with appropriate scopes for building API requests with Postman or other external applications.

Orchestrator external application registration

An admin user can create the external application registration by accessing https://{OrchURL}/identity/management/externalApps and selecting the “Add Application” button in the upper right corner of the page.

Provide the application details and scopes required for the API call as listed in Permissions Per Endpoint.

Obtain client credentials in Postman

Create a POST request in Postman providing the on-premises Orchestrator location and token endpoint: https://orchestrator.url/identity/connect/token.

On the Params tab, configure the parameters listed in the External Apps (oAuth 2.0):

On the Authorization tab, set Type to “No Auth”.

On the Body tab, set the encoding to “x-www-form-urlencoded” and create the following key-value pairs:

Send the request. If it is successful, copy the bearer token returned in the Body of the response.

Use client credentials in an API call

Create a GET request for the target API call, following the schema in Swagger. For example, “GET https://orchestrator.local/odata/Folders”.

In the Authorization tab, set the Authorization Type to “Bearer Token”. Paste the token in the Token field.

In the Body tab, set the encoding to “x-www-form-urlencoded” and create required and optional key-value pairs appropriate for the API call.

Send the request. The response is returned in the Body.