Automating Web API Authorization in Postman

– 2 Minutes

Here's a quick tip to make working with the Dynamics 365 Web API in Postman even easier. Working with the Web API requires an Access Token which takes several steps to retrieve, and since the tokens expire every hour, it can be a little frustrating. By using a Pre-Request Script, you can have Postman automatically retrieve Access Tokens for you and refresh them when they expire.

To get started, first open Postman and create a new Collection. For this example, I'll call it Dynamics 365.

Postman New Collection

On the Authorization tab, choose a Type of Bearer Token and set the Token value to {{Access_Token}}. This value will be populated later by the pre-request script.

Postman Authorization

On the Pre-request Scripts tab, paste in the following script, and then click Save. As you can see, the script sets the Access_Token environment variable after it is retrieved.

var expiresOn = pm.variables.get('ExpiresOn');
if (!expiresOn || new Date(expiresOn) <= new Date()) {
  var clientId = '51f81489-12ee-4a9e-aaae-a2591f45987d';

  var resource = pm.variables.get('URL');
  var username = pm.variables.get('Username');
  var password = pm.variables.get('Password');

  var request = {
    url: '',
    method: 'POST',
    header: 'Content-Type:application/x-www-form-urlencoded',
    body: {
      mode: 'application/json',
      raw: 'grant_type=password&client_id=' + clientId + '&resource=' + resource + '&username=' + username + '&password=' + password

  pm.sendRequest(request, function (err, res) {
    if (res !== null) {
      var json = res.json();
      pm.environment.set('Access_Token', json.access_token)

      var expiresOn = new Date(0);
      pm.environment.set('ExpiresOn', expiresOn);

Now, let's create a new Environment. We'll use the Environments to store the variables with details on how to connect to our Dynamics 365 environment. Note: you can create multiple environments, and switching between them is very easy! They are a great way to execute requests against Dev, QA, UAT, etc.

Postman New Environment

After creating the Environment, make sure you set it in the drop-down in the upper right corner of Postman.

Now, let's create our request. We'll give it a URL that uses the variables from the Environment we just created.

Postman New Collection Authorization

Now, if you click on the Authorization tab, you will see that the request is set to inherit from the parent, but since we haven't saved this request in a Collection, it doesn't have a parent! So, let's save it. Give it a meaningful name, select the Dynamics 365 collection, and then click Save.

Finally, we are ready to submit the request. When you click Send for the first time, the Pre-Request Script will see that you don't have an Access Token and will request one. On subsequent requests, it will re-use the same Access Token until it expires, at which time it will request a new one.

Hopefully this saves you some time!


Dave Pile

Very helpful and up to date info. Thank you.