search
apis

Express Postman Collection

Express provides two APIs for managing access tokens, users, and other objects in the ForgeRock Identity Cloud.

Authentication API

The authentication API allows you to obtain access tokens, id tokens and refresh tokens. Use these tokens to perform CRUD operations on entities in the Management API.
EXPLORE

Obtaining Access Tokens for Web Apps; Two Methods

When configuring your apps with Express, you can take advantage of our REST interfaces, as discussed in the documentation for our Express APIs.

If your web app complies with the OAuth 2.0 Authorization Framework, you can get an access token in two ways:

  • With the HTTP Basic Authentication scheme
  • By including the client ID and client secret directly in the REST call

These options correspond to the following settings in the UI console for web apps:

  • Basic Auth
  • Unencoded

alt text

Basic Auth

If you’ve set up Basic Auth for your web app, you’ll need to base64-encode your client ID and client secret. One way to do so is with the following command:

echo -n CLIENT_ID:CLIENT_SECRET | base64

You can include that base64-encoded value in the following REST call:

content_copy COPY

curl -X POST \
https://openam-{tenantName}.forgeblocks.com/am/oauth2/access_token \
-H 'Authorization: Basic {BASE_64_ENCODED_STRING}' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=password&username=bjensen%40example.com&password=Password1%23&scope=openid%20me.read%20me.update%20me.update-password%20password-policy.read%20user.reset-password%20user.recover-username%20user.create%20user.read%20profile%20email'

Unencoded

If you prefer, you can enter the client ID and client secret directly in the REST call:

content_copy COPY

curl -X POST \
https://openam-{tenantName}.forgeblocks.com/am/oauth2/access_token \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id={clientId}'
-d 'client_secret={clientSecret}'
-d 'grant_type=password&username=bjensen%40example.com&password=Password1%23&scope=openid%20me.read%20me.update%20me.update-password%20password-policy.read%20user.reset-password%20user.recover-username%20user.create%20user.read%20profile%20email'

For more information, see how the following properties are defined in RFC 7591 - OAuth 2 Dynamic Client Registration Protocol. Find the token_endpoint_auth_method and look for:

  • client_secret_basic, which uses the base64-encoded combination of your client ID and client secret.
  • client_secret_post, which requires the client ID and client secret in REST calls.

Management API

Lets you to manage users and other objects in the system. To access the management API, use the authentication API to get an access token. Then include that access token in your calls to the management API.
EXPLORE

ForgeRock uses Postman to host API definitions that allow you to run API calls locally in the Postman client. To learn more, review our section on using Postman with ForgeRock APIs.


Where to go from here

For questions or feedback, contact us.