Skip to main content
Skip table of contents

Use TrustBuilder.IO API with Postman

TrustBuilder.IO API endpoints are protected by OAuth2 access tokens. When calling a trustBuilder.IO API endpoint, you need to supply a valid access token in the HTTP Authorization header. You should prefix the value with the bearer, which specifies the authentication scheme used.

1. Get client credentials in TrustBuilder

In this configuration, we use the Client credentials grant.

  1. Go to Access Management > Service Providers.

  2. Click on + Add New SP.

  3. Click on OAUTH Client SP.

  4. Configure the settings:





Display name

Enter a display name for this new OAuth Client SP API

Authentication Scheme

Select the authentication scheme to use.

IDHUB Default Scheme, which is the default authentication scheme


Select the primary user attribute that is used to identify the user.

“IDHub UserID”, which is the fields used for username.

Manage Certificates

Add a certificate.

  • Context → SIGNING (KEY)

  • Certificate → idhub-signing


OAuth Policy

Select the OAuth protocol version.

OAuth 2.0

Callback URLs


Check the scopes.

administrator, config:read, config:write, openid, userdata, users:read, users:write

Client Profile

Select the application type:

  • public app (not able to hold credentials securely)


  • confidential app (able to hold credentials securely)


Client Authentication Enabled

Enable the grant type “Client Credentials”


Client Authentication Type

Select where to include client authentication parameters.

  • HTTP Basic Authentication Scheme: The client's authentication parameters are included in the http Authentication header

  • HTTP POST from body: The client's authentication parameters are included in the body of the http request, which are posted to the server

  • Client secret JWT: The client's authentication parameters are added as a JWT, that is signed using a shared secret.

  • Private Key JWT: The client's authentication parameters are added as a JWT, that is signed using the client's private key.

HTTP POST from body

Access token type

Select the type of access token


Access Token Time To Live

Define the access tokens lifetime

Ex: 7 days

  1. Click on Save & Close.

  2. The client credentials (client ID and client Secret) are generated.
    Write it down since it will not be shown again.

2. Generate an access token in Postman

  1. Log in to Postman.

  2. Set the Authorization settings of a collection (or a request):

    • Type → OAuth 2.0

    • Add auth data to → Request Headers

    • Token → Available tokens

    • Header Prefix → Bearer

  3. Configure New Token:

    • Token name → define a token name

    • Grant type → Client Credentials

    • Access Token URL → https://{YOUR_INSTANCE}/idhub/oidc/v1/token
      Replace {YOUR_INSTANCE} with your TrustBuilder instance

    • Client ID → paste the Client ID generated in TrustBuilder

    • Client Secret → paste the Client secret generated in TrustBuilder

    • Scope → insert the required scopes openid administrator config:read config:write userdata users:read users:write

    • Client Authentication → Select “Send client credentials in body”

  4. Click on Get New Access Token to generate an access token. After a few seconds, an access token is generated.

3. Make TrustBuilder.IO API requests in Postman

Depending on the TrustBuilder environment, the base URL should be:

  • for Production environment,

  • for Preview environment.

See TrustBuilder.IO API

Let’s take an example. We will make a GET request to to retrieve the list of users in the tenant.

  1. Select the request method GET.

  2. Enter the request URL

  3. Click on Send.

The response should list the users and their attributes.

More information about Postman requests creation

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.