Instructions designed for use in the Postman's desktop app v8.
- Download Postman
- Create Private Public Key Pair
- Connected App Setup
- App Authorization
- Fork the Collection
- Configure the Collection
- Execute a Request
Download and install the Postman app from Postman.
Not currently supported. Please use the desktop application.
Note: These instructions are designed for use in the Direct APIs which are the recommended approach for invoking the CDP APIs. If you are going to be using the Connect APIs some steps such as the Key Pair, Connected App Setup, and App Authorization will not be required.
-
You’ll need a .key and a .crt file (private and public key)
-
Open Terminal and change directories to any folder and run the following commands
openssl genrsa 2048 > host.key chmod 400 host.key openssl req -new -x509 -nodes -sha256 -days 365 -key host.key -out host.crtNote: There will be a series of questions (Country, State, Org Name, etc) you need to complete.
This creates a host.key and host.crt files in that folder. These will be used later in the setup.
This collection utilizes Salesforce's server to server JWT bearer flow for acquiring an access token. This portion of the setup will walk you through setting up the connected app.
-
Login to Salesforce → Setup and Search "App Manager"
-
In the Setup’s Quick Find search "App Manager"
-
Select “New Connected App”
-
Connected App Name: CDP API
-
API Name: CDP_API (or whatever default value is prepopulated)
-
Contact Email: Your email address
-
Under API Heading, check the box for “Enable OAuth Settings”
-
Callback URL: https://oauth.pstmn.io/v1/callback
-
Select the checkbox for “Use digital signatures”
-
Select “Choose File” and select the host.crt file created in Create Private Public Key Pair section
-
Under “Selected OAuth Scopes” move the following from the “Available OAuth Scopes” to “Selected OAuth Scopes”
- Manage user data via APIs (api)
- Perform requests at any time (refresh_token, offline_access)
- Perform ANSI SQL queries on Salesforce CDP data (cdp_query_api)
- Manage Salesforce CDP profile data (cdp_profile_api)
- Manage Salesforce CDP Ingestion API data (cdp_ingest_api)
- Note: feel free to select others if needed.
Your screen should look similar to this
-
Select Save (on the next screen select Continue)
-
Make note of the Consumer Key and Consumer Secret values. This will be used as the “clientId” and “clientSecret” variables in the Postman collection.
-
-
At the top of your newly created connected app click “Manage”
- Select “Edit Policies”
- Change “IP Relaxation” to “Relax IP restrictions”
- Select Save
At this point your connected app has been configured however there is a one time setup requirement to authorize your user with the connected app.
The URL format will look like:
<YOUR_ORG_URL>/services/oauth2/authorize?response_type=code&client_id=<YOUR_CONSUMER_KEY>&scope=api refresh_token cdp_profile_api cdp_query_api cdp_ingest_api&redirect_uri=https://oauth.pstmn.io/v1/callback
Notice the scope parameter in the above URL. It’s important that you select all the required custom CDP scopes in this request. All further JWT bearer flow requests will honor ONLY these scopes
YOUR_ORG_URL is the fully qualified instance URL.
YOUR_CONSUMER_KEY is the consumer key noted in step 4.x above.
Example URL:
-
Paste that URL in a browser window.
-
This prompts a consent dialog asking permission for each of the scopes requested above. Select Allow and you should be redirected back.
-
You may also get an alert from the callback. If you do, select Open Postman
-
Optional: If you want to verify everything is authorized correctly, in the Quick Find search for “Connected Apps OAuth Usage”. Here you will see your connected app and should see a user count of 1.
Fork the collection using the following button or follow the instructions listed below.
-
In Postman, click on the top search bar and type Salesforce
-
Click Salesforce Developers under Teams
-
Click the Salesforce CDP APIs tile
-
Click Fork
-
Enter a label for your fork (e.g.: “My fork”)
-
Select a workspace (the default “My Workspace” workspace is fine)
-
Click Fork Collection
The collection uses a series of collection variables to help streamline your calls. To successfully use the package it's important to be sure to update the collection variables.
- Click Salesforce CDP APIs
- Open the Variables tab
- Complete the following variables for your instance by placing the values in the Current Value column.
| Variable | Example Value | Description | Used In Direct APIs | Used In Connect APIs |
|---|---|---|---|---|
| loginUrl | login.salesforce.com | Using login.salesforce.com will be fine unless you are using a sandbox. | X | X |
| version | 52.0 | Salesforce API version number | X | |
| clientId | 3MVG9l2zHsylwlpR6H5xByqIHvFbLVATgzkY... | Consumer key from the connected app. | X | X |
| clientSecret | 775C20434DB475FC326765353AF5210D4... | Consumer secret from the connected app. | X | |
| privateKey | -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA6spOAo1NhTsOhj19M ... rEOBZ458a3O4EOfHP1luZb4ZGrnTDRcA== -----END RSA PRIVATE KEY----- |
Contents of host.key file. | X | |
| userName | [email protected] | User Name of the authorized user. | X | X |
| password | superSecretPassword1! | Password of the authorized user. | X | |
| securityToken | fVhwzeDFMrAh4IC9hS | Salesforce security token for the authorized user. Details for securing a token available here. | X |
-
Click Save.
Direct APIs
The collection is built to leverage the OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration for Salesforce Core authorization. The core token is then exchanged with the off core server hosting CDP for a final authorization token.
NOTE: To simplify the use of the the collection this authorization process has been configured to run automatically prior to each request and check if a valid token exists.
This is accomplished by using the collection variables defined in the Configure the Collection section combined with a pre-request script.
The script creates six new variables that are used for token generation and should not be edited:
- dne_cdpTokenRefreshTime
- dne_cdpAssertion
- dne_cdpAuthToken
- dne_cdpInstanceUrl
- dne_cdpOffcoreToken
- dne_cdpOffcoreUrl
The Marketing Cloud authorization tokens are valid for 2 hours therefore when a token is requested we create a new variable called dne_cdpTokenRefreshTime that stores the time the token was generated. Each subsequent call will use this refresh time to determine if a new token should be requested.
The token returned in the authorization call is stored as the collection variable dne_cdpOffcoreToken and passed in the authorization header defined by a pre-request script at folder level.
Connect APIs
The connect APIs leverage the traditional Salesforce authentication request process. You must first run the Auth Request first and we leverage Postman's tests functionality to parse the response body and set the variables for dne_cdpAuthToken and dne_cdpInstanceUrl that are used in the remaining Connect API calls.
- Expand the collection and select the
Profile API -> Metadata - DMOrequest - Click
Send
At this point, if your environment is correctly set up, you should see a 200 OK status. This means that you have successfully authenticated with Salesforce CDP and that you can now use the other collection’s requests.
See additional documentation for more information on how to keep the collection up to date and work with multiple Marketing Cloud instances.