Exploring Ocrolus with postman

Play around with our API before you write a single line of code.


Once you have your credentials all set up, you can get started integrating Ocrolus into your application. However, if you want to experiment with the API beforehand, you can do so with Postman, a popular API discovery platform.

Generating Credentials

Follow the steps described here to obtain a set of credentials through the Ocrolus Dashboard.

If you're ready to use Ocrolus in your application, you can retrieve an access token through the steps described here.

Generating Access Tokens

Our Grant Authentication Token endpoint is OAuth-compliant, which means that OAuth clients should "just work" with it. This includes Postman; let's try it out!

Create an API request for any Ocrolus endpoint besides Grant Authentication Token; we're using https://api.ocrolus.com/v1/books in this guide, but any endpoint will do.

Open the "Authorization" tab and configure it as follows:

  • Set Type to OAuth 2.0.
  • Set Add authorization data to to Request Headers
  • Set Token Name to any name that makes sense to you
  • Set Grant Type to Client Credentials
  • Set Access Token URL to https://auth.ocrolus.com/oauth/token
  • Set Client ID to the client ID you generated in the Ocrolus Dashboard.
  • Set Client Secret to the client secret you generated in the Ocrolus Dashboard.
  • Leave Scope blank (we don't support this right now).
  • Set Client Authentication to Send as Basic Auth header

Your window will look something like this:


The credentials are blurred to indicate that they are sensitive.


What's that warning?

Generally you should reference sensitive information (such as your credentials) in user-specific variables, rather than including them directly in API requests that may be shared with your team. This isn't necessary for our purposes, but you should absolutely follow this advice in practice.

Click the orange Get New Access Token button and you'll see something like this after a few seconds:


Postman displaying the access token it received from Ocrolus. Various attributes are also provided, though they're not included in this screenshot. The token is blurred to indicate that it is considered sensitive.

You'll get the OAuth endpoint's response here, including the token itself. Select Use Token to save this token and use it for further requests.


The credentials and access token are blurred to indicate that they are sensitive.

Click Send to submit an API request with the credentials you provided. You'll get a successful response, which in the author's case looks like this:


A JSON response to a successful API call is displayed. The exact response will vary.

Mission accomplished! When the token expires, click the Refresh button to generate a new one.