The API formerly known as Forge (Autodesk Platform Services) is a fickle thing to work with. In this guide, we will walk through setting up Postman to Authorize with Autodesk Platform Services (subsequently abbreviated as APS) through a three-legged authorization grant with PKCE (Proof Key for Code Exchange)

After this guide, you should be able to authenticate and get tokens through OAuth2.0 to test Authenticated requests against APS. (Note, not all endpoints are available through this authentication method)

Step 0: Setup

Postman

• Download and Install Postman

In Autodesk Platform Services

An Autodesk Account

• I assume if you are here you’re in the Autodesk ecosystem. Your account will be the user in this flow

• Create an application

• [IMPORTANT] Make sure you create a “Desktop, Mobile, Single-Page Web App” application. Otherwise the authorization flow will produce a “client credentials invalid” error.

• [IMPORTANT] Because we are using Postman for the authorization flow, set the “Callback URL” to “https://www.getpostman.com/oauth2/callback”. Otherwise, the request will not pass the callback url check.

• Provide access in other products to your application

You should have:

• Your Autodesk Account Information

• The Client ID of your APS application

• The Callback URL for OAuth2.0 in Postman: “https://www.getpostman.com/oauth2/callback”

• The APS Authentication URLs

• Auth URL: “https://developer.api.autodesk.com/authentication/v2/authorize?response_type=code”

• Token URL: “https://developer.api.autodesk.com/authentication/v2/token”

From here, things should be pretty straightforward.

Step 1: Configure Authorization in Postman

I like to set up requests to inherit from a parent folder or collection, but this configuration should work at any level.

In the Authorization Tab:

• Type: OAuth 2.0

• Add auth data to: Request URL

• Current Token

• Access Token: (Ignore)

• Header Prefix: (Ignore, default should be ‘Bearer’)

• Configure New Token

• Token Name: <Your Name for the Token>

• Grant Type: Authorization Code (With PKCE)

• Callback URL: https://www.getpostman.com/oauth2/callback

• Auth URL: https://developer.api.autodesk.com/authentication/v2/authorize?response_type=code

• Access Token URL: https://developer.api.autodesk.com/authentication/v2/token

• Client ID: <Your APS Application ID>

• Client Secret: (Ignore)

• Code Challenge Method: SHA-256

• Code Verifier: (Ignore. Postman will generate)

• Scope: <Scopes you want the user to grant to your application>

• Client Authorization: Send client credentials in body

Step 2: Get New Access Token

Click the “Get New Access Token” button and you should be taken through the authorization flow.

Once completed, you should be able to use the token to access the Autodesk Platform Services APIs that use this type of grant. If not valid, it will respond with the type of grant it requires.

Happy Coding!