Screenshot WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
3rd Party Integration


Published: October 4, 2018 | Updated: January 1st, 2020
  1. Home
  2. Docs
  3. How To
  4. Using POSTMAN and WP REST API


Postman is a REST API client that is used for testing and building REST clients. POSTMAN allows you to easily test any API with little setup. This article will explain how to connect to WP REST API while using an access token provided by WP OAuth Server.

Things Needed

Things to Know

This article is going to use the following Client ID and Secret for demonstration. You will need to create your own client in WP OAuth Server and use the credentials it provides.

Client ID = 6lkmsGocFcvxVG4S5s3QCHGi5Pvutl8AHtXaalmP
Client Secret = yRntyrmDTquw7bOd0kHuFQ5mj2wtnSjVKGpi8MW2

Obtaining an Access Token

Configuring Postman to connect to your WordPress website is the first step in gaining an access token.

  1. Set the method to “POST“.
  2. Enter your website URL along with “/oauth/token/“. Example:
  3. Click on the “Authorization” tab and select “Basic Auth” from the drop-down.  Use the client id as the username and client secret as the password and click “Update Request“. This will add a header to the request. Alternatively, to sending a Basic Auth header, you can pass “client_id” and “client_secret” as body parameters.
  4. Click on the “Body” tab and choose “x-www-form-urlencoded” in the radio button selection.
  5. Add “grant_type” as key and “password” as the value.
  6. Add “username” as key and “your username for WP” as the value.
  7. Add “password” as key and “your password for the username in WP”.
  8. Click “Send“.

The return from WP OAuth Server will be JSON. It will include a response and a header code with 200 OK or 401 Unauthorized

Common Results

200 OK
    "access_token": "hc47cwtq93doxjs88o3ranb6xcoitqniqysg9peg",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "basic",
    "refresh_token": "mpzsqvseoxppm93qyahcfcwkbri0w71s4nxsclnz"
401 Unauthorized
  "error": "invalid_grant",
  "error_description": "Invalid username and password combination"

If all goes well, Postman will display JSON that has been returned from the OAuth Server. The JSON contains an access token. In this walkthrough, we only want to access_token.

Make WP REST API Request

If you’re not sure how to use WP REST API, visit For this step, we will use a GET request for post revisions. This request requires that the user is authenticated. Since we have the access_token for a user, we can use the access_token as a means of authentication.

We will use the endpoint that WP REST API calls for to perform a request but we will also append the parameter “access_token” to the request. The value of the access token will be was we copied earlier from Postman. Appending the access_token parameter to any WP REST API call should authenticate the request and allow the request to be made.

GET /posts/{post id}/revisions?access_token=xxxxxx


  • The Grant Type “Client Credentials” will not work with WP JSON API.


I have provided an export for postman that will setup the basics using user credentials grant type. You can download the example using the following link.

WP OAuth Request Postman Export.