step 3 / 6

Get an authorization code

The authentication of CLP API calls is secured with JWT Tokens which are generated from IdentityServer. To be able to obtain this token for your requests, you need to setup your API request call client. You can find the Postman setup example as follows:


Configure your Environments in Postman as follows:


Select ‘Manage Environments’ from the upper right corner on the main window, as shown below

Postman tool screen


Add a new Environment

Postman tool screen


Enter your Environment values as shown below. Please pay attention to the URLs entered: 
In the Environments, the URLs should be formatted as

Postman tool screen


Please select the Environment you configured in the main window.

Enter {{indentity_server_url}}/connect/token as URL in the main window.


Select Authorization tab in the main window, and select ‘Basic Auth’ as Type.


Enter your Username(client_id) and Password(client_secret). Then select “Save helper data to request” checkbox as shown below:

Postman tool screen


When you click on ‘Update Request’ button, you should be able to see the “Headers” tab is filled in, as shown below:

Postman tool screen


In order not to copy the Access Token every time it is requested, you can use our custom solution:

tests[“Status code is 200”] = responseCode.code === 200;
var jsonData = JSON.parse(responseBody);
tests[“Access token isset”] = jsonData.access_token !== undefined;
postman.setEnvironmentVariable(“at”, jsonData.access_token);

Postman tool screen

This code piece will fill in the {{at}} environmental value you initially left blank, with the returning result.


Please go to the Body tab in the main window, and select the request format as x-www-form-urlencoded and insert key-value pairs as shown below:

Postman tool screen


When you click on the Send button, you will receive the following reply:

    “access_token”: “access token 
     “expires_in”: 3600,
     “token_type”: “Bearer”


access_token: used to authenticate this user in all API calls
expires_in: expiry time of the access token in seconds

Whenever the access token is expired, request for a new one from the same endpoint.

is now called

With the acquisition of Clay by SALTO Systems, our journey continues under the name of SALTO KS (Keys as a Service) with a new website.

Make sure to stay close by following us on LinkedIn and Instagram and of course on our company blog.