Also see https://docs.getwhiplash.com/pages/authentication-for-the-v2-api and https://docs.getwhiplash.com/pages/v2-api-oauth2-examples if you want to Auth without Postman.
We've made a Postman collection that demonstrates many of the actions you can perform in the Whiplash v2 API. Using this guide, you'll be able to quickly navigate the Whiplash OAuth scheme for authorization, and see the results of real calls.
1. Request access
The V2 API is available by request only. Fill out the Whiplash V2 API Request Form.
2. Install Postman
Postman is available as free download. If you don't have it already, download Postman.
3. Import the Collection
The Whiplash V2 Collection is available at https://www.getpostman.com/collections/fcb13a447f21ace8245c
4. Set your environment variables
A.) You can use the existing environmental variables for the sandbox environment or set up your own environment in step B below:
B.) You'll need to set a few variables in Postman that are specific to your application. Create a new environment, e.g. Whipash Development or Whiplash Production, and set the following variables:
OAUTH_REDIRECT_URI. This is where you'll receive an authorization token, and should be the same address you gave us in Step 1.
CLIENT_ID. You'll have received this from us in Step 1.
There are additional variables that can optionally be used if your application has multiple customers per user, or multiple webstores:
Environmental variables are accessed in the upper right side of Postman:
5. OAuth Request for Authorization
Your first request via Postman will require web authentication. Click the authentication tab, then click the link on the right:
You should see:
6. OAuth Request for Token
Select get new access token:
Here will we be using the variables we set up in step 4. You will get a browser window pop up. Login to Whiplash Sandbox using your Sandbox credentials
After you login, you will see the access token screen.
Make sure you select Use Token and Update on this page.
When your token expires, you just need to refresh the token, but you do not need to web authenticate again. The token flow can be found under the top level collection > edit:
7. Test the endpoints
You'll now be able to perform most actions in the API. Get Items is a good starting point, as well as Get Orders, Create Item, and Create Order. Note that the Access Token from Step 6 expires every two hours. Use the Refresh OAuth Token endpoint to get a new token, which Postman will automatically use in your requests.
Fig 1. Import the Collection into Postman
Fig 2. The imported Whiplash V2 Collection
Fig 3. Setting the environment variables
Fig 4. Request Authorization