Getting the Authorization Code - Platform - Foundation 24.1 - Foundation 24.1 - Ready - Hyland RPA - external - Hyland-RPA/Platform/Foundation-24.1/Hyland-RPA-Platform/General-Information/Direct-API-requests-with-Postman/Getting-the-Authorization-Code - 2025-04-03

Hyland RPA Platform
Platform
Hyland RPA
Product
Platform
Release
Foundation 24.1
License
To get the authorization code:
  1. In the Collections tree, right-click New Collection and then select Add Request.
  2. In the name field, enter thew following, replacing {api_name} with the API you are targeting: 
    Get {api_name} Authorization Code
  3. From the drop-down list, select GET.
  4. In the Enter request URL field, enter the following, replacing {domain_name} with your environment's domain name: 
    https://{domain_name}/identity/connect/authorize
  5. On the Params tab, add the following key/value pairs to the query params:
    • response_type: code
    • state: Leave this value empty.
    • client_id: API Client’s ID. The ID can be found in the API’s appsettings.json file at the following locations:
      • Heart Client ID 
        HeartServer:Swagger:ClientId
      • Identity Client ID 
        IdentityServer:Swagger:ClientId
      • Repository Client ID 
        RepositoryServer:Swagger:ClientId
      • Policy Client ID 
        PolicyServer:Swagger:ClientId
      • Analytics Client ID 
        Swagger:ClientId
    • scope: API Scopes the user has access to. Note that the scopes change based on API.
      • Heart 
        heart:group heart:process heart:application heart:conductor heart:conductorSettings heart:agent heart:error heart:task heart:credentials heart:dictionary heart:activity heart:audit
      • Identity 
        identity:management identity:profile identity:key identity:scope identity:audit
      • Repository 
        repository:document repository:category repository:type repository:audit
      • Policy 
        policy:server policy:management policy:application policy:audit
      • Analytics 
        analytics:agent analytics:process analytics:conductor analytics:task
    • redirect_uri: https://{domain_name}/{api_name}/swagger/oauth2-redirect.html.
      Note: Replace {domain_name} with your environment's domain name and {api_name} with the api you are targeting (heart, identity, repository, policy, analytics).
    • code_challenge_method: S256
    • code_challenge: {{code_challenge}}
  6. On the Tests tab, as the Tests body, enter the following: 
    pm.test("Status code is 302", function () { pm.response.to.have.status(302); }); 
var redirectUrl = pm.response.headers.get("Location"); 
var redirectParams = redirectUrl.split('?')[1].split('&'); 
function containsCode(param) { return param.includes("code"); } 
var authCodeParam = redirectParams.find(containsCode); 
var authCode = authCodeParam.split('=')[1]; 
pm.collectionVariables.set("code", authCode);
  7. On the Pre-request Script tab, as the Pre-request Script body enter the following: 
    var randUuid1 = pm.variables.replaceIn('{{$randomUUID}}'); 
var randUuid2 = pm.variables.replaceIn('{{$randomUUID}}'); 
var code_verifier = randUuid1 + '-' + randUuid2; 
pm.collectionVariables.set("code_verifier", code_verifier); 
var hash = CryptoJS.SHA256(code_verifier); 
var code_challenge = hash.toString(CryptoJS.enc.Base64); 
code_challenge = code_challenge.split('=')[0]; 
code_challenge = code_challenge.replace(/\+/g, '-'); 
code_challenge = code_challenge.replace(/\//g, '_');  
pm.collectionVariables.set("code_challenge", code_challenge);
  8. On the Settings tab, disable Automatically follow redirects.
  9. Click Send.
  10. Verify that the status code is 302.
  11. Click Save.