Creating initial refresh token in Postman

I’m trying to connect a database system to Square with the API. And I haven’t been able to translate the documentation examples of how to obtain the initial refresh token over to Postman. Everything seems to reference web or mobile apps and I don’t have either.

The problem is Postman is needing 3 different URLs in order to get the token and refresh token. A ‘callback url’, ‘auth url’, and ‘access token url’.

I really have no idea what to use for those. Intuit has a couple of URLs that can be used in Postman to get QuickBook tokens instead of using my own.

Are there similar URLs for Square that can be used in Postman?

QuickBooks access token url: xxxx://oauth.platform.intuit.com/oauth2/v1/tokenbearer
QuickBooks auth url: xxxx://appcenter.intuit.com/connect/oauth2
QuickBooks callback url: xxxx://www.getpostman.com/oauth2/callback

I’ve tried using the default Postman callback URL: xxxx://oauth.pstmn.io/v1/browser-callback

with this URL from one of the examples as the auth or access token url:
xxxx://connect.squareup.com/oauth2/authorize?client_id=xxxxx&scope=CUSTOMERS_WRITE+CUSTOMERS_READ&session=False&state=82201xxxxxxxx

But I have no idea if that is correct or what the 3rd url would be if it is correct.

Any help sure would be appreciated. I keep going through all of the documentation and just can’t figure out to get the very first refresh token in Postman. Looks like everything is pretty straightforward once that initial refresh token is generated.

(Had to X out the HTTPS in the URLs.)

:wave: If you are going to use Postman to call ObtainToken you will need to first get the code which is the authorization code to exchange. This is required if grant_type is set to authorization_code , to indicate that the application wants to exchange an authorization code for an OAuth access token. You will get this in the callback URL from authorization using:

xxxx://connect.squareup.com/oauth2/authorize?client_id=xxxxx&scope=CUSTOMERS_WRITE+CUSTOMERS_READ&session=False&state=82201xxxxxxxx

Once you have the code you can call ObtainToken in Postman with the following body which will return the access_token and refresh_token:

{
    "client_id": "{{client_id}}",
    "client_secret": "{{client_secret}}",
    "code": "CODE_FROM_AUTHORIZE", 
    "grant_type": "authorization_code"
}

Thanks Bryan! That worked.

I had seen that option for the authorization code for ObtainToken, but I wasn’t sure how to get the code.

I had also gone to that authorization link, logged into my account, and clicked the ‘Allow’ button. But, it would only show a confirmation screen with no code on it. I looked at the URL and it was showing the Postman callback address, so I kept thinking the I needed a new callback URL.

I tried it again after you told me where to get the code and then I finally saw the code was buried in the URL of that confirmation page. Copied it, pasted it into ObtainToken, and now I have the refresh token.

It was there all along. I just didn’t know where to look for it. So thanks for pointing me in right direction. I will certainly remember this the next time I have to deal with an API with tokens.

Glad to hear that you found the code and got it to work. Please feel free to reach out if you have any additional questions. We’re always happy to help. :slightly_smiling_face: