With the release of the REST API for Sitefinity based on ODATA, Progress made it quite easy to work with Sitefinity instances from anywhere like Windows Apps, external web sites, Xamarin Mobile apps, NativeScript apps, etc...
It is a much less verbose API than the WCF one still currently available in the product and used in the backend.
But before you go ahead and try the ODATA based REST API on a web site or a mobile app, you might want to take it for quick ride around the block and there are many tools that will allow you to test REST API calls including Fiddler, SoapUI, PostMan and many others...
In this blog, we will take a look at what it would take to get PostMan to work with the Sitefinity ODATA based REST API.
First you might want to download the Free PostMan app from here
Then, we will need to set the Authentication in Sitefinity. Head on over to the backend of your Sitefinity instance and choose Administartion >>Settings >>Advanced >>Authentication
Expand the "SecurityTokenService" node and the "IdentityServer" node
Under "Clients", create a new client, call it whatever you want, in my case here, I called it "linoapp".
Set the ClientID, enable it, and pick "ResourceOwner" for the Client Flow.
For now, set the "Allow access to all scopes" to true (You can tighten this up later on for production)
Nothing else needs to change for the rest of the configuration items on that page. Save the changes.
Expand the newly created node for "linoapp" and set the "client secret" to whatever you would like, I chose "secretmagic" as my secret value.
Now let's head to PostMan and try to invoke an API to retrieve all the News Items in the Sitefinity instance
Unfortunately, you will get "The current user is not allowed access" error as you can see above when you issue a GET command with the URL "http://<your site>/api/default/newsitems
The reason is the fact that Web services in set to be accessible by administrators only as the default. You can change that in the backend to allow everyone access or authenticated users if you wish.
So first, let's fix the problem the easy way, head to the backend and change the accessibility to "Everyone"
Now if we go back to PostMan and execute the GET command again as is, we will get all NewsItems in Sitefinity back in JSON format.
To test it with authentication, let's change it back to "Administrators Only" or "Authenticated Users"
Now we have to request a TOKEN from Sitefinity first to establish an authorization mechanism
To do that, in PostMan issue a POST command first to the following URL http://<yoursite>/Sitefinity/Authenticate/OpenID/Connect/Token passing in the following keys: