Sitefinity Web Services in PostMan

Jul 26, 2018

With the release of the REST API for Sitefinity based on ODATA, Progress made it quite easy to work with Sitefinity instances from anywhere like Windows Apps, external web sites, Xamarin Mobile apps, NativeScript apps, etc...
It is a much less verbose API than the WCF one still currently available in the product and used in the backend.

But before you go ahead and try the ODATA based REST API on a web site or a mobile app, you might want to take it for quick ride around the block and there are many tools that will allow you to test REST API calls including Fiddler, SoapUI, PostMan and many others...

In this blog, we will take a look at what it would take to get PostMan to work with the Sitefinity ODATA based REST API.

First you might want to download the Free PostMan app from here

Then, we will need to set the Authentication in Sitefinity.  Head on over to the backend of your Sitefinity instance and choose Administartion >>Settings >>Advanced >>Authentication
Expand the "SecurityTokenService" node and the "IdentityServer" node
Under "Clients", create a new client, call it whatever you want, in my case here, I called it "linoapp".
Set the ClientID, enable it, and pick "ResourceOwner" for the Client Flow.
For now, set the "Allow access to all scopes" to true (You can tighten this up later on for production)

Nothing else needs to change for the rest of the configuration items on that page.  Save the changes.

Expand the newly created node for "linoapp" and set the "client secret" to whatever you would like, I chose "secretmagic" as my secret value.


Now let's head to PostMan and try to invoke an API to retrieve all the News Items in the Sitefinity instance

 Unfortunately, you will get "The current user is not allowed access" error as you can see above when you issue a GET command with the URL "http://<your site>/api/default/newsitems
The reason is the fact that Web services in set to be accessible by administrators only as the default.  You can change that in the backend to allow everyone access or authenticated users if you wish.

So first, let's fix the problem the easy way, head to the backend and change the accessibility to "Everyone"

Now if we go back to PostMan and execute the GET command again as is, we will get all NewsItems in Sitefinity back in JSON format.


To test it with authentication, let's change it back to "Administrators Only" or "Authenticated Users"
Now we have to request a TOKEN from Sitefinity first to establish an authorization mechanism 

To do that, in PostMan issue a POST command first to the following URL http://<yoursite>/Sitefinity/Authenticate/OpenID/Connect/Token passing in the following keys:

  • username
  • password
  • grant_type
  • scope
  • client_id
  • client_secret

You will get a response that include the Access Token value, expires in 3600 seconds and the type of the token is "Bearer"

So now if I want to issue a GET on the NewsItems that is protected by Administrators only or authenticated Users Only, I would go back to the GET command in PostMan and issue the command but this time I will need to pass the Access Token in the header with the "Bearer" string before it like in the image below


Executing this GET with the authorization Token within 1 hour of issuance will result of the entire JSON packet of all NewsItems to be returned.

I hope this post helps you getting started with testing your Sitefinity REST APIs and thank you to Peter Filipov for his continuous help and support and his excellent work on his blog for this subject.


Load more reviews
You've already submitted a review for this item

Copyright © 2020 Alain "Lino" Tadros
Using Sitefinity 12.1.7100