How to get Oauth access token and retrieve data from Google APIs using Postman

Francislainy Campos
HMH Engineering
Published in
4 min readNov 11, 2021

We have been working with the Google Classroom APIs and would like to share a bit of our findings on how to trigger these APIs using the Postman tool through curl requests.

Let’s first assume we have a list of Google Classroom courses. In order to retrieve this list we’ll want to authorize our user and for this we’ll need an Oauth2 access token. Let’s find out how to get that using the https://classroom.googleapis.com/v1/courses api for this specific tutorial.

Let’s start.

Set client details and retrieve access token from Postman UI

Set client details

Open Postman and paste the api we want to inspect under the bar and navigate to the Authorization tab.

Postman Get bar displaying the Google Classroom api address and the Authorization tab highlighted.

Now we’ll need the following details:

Auth URL: https://accounts.google.com/o/oauth2/auth

Access Token URL: https://accounts.google.com/o/oauth2/token

Client ID: Retrieved from the Google Console for your Google Classroom project or the credentials.json file that you may have set under your repository if you’re coding against this API.

Client Secret: Found under the same location as the client ID.

Client id and secret displayed under the Google Console Oauth pop up after the actions button is pressed
Client id and client secret displayed under the credentials.json file inside the code repository within IntelliJ

Scope: Permissions granted to access certain data. For the courses api we’ll need this scope: https://www.googleapis.com/auth/classroom.courses but for other apis you may need others or more.

Retrieve access token from Postman UI

Now you can generate a new access token by clicking the Get New Access Token button

Arrow pointing to Get new access token button
Pop up which is displayed while Postman is authenticating the user through the browser

This will then open a new window on your browser and once bypassed it will return an authorization token back to Postman

Choose Google account pop up
Open Postman confirmation pop up

Here you click the Use Token button

Click Use Token button highlighted
Postman authorization tab populated with access token

Now if we trigger our request we should be able to see the list of courses

List of Classroom courses retrieved

Retrieve token using Rest API

Okay, but up to now we got Postman generating the access token for us. What if we’d like to do this ourselves, still through Postman, but using a Rest API instead? Yes, we can do this, but we’ll need an authorization token first.

To get this we’ll need to format the below url with our client data and paste it on a browser.

https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code

It will look like something like this:

https://accounts.google.com/o/oauth2/auth?client_id=65020815735-mhm0ejh1uh42ikdm10r4.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.courses&response_type=code

Choose an account Google pop up
Continue button highlighted under Google pop up
Continue button highlighted

Our Authorization code should now be displayed

Authorization code displayed on browser and highlighted

We’ll then exchange the authorization code for a refresh token through the below api.

# Exchange Authorization code for an access token and a refresh token.

curl \
--request POST \
--data "code=[Authentication code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token

Here we already get the access token and refresh token.

Postman displaying access token and refresh token

However, the authorization code may change and if you don’t want to get through the whole browser process again, perhaps you may prefer to retrieve the access token based on the refresh token only. If that’s the case, you can copy the refresh token you just got (which shouldn’t change) and from now on, you can get the access token from the below api.

# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token

Once you add your own client data, it will give you something like this:

Access token retrieved from Postman

Perhaps important to know this:

It’s said Google has changed the Access Token URL: https://accounts.google.com/o/oauth2/token. It’s now: https://oauth2.googleapis.com/token. However, at the time of this writing both urls work okay for what we’re trying to do.

That’s it for today.

Thank you for reading this article and I hope you’ve found it useful.

References

Google classroom API documentation: https://developers.google.com/classroom

Stack Overflow posts: get google Oauth2 access token using ONLY curl and Using Postman to access OAuth 2.0 Google APIs.

OpenId connect: https://developers.google.com/identity/protocols/oauth2/openid-connect

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Published in HMH Engineering

HMH Engineering builds fantastic software to meet the challenges facing teachers and learners. We enable and support a wide range of next-generation learning experiences, designing and building apps and services used daily by millions of students and educators across the USA.

Written by Francislainy Campos

I like coding, cycling, K-Pop (girl groups), Pokémon and chocolate.

No responses yet

What are your thoughts?