and there and welcome to the short tutorial where I will show you how you can test an or two authorization flow using Osman for this example I will be using the imager API but this would be valid for any other application implementing this authorization flow so just to be clear we'll be talking about also authorization code grant flow and this is a quite widespread way of authorizing using oauth2 and all the major providers like Facebook and Google are using the dollar time and probably you're quite accustomed to it but let me shortly explain you what's actually happening there what is happening is that the application we are in will be getting you to the authorization server and will be providing on a redirection URL on the authorization server the user will probably authenticate given its username and password or whatever authentication mechanism is there and if it's only authenticated we'll just say like this application is trying to access some information from your account do you agree with that and usually say yes and then that vacation will get an authorization code this authorization code it will go to the authorization server and request an access token with that access token it will be possible to access other protected resources for example let's say the application want to access your profile and with that exit token we'll get all the profile information this means or all the proper information it has access to okay so let's have a look on how this looks in postman let's assume I'm trying to access this endpoint and if I submit the hand button I will get an error this is the endpoint which requires our dedication they haven't provided any authentication formation yet and it doesn't meet any username and password but it needs an all-too token to be able to provide with the information of that so postman can deal with that quite easily and I'm just going to open a new tab here and demonstrate that and hearing the authorization tab and you select off to you'll see that you have the possibility of getting a new token and I'll call now click this button and a window will pop up and of course you'll see here a lot of information and wondering but what is everything here the way it usually works is that you need to register your application to be able to get a client ID and client secret and with this information you can then request the authorization code so let's cut back to imager and register our application now as you can see I have the possibility here to register early application and Wireless this looks similar across other platforms as well so let's call this postman test and I'm going to select Auto authorization with a callback URL and as you saw ready in postman we have to give this callback URL I'm going to copy that and type in my community power robot I'm going to submit and basically get information regarding your application so you can see here I got two secrets so I have a client ID and a client secret and this is the kind of information you don't want to make a law publicly available so the first step of the process is already there let's go ahead and put this information in postman so the client ID is this one the climate secret is this one and another two URLs so one of one of them is the authentication URL basically the URL where the user will get asked to log into its account and give permission to our application kondañña paste in the authorized URL and akkad alter ization was successful and application in this case postman gets an authorization code then it will make a second call to this to this token URL where to request the new access token so for imager the token URL this one but of course depending on the application dependent reservations your weight will provide our endpoints Wow so what we'll have to do is request the token oh and a window like this will pop up you can see an application would like to connect to your account and except here the application is post and test and of course I will give here my username and password and I'm going to click here on allow or not allow in the postman application to access this information now as you can see here I have an existing token and this is the token mirror type token and it has an expiration and additionally I have a refresh token as well but that actually this tutorial will interesting to get to Texas now I have the possibility of adding this token to the header or I can do that manually so if I'm going to do it manually it will look like this I'm going to two others and should be an authorization patter and the mirror type and I'm going to get this bag I want to make it's called verification you will see that dr. ization was successful at the last 200 use any data but everything worked out well promoter education standpoint first are giving the wrong token here we'll say X is to provide is invalid of course not work so this is a very quick way to get you have been running on this one if you want to edit to the header you can just use header so select I talked to Heather in October and then it would be added to the header as well for this request it really depends how you would like to use it there are some applications which allow you to just get it in the URL and it will just be a get parameter in the URL so as you saw using posting can be quite useful because it allows you to test the or through authorization without writing a single client code hope you enjoyed this tutorial if yes give it a thumbs up if you have any questions just leave a comment below and make sure you check the description for additional tips you threw at another tutorial