Use Postman to Work with Headless Identity APIs

Now that you configured org-wide settings, Experience Cloud settings, and a connected app, you can configure and test out the headless identity flows. To make this process easier, we provide Postman examples that are customized for this example single-page app implementation. Use these examples to walk through the flows for headless registration, headless login, and headless password reset. The collection also contains examples for calling the User Info endpoint and logging out a user.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Enterprise, Unlimited, and Developer Editions

For simplicity, these examples don’t use the OAuth 2.0 Proof Key for Code Exchange (PKCE) extension. For security, we strongly recommend that you always use PKCE when configuring these flows with public clients.

Note

The examples in this collection are divided into four sections, each with examples representing key steps in the flow.

  • Headless Registration Flow—This section contains three examples.
    • Registration - Initialize—Send a registration request to Headless Registration API.
    • Registration - Authorize—Send an authorization request to Headless Login API.
    • Registration - Token Exchange—Send an access token request to the token endpoint.
  • Headless Login via the Authorization Code and Credentials Flow—This section contains two examples.
    • Username Password Login - Authorize—Send an authorization request to Headless Login API.
    • Username Password Login - Token Exchange—Send an access token request to the token endpoint.
  • Confirming a successful login by calling the User Info endpoint—This section contains one example. You can use it to confirm the success of headless registration and headless login.
    • Get User Info—Send a request to the User Info endpoint.
  • Forgot Password Flow—This section contains two examples.
    • Forgot Password - Initialize—Send the initial password reset request to Headless Forgot Password API.
    • Forgot Password - Change Password—Finish changing the password. with another request to Headless Forgot Password API.
  • Logging out the user by revoking the access token—This section contains one example. You can use it to revoke the access token you get during headless registration and headless login.
    • Revoke Token—Send a request to the token revocation endpoint.