Making your first API v3 call with POSTMAN
Postman allows you to easily test all the API endpoints without developing and coding, making it an ideal tool for both beginners and experienced developers. With its intuitive user interface, you can quickly send requests, analyze responses, and debug issues in real time. You can download our Postman collection here.
In this tutorial, we will cover:
JWT introduction, definition
Generation of your own token
Setting up the Postman app
Input the JWT token to the Postman app
Create a template using Postman - your first API call
Merge a template with your JSON data using Postman
JSON Web Tokens are composed of three sections: a header, a payload (containing a claim set), and a signature. The header and payload are JSON objects, which are serialized to UTF-8 bytes, then encoded using base64url encoding.
The JWT's header, payload, and signature are concatenated with periods (.). As a result, a JWT typically takes the following form:
Property "alg" defines which signing algorithm is being used. PDF Generator API users HS256. Property "typ" defines the type of token and it is always JWT.
The second part of the token is the payload, which contains the claims or the pieces of information being passed about the user and any metadata required. It is mandatory to specify the following claims:
issuer (iss): Your API key
subject (sub): Workspace identifier (your email address)
You can find your API key and API secret on the Settings page in your PDF Generator API account.
You can also specify the token expiration time (exp) which is a timestamp in seconds since the Epoch (unix epoch time).
It is highly recommended to set the "exp" timestamp for a short period, i.e. a matter of seconds. This way, if a token is intercepted or shared, the token will only be valid for a short period of time.
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. The signature is used to verify the message wasn't changed along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.
The output is three Base64-URL strings separated by dots. The following shows a JWT that has the previous header and payload encoded, and it is signed with a secret.
In the jwt.io it should looks like this:
In case you would like to learn more about the background of the JWT or get more inputs how you can use it, you can visit jwt.io website.
You can create a temporary token on the Settings page in your PDF Generator API account. The generated token uses your email address as the subject (sub) value and is valid for 15 minutes.
These test tokens should never be used in production applications.
You can download Postman collection for PDF Generator API here.
After the import, in the left sidebar, you should be able to see the list of 11 different requests, copying the logic in our API documentation.
After the request is send, the ID of your template is returned back via the JSON file. Hooray, your first successful API call!
Merges template with data and returns a public URL to a document. You should send the JSON encoded data in the request body as the data parameter. After the request is send, the URL for the generated document is returned. You can read more about all the parameters in our API documentation.
Common use-cases of the Expression language
Header & Footer Component
What is the difference between master and regular user?
In this tutorial, we will cover:
JWT introduction, definition
Generation of your own token
Setting up the Postman app
Input the JWT token to the Postman app
Create a template using Postman - your first API call
Merge a template with your JSON data using Postman
JWT introduction, definition
JSON Web Tokens are composed of three sections: a header, a payload (containing a claim set), and a signature. The header and payload are JSON objects, which are serialized to UTF-8 bytes, then encoded using base64url encoding.
The JWT's header, payload, and signature are concatenated with periods (.). As a result, a JWT typically takes the following form:
{Base64url encoded header}.{Base64url encoded payload}.{Base64url encoded signature}Generation of your own token
Header
Property "alg" defines which signing algorithm is being used. PDF Generator API users HS256. Property "typ" defines the type of token and it is always JWT.
{
"alg": "HS256",
"typ": "JWT"
}Payload
The second part of the token is the payload, which contains the claims or the pieces of information being passed about the user and any metadata required. It is mandatory to specify the following claims:
issuer (iss): Your API key
subject (sub): Workspace identifier (your email address)
You can find your API key and API secret on the Settings page in your PDF Generator API account.
You can also specify the token expiration time (exp) which is a timestamp in seconds since the Epoch (unix epoch time).
It is highly recommended to set the "exp" timestamp for a short period, i.e. a matter of seconds. This way, if a token is intercepted or shared, the token will only be valid for a short period of time.
{
"iss": "ad54aaff89ffdfeff178bb8a8f359b29fcb20edb56250b9f584aa2cb0162ed4a",
"sub": "demo.example@actualreports.com",
"exp": 1586112639
}Signature
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. The signature is used to verify the message wasn't changed along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
API_SECRET)Putting all together
The output is three Base64-URL strings separated by dots. The following shows a JWT that has the previous header and payload encoded, and it is signed with a secret.
In the jwt.io it should looks like this:
In case you would like to learn more about the background of the JWT or get more inputs how you can use it, you can visit jwt.io website.
Generation of your own temporary token
You can create a temporary token on the Settings page in your PDF Generator API account. The generated token uses your email address as the subject (sub) value and is valid for 15 minutes.
These test tokens should never be used in production applications.
Setting up the Postman App
You can download Postman collection for PDF Generator API here.
After the import, in the left sidebar, you should be able to see the list of 11 different requests, copying the logic in our API documentation.
Input the JWT token to the Postman app
Create a template using Postman - your first API call
After the request is send, the ID of your template is returned back via the JSON file. Hooray, your first successful API call!
Merge a template with your JSON data using Postman
Merges template with data and returns a public URL to a document. You should send the JSON encoded data in the request body as the data parameter. After the request is send, the URL for the generated document is returned. You can read more about all the parameters in our API documentation.
Related articles you may find helpful
Common use-cases of the Expression language
Header & Footer Component
What is the difference between master and regular user?
Updated on: 04/02/2025
Thank you!