Skip to main content

Test with a Postman collection

Use the Postman collection to run and explore Commerce APIs. The collection includes the relevant types of requests for each endpoint, including create, read, update, and delete.


  • Ensure that the Postman client is installed.

  • Ensure that you have downloaded the latest Postman collection and environment from the following links:


  1. In Commerce Manager, go to SYSTEM > Application Keys.

  2. Click Create New to create a new application key. See Creating an Application Key.

    Make a note of the following values:

    • Client ID
    • Client secret
    • API base URL

    The Client secret is only shown to you at this time. Copy and keep it somewhere safe and secure. Do not share it.

  3. Go to Postman client on your system and import the Commerce Postman Collection.

  4. Import the Environment file.

  5. Update the values of the following environment variables with the values copied from Commerce Manager.

    • client_id
    • client_secret
  6. The Postman collection contains the following environment variables. Elastic Path supports multiple regions and each region has a unique hostname and base URL for API requests. Each Commerce store is assigned to a specific region, so all API requests related to the store must be made to the API base URL for its assigned region. You may need to change the Postman collection environment variables depending on your regional URL.

    Environment VariableDescriptionInitial ValueCurrent Value
    baseUrlUsed for most API calls. your store's API Base URL is, replace with
    authUrlUsed for authentication requests.https://useast.api.elasticpath.comIf your store's API Base URL is, replace with
    pcmUrlUsed for Product Experience Manager calls. your store's API Base URL is, replace with
  7. In Postman, open the authentication folder and run the Get client credentials token or the Get implicit token request.

  8. Click Send.

    Authentication for the current session is done, and an access token is returned. You can now test the rest of your API endpoints in your Postman collection. An access token is valid for an hour, you must authenticate the session and get new tokens every time the access token expires. For more information about authentication permissions, see Client credential token and Implicit token.