Authentication Guide
Welcome to the Tribe CRM API tutorial series! This first tutorial guides you through setting up your Postman environment to interact with the Tribe CRM API. Once configured, you'll be ready to explore all the powerful features available.
Step 1.1 — Get an Access Token
An access token is a secure credential that proves your application has permission to access the Tribe CRM API. Think of it like a temporary keycard that grants you entry to protected resources.
When you make API calls to Tribe CRM, you need to include this access token in the Authorization header of every request.
/oauth2/tokenContent-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id={{client_id}}
&client_secret={{client_secret}}
Store the returned access_token value in your Postman environment as {{access_token}}.
Step 1.2 — Make Your First API Call
Now that you have an access token, it's time to put it to use! This request retrieves information about the currently logged-in user.
/v1/odata/GetCurrentEmployee()?$expand=PersonThis call retrieves details about your virtual user, including their linked Person record via $expand. See Identity & Environment for the companion call that resolves your own organisation.
Step 1.3 — Automate Token Refresh (Optional)
If you're going to be working in Postman frequently, here's a tip to simplify refreshing your access token.
Every once in a while, your token will expire and you'll need to fetch a new one. Instead of copy-pasting values manually, you can use a Postman pre-request script that automatically requests a new token before each call.
curl -X POST https://{authorization_server}/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id={client_id}" \
-d "client_secret={client_secret}"
The response will contain an access_token you can reuse until it expires:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5...",
"token_type": "bearer",
"expires_in": 3600
}