Postman is a great tool for testing and using the Marketo API. It becomes even more powerful when you use environments to store information for variables, including the authentication token. Doing this will mean you will no longer have to keep going back to Launchpoint to get your token and can easily refresh the token when it expires after an hour.

Create a Postman Environment

The first thing you need to do is create a Postman environment. This is where we will store different pieces of information. The cool thing about this is you can have many different environments so if you have a production instance and a sandbox, you can create two separate environments and just switch between them when making calls. 

In Postman, click the new button on the left panel and on the next screen, select  “Environment’

Next we will set up four variables. You can add as many as you like or name them what you want but here is what I use

  • munchkin
  • client_id
  • client_secret
  • auth

Now we will add values to the ‘CURRENT VALUE’ field in our environment. It should be pretty self explanatory but you will need to add you Munchkin ID to the munchkin variable, the client id and client secret from your launchpoint service to the corresponding variables. You can leave auth empty right now as we will get from the response from the get authentication endpoint call. 

Get the Authentication Token

With your newly created environment selected in the dropdown menu, we are going to use the identify controller endpoint and some JavaScript to get our token. In Postman, we can use a GET and the url should look like this


You’ll notice we are already using the client id and secret that we just created.

On the Tests tab, you will need to paste in this little snippet of code, which will take the value from the access_token in the JSON response and add it to the auth field in our variables. The click send.

var jsonData = JSON.parse(responseBody);
pm.environment.set("Bearer Token", jsonData.access_token);

If you go back to your environment, you will see that the access_token from your call has been added to the ‘auth’ field. 

Using the Auth Variable in Other Calls

We can now use that auth token in the token field for all of our calls. This means we will always have the latest authentication token. Even when it expires after an hour, we just have to back to that GET authentication call from above and it will reset and add the newest token to that field.