Accessing the Public API through Postman

How to use Postman in order to query Delve's Public API and get a list of vulnerabilities matching a certain query criteria.

If you need to consume Delve's public OpenAPI-compatible API with Postman, this quick howto will guide you through the steps necessary to configure the Postman desktop application to access Delve's data through OAUTH2 authentication mechanism.

Step-by-step guide

Create a Public API Client in Delve

Follow the appropriate User Guide Section on Creating Public API Clients.

⚠️ For Postman, do use as a redirect URI.

Configure Postman and get a request token from the previously obtained authorization token

Start Postman and click on the "Import" button, Postman will ask for an API definition file. Direct it to your instance's API definition file, located at https://<INSTANCE>




Once the API instance has been added to Postman, it will be present in the left panel under the name that was given at import time.

You can then right-click on the API instance and choose "edit" from the dropdown menu, to configure the API authentication mechanisms.




From the "Edit Collection" window that appears, navigate to the "Authorization" section.




From the "Type" dropdown in the left side of the window, choose "OAuth 2.0" to have the token value on the right.




In the right pane click on the "Get New Access Token" button, and use the following parameters to fill in the missing info:

Token Name: Choose a name for this token.

Grant Type: Authorization Code

Callback URL:

Auth URL: https://<YOUR_INSTANCE>

Access TOken URL: https://<YOUR_INSTANCE>

Client ID: The <CLIENT_ID> received previously.

Client Secret: The <CLIENT_SECRET> received previously.

Scope: read_only OR full_access (should match what you used in the Client ID creation interface)

State: Leave empty.

Client Authentication: leave untouched (Send as Basic Auth Bearer).




Once you click on the "Request Token" button you will be redirected to Delve's login page, where you can use the applicative user's login information to grant access to the API user.




Once the authorization has been given, you will be redirected to a confirmation screen that shows the token characteristics.




After having clicked on the "Use Token", you will be taken back to the "Edit Collection" menu, where the token will now be visible on the right part of the screen.

Make sure to select the right token in the "Access Token" field, otherwise your requests might be denied with a 400 error.



After having clicked on "Update", the collection that was previously created can now run the requests through the API.

Navigate in the collection to the request of your choosing, and use the "Send" button to see Postman execute the API request and get the response.