How To Get an AppToApp Token?

  1. Open Postman. In this example the following version is used v7.23.0.
  2. Go to “Preferences” in the main navigation and select “certificates” tab.
  • Postman’s native apps provide a way to view and set SSL certificates on a per domain basis.
  1. To manage your client certificates, click the wrench icon on the right side of the header toolbar, choose “Settings”, and select the Certificates tab.
apigo postman settings
  1. To add a new client certificate, click the Add Certificate link.
apigo postman certificates
  1. In the Host field, enter the domain (without protocol) of the request URL for which you want to use the certificate, for example,
  2. You can also specify a custom port to associate with this domain in the Port field. This is optional. If left empty, the default HTTPS port (443) will be used.
  3. Choose your client certificate file in the CRT file field. Currently, Postman only supports the CRT format. Support for other formats (like PFX) will come soon.
apigo postman add certificate
  1. Choose your client certificate key file in the KEY file field.
  • If you used a passphrase while generating the client certificate, you’ll need to supply the passphrase in the Passphrase field. Otherwise, leave it blank.
  • Once your certificate is added, it should appear in the client certificates list.
apigo postman manage certificates


You should not have multiple certificates set for the same domain. If you have multiple ones set, only the last one added will be used.

  1. Add a body: customerId with the value of your API Key (ClientId)
apigo postman request body
  1. Run the request with the following result. auth_req_id is available in the response body.
apigo postman response body
  1. Test the request with the previous parameters.
  2. Open the Postman Console (Main Navigation –> View –> Show Postman console)
apigo postman console
  1. Re-run the request and see the results in the postman console to verification
  • If you make a request to a configured domain, the certificate will automatically be sent with the request, provided you make the request over HTTPS.
  • Use https to make sure the certificate is sent.