In this article we explain how to test Caspio REST API using Chrome REST Console. Note that for testing Caspio REST API, you can use other widely available utilities that can send custom https requests (for example, Fiddler, FireFox RESTClient add-on, etc.).
To use Rest API Resources (operations), client should first get authorized using Client ID/Secret pair that can be found on Caspio REST API profile page.
After authenticating successfully, user receives access/refresh token pair. The access token should be used in the authorization header of each resource/operation request.
Steps to Authenticate
- Define Target:
Insert your Token EndPoint URL, which is found on your REST API profile page, in the Request URL box.
Request Method: POST
- Define Body:
Insert the following in the RAW Body:
grant_type=client_credentials&client_id=<Client Key>&client_secret=<Client Secret>
Replace Client Key and Client Secret obtained from your REST API profile page.
- Click on POST and you will get the access and refresh token.
You are now authorized successfully.
Steps to run Operations
- Define Target
Insert your Resource EndPoint URL, which can be found in your REST API profile, followed by the operation name in the Request URL box. See list of Operations here.
For instance: https://yourdomain.caspio.com/rest/v1/tables
Request Method: GET
- Authorization Header
To run any operation, input the access token obtained from the authentication step to the Authorization header in the following format:
Bearer <access token value>
- Click on GET and you will see the list of tables in the Response Body.
By default, tokens expiration times are 1 day for access token and 1 year for refresh token.
After access token expires, 401 Unauthorized status code is returned and the client should refresh the access token using the following refresh token request:
POST / Your Token Endpoint from REST API profile
Authorization: Basic <Basic authentication realm>
Body: grant_type=refresh_token&refresh_token=<refresh token value>
Basic authentication realm is a code generated automatically when you use Basic Authentication with your Client ID and Client Secret pair as username and password respectively seen below.
Refresh token expires in one year. After refresh tokens expire, 401 Unauthorized status code will be returned and the client should re-authenticate using Client Key/Secret pair.
Please note: This article uses third-party testing tools. Use these tools or extensions at your own risk. Caspio does not support and guarantee the security of these tools.