> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API testing using Postman

> Learn how to test Authsignal APIs using Postman.

This guide shows how to use Postman to test Authsignal APIs. In this tutorial we will track an action with the [Server API](/api-reference/server-api/overview), and then use the [Client API](/api-reference/client-api/overview) to send an [Email OTP](/authentication-methods/email/otp).

## Prerequisites

* An Authsignal tenant
* An authenticator configured (in this example we use [Email OTP](/authentication-methods/email/otp))

## Configuration

<Steps>
  <Step title="Import">
    Navigate to your Postman workspace and click **Import**
  </Step>

  <Step title="Enter URL">
    Enter the relevant OpenAPI specification URL in the import dialog.

    Links to OpenAPI specifications can be found in the relevant API reference overviews.

    For now, we will enter the URL for the Server API `https://docs.authsignal.com/server-api.json` and the Client API `https://docs.authsignal.com/client-api.json`.
  </Step>

  <Step title="Import">
    Choose **Postman Collection** to add to your existing Workspace.

    Click **Import**

    <img src="https://mintcdn.com/authsignal-23/Ygit-PAT34PbjDMM/images/docs/resources/postman/import-dialog.png?fit=max&auto=format&n=Ygit-PAT34PbjDMM&q=85&s=a014fc018b5bda37445e6f5588f9224a" alt="Importing a Postman Collection" width="1454" height="598" data-path="images/docs/resources/postman/import-dialog.png" />
  </Step>
</Steps>

## Server API

<Steps>
  <Step title="Set up variables - Server API">
    Double-click on the **Server API** collection.

    In the **Authorization** tab, enter your Server API secret from the <Link href="https://portal.authsignal.com/organisations/tenants/api"> Authsignal settings page </Link>.

    In the **Variables** tab, ensure the `baseUrl` matches the correct regional URL for your tenant's configuration.

    <img src="https://mintcdn.com/authsignal-23/bideJX5AgHd_GvEG/images/docs/resources/postman/signal-api-variables.png?fit=max&auto=format&n=bideJX5AgHd_GvEG&q=85&s=49a8872b37419743fa5ebf3de324d333" alt="Setting the base url variable in Postman" width="1702" height="566" data-path="images/docs/resources/postman/signal-api-variables.png" />
  </Step>

  <Step title="Set up your Track Action request">
    In the **Server API** workspace, select `users` -> `actions` -> `{action}` -> `Track Action`.

    Be sure to update the variables to match a relevant user ID and action code.

    For the purposes of this tutorial, use a random GUID as the `userId`, and `signIn` as your action code. The relevant values here may differ depending on your Authsignal Tenant's configuration.

    <img src="https://mintcdn.com/authsignal-23/bideJX5AgHd_GvEG/images/docs/resources/postman/track-action-variables.png?fit=max&auto=format&n=bideJX5AgHd_GvEG&q=85&s=818140126e5ec078935300e093c250ab" alt="Setting variables in the Track Action Request in Postman" width="1850" height="838" data-path="images/docs/resources/postman/track-action-variables.png" />
  </Step>

  <Step title="Execute request">
    Select **Send**.

    In the response body, make note of the `token` value in the response. We will use this in a moment to test the Client API.
  </Step>
</Steps>

## Client API

<Steps>
  <Step title="Set up variables - Client API">
    Now that we have a token generated by our track action call, next we will set up the Client API to simulate a front end application.

    Double click on **Client API** in the workspace menu.

    On the **Authorization** tab, enter the token obtained from the previous step as the `bearerToken` value.

    On the **Variables** tab, ensure the `baseUrl` matches the correct regional URL for your tenant's configuration.
  </Step>

  <Step title="Set up your Authenticator enrollment">
    In this example, we will enroll the user with an Email OTP authenticator.

    In the **Client API** workspace select `user-authenticators` -> `email-otp` -> `Start Email OTP enrollment`.

    Head to the `body` of the request, and enter your email address.
    Click **Send** to start the enrollment.
  </Step>

  <Step title="Complete Email OTP enrollment">
    You should now have received an email with the OTP code.
    In the Client API workspace select `verify` -> `email-otp` -> `Verify Email OTP Challenge`.

    Head to the `body` of the request, and enter the OTP code from the email.

    Click **Send** to verify the enrollment.

    The response should include recovery codes, and an `accessToken` that can be used to call the [Session API](/api-reference/server-api/create-session).

    <img src="https://mintcdn.com/authsignal-23/bideJX5AgHd_GvEG/images/docs/resources/postman/verify-email-otp.png?fit=max&auto=format&n=bideJX5AgHd_GvEG&q=85&s=3712e881be938a5b4960c315ac074eb3" alt="Calling the Authsignal Client API to complete enrollment of an Email OTP authenticator for a user" width="1586" height="994" data-path="images/docs/resources/postman/verify-email-otp.png" />
  </Step>
</Steps>

## Summing up

In this tutorial we used the Server API to track an action, and then used the token provided to call the Client API.

This provides a good introduction to how to interact with the Authsignal APIs using Postman.