Skip to content

Using Postman

  Less than to read

Starting a new app?
Use the latest version of Sage Business Cloud Accounting API by signing up at

Using Postman

This tutorial was made with Postman 5.5.0.

Developer and Client Registration

Sign up for a developer account, subscribe to the API and register your application as described in the Welcome section of this documentation. After this, you will have

  • the APIM subscription key. You can either use the primary or secondary key
  • the client ID of your registered application
  • the client secret of your registered application
  • one or more callback URLs. For Postman, these callbacks will in fact never be called


Download the Postman collections using these links:

  • Sage Business Cloud Accounting - Accounts v3
  • Sage Business Cloud Accounting - Core v3

Use the Import feature of Postman and select these files to start using them. The URL paths of the request are all set up for UK & Ireland (/uki). To make requests for businesses in other countries, please substitute the path accordingly.

Register for a new free trial.

Authorize API Access

Select “OAuth 2.0” as authorization type and add the authorization data to the “Request Headers”. Then click “Get New Access Token” and enter the data as seen in the following screenshot. Use your own values for YOUR_CLIENT_CALLBACK_URI, YOUR_CLIENT_ID, YOUR_CLIENT_SECRET. You can use any value for the state parameter YOUR_RANDOM_VALUE.

Get new access token with Postman

After clicking “Request Token”, you will be taken to the login screen. Use the credentials of the account you have previously created. You will then be asked to give the Postman API client access to your accounting data. After clicking “Accept”, you will see such a screen:

Copy-paste the value of resource_owner_id, as it will be the value of the X-Site HTTP request header.

Click on “Use Token” to complete this step.

Making API Requests

Three HTTP request headers must be present to successfully make API requests.

  • The X-Site header, which is explained in the previous section
  • Ocp-Apim-Subscription-Key, see the welcome section
  • Authorization is handled automatically by Postman
  • Select an endpoint and click “Send” to fire the request.
     The examples include all possible query parameters. You may need to delete some or all of them to make successful API calls.
     The access token will be valid for 60 minutes. You will then have to require a new access token as described above. In your own application, you should refresh the token after its expiration, so the user needs to grant access only once.
     Trouble Shooting: Try to remove the cookies in Postman, when authorization fails. This may especially become necessary when you are switching between different countries on Sage Business Cloud Accounting.