Connecting to TCGPlayer’s API with Postman

4 min readOct 24, 2017

Today I’ll be walking you through how to use Postman, a powerful HTTP client for testing web services, to connect to TCGPlayer’s API.

I’m going to assume that you’ve followed Step 0 from the getting started guide and already have access to a PUBLIC KEY and PRIVATE Key. You will also need Postman installed.

Creating a collection in Postman

Let’s create a collection to keep our requests nice and organized. You’ll thank me later when you’re making tons of requests to the API.

Importing CURL request into Postman

Next, let’s take a look at the CURL request for getting access to a BEARER token from the getting started guide.

curl --include --request POST \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "X-Tcg-Access-Token: ACCESS_TOKEN" \
--data-binary "grant_type=client_credentials&client_id=PUBLIC_KEY&client_secret=PRIVATE_KEY" \
'https://api.tcgplayer.com/token'

There is an import feature in Postman that will auto-populate the headers and body from a CURL request. Handy, right?

The X-Tcg-Access-Token is optional. I wasn’t using it in my case, so I deleted it before I made the request. Make sure you delete this or it will fail! You could include your PUBLIC_KEY and PRIVATE_KEY in this step, but I’ll be doing it in the next one.

Replacing PUBLIC_KEY and PRIVATE_KEY

Now that you have it imported, you’ll have to replace the PUBLIC_KEY and PRIVATE_KEY in the body of the request with your actual key values that was sent to you in the email.

Sending a POST request to receive our BEARER_TOKEN

Let’s send our first POST request to the server to get our BEARER_TOKEN. We should receive a response like this:

{
 “access_token”:”BEARER_TOKEN”,
 “token_type”:”bearer”,
 “expires_in”:1209599,
 “userName”:”PUBLIC_KEY”,
 “.issued”:”Fri, 07 Jul 2017 16:47:46 GMT”,
 “.expires”:”Fri, 21 Jul 2017 16:47:46 GMT”
}

Now copy the BEARER_TOKEN somewhere safe so we can use it later.

Saving the POST request

Now that we have the POST request to get our BEARER_TOKEN, let’s save it so we can use it later when our token expires.

I’ll create a folder called Gaining Access within TCG-Test-Connection.

Then, click on “Save As” in the upper right hand corner.

When the dialog pops up, navigate to the TCG-Test-Connection collection, and save it to the Gaining Access Folder. I’ll name our request Generate Bearer Token.

You should now see the POST request showing up in the folder.

Making our first GET Request to the API

Phew! Now we’re ready to make a GET request. The getting started guide provides this CURL snippet:

curl --include --request GET \
--header "Accept: application/json" \
--header "Authorization: bearer BEARER_TOKEN" 'http://api.tcgplayer.com/[VERSION]/catalog/categories'

We’ll import this again to Postman. Make sure to swap out [VERSION] for the current version. At the time of writing, the API is version v1.4.0. Again, you could swap out the BEARER_TOKEN in this step but I’ll be doing it in the next one.

Now we just have to replace the BEARER_TOKEN in the header with the actual token we received. We could also add it to the “Authorization” tab and it will automatically add it to the headers that are sent.

Let’s make a GET request and…

Hooray! We have data! You can save this request as well for reference. I named mine /v1.4.0/catalog/categories.

You’re now ready to make requests all day with Postman.

So, now what? I want to write code!

Now you’re probably wondering, how do I actually write any code with this? Postman has code snippets for several languages you can use.

In the top right, click on ‘Code’ and copy the snippet into your favorite IDE or text editor, save the file, and run it. You should see the same data that appeared in the GET request printed out.