Authorizing requests in Postman for Sitecore Experience Commerce 9

Reading Time: 3 minutes

I was trying to upgrade Sitecore Experience Commerce (SXC) 9 Initial Release to Sitecore Experience Commerce (SXC) 9 Update 1. One of the steps is to do bootstrap in Postman.

When I tried it, I was getting this exception:

Status Code: 401; Unauthorized


In order to run some of the commands in Postman, request need to be authorized.

Requests that need authorization are dependent on global variable “SitecoreIdToken” and you can see this in Headers tab of requests where {{SitecoreIdToken}} is used for Value field.


Open Postman and create new Global variable with name “SitecoreIdToken” first. To do so, open Environment settings (button below Sign In on the right side of the screen). Go to “Globals” and add new key “SitecoreIdToken” with key “SitecoreIdToken”:


Switch to “Collections” pane and open “Authentication” collection. Expand “Sitecore” section and click “GetToken”. Switch to “Tests” tab in the command and click on blue “Send” button to get authorization token and save it as global variable “SitecoreIdToken”.


Now go back to “Globals” and check value of newly created Global variable “SitecoreIdToken”. It should be changed and have “Bearer ” + access_token value as a Value:


Now all requests that need authorization will be authorized 🙂

Token will be invalidated after some time so if you see again exception ‘Status Code: 401; Unauthorized’, just follow above instructions and you are good 😉

Possible other issues that I have encountered and fixed

If you are encountering other issues, you probably need to do one of these settings:

  1. “AntiForgeryEnabled” setting in config.json needs to be set to “false” for Authoring site. You can locate this file under {path_to_your_commerce_authoring}/wwwroot/ e.g. C:\inetpub\wwwroot\CommerceAuthoring_sc9u2\wwwroot.AntiforgeryTokenEnabledSitecoreCommerce
  2. In Postman, you need to disable “SSL certificate verification” in Settings sxcupgrade18

To get further information about Postman and how to use it with Sitecore Experience Commerce, take a look on my blog post about how to set it up and use.

Wishing you all requests to successfully pass through Postman 🙂


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.