Learning the Whiplash API with Postman

Also see  and if you want to Auth without Postman.

We've made a Postman collection that demonstrates many of the actions you can perform in the Whiplash v2 API. Using this guide, you'll be able to quickly navigate the Whiplash OAuth scheme for authorization, and see the results of real calls.

1. Request access
The V2 API is available by request only. Fill out the Whiplash V2 API Request Form.

2. Install Postman
Postman is available as free download. If you don't have it already, download Postman.

3. Import the Collection
The Whiplash V2 Collection is available at

Screen Shot 2019-04-08 at 11.55.27 AM.png 37.13 KB

4. Set your environment variables
You can use the existing environmental variables for the sandbox environment or set up your own environment in step B below:

You'll need to set a few variables in Postman that are specific to your application. Create a new environment, e.g. Whipash Development or Whiplash Production, and set the following variables:
  1. OAUTH_REDIRECT_URI. This is where you'll receive an authorization token, and should be the same address you gave us in Step 1.
  2. CLIENT_ID. You'll have received this from us in Step 1.

There are additional variables that can optionally be used if your application has multiple customers per user, or multiple webstores:
  2. SHOP_ID

Environmental variables are accessed in the upper right side of Postman:
Screen Shot 2019-04-08 at 1.02.55 PM.png 94.07 KB

5. OAuth Request for Authorization
Your first request via Postman will require web authentication. Click the authentication tab, then click the link on the right:

Postman-2.png 64.31 KB

You should see:

Postman-3.png 65.71 KB

6. OAuth Request for Token
Select get new access token:
Screen Shot 2019-04-08 at 12.00.56 PM.png 55.68 KB

Here will we be using the variables we set up in step 4.  You will get a browser window pop up. Login to Whiplash Sandbox using your Sandbox credentials

After you login, you will see the access token screen.
Screen Shot 2019-04-08 at 12.01.35 PM.png 44.15 KB

Make sure you select Use Token and Update on this page.

When your token expires, you just need to refresh the token, but you do not need to web authenticate again.  The token flow can be found under the top level collection > edit:

refresh2.gif 766.31 KB

7. Test the endpoints
You'll now be able to perform most actions in the API. Get Items is a good starting point, as well as Get Orders, Create Item, and Create Order. Note that the Access Token from Step 6 expires every two hours. Use the Refresh OAuth Token endpoint to get a new token, which Postman will automatically use in your requests.

Happy coding!

Fig 1. Import the Collection into Postman
Screen Shot 2018-10-12 at 7.07.18 PM.png 35.2 KB

Fig 2. The imported Whiplash V2 Collection
Screen Shot 2018-10-12 at 7.09.30 PM.png 59.9 KB

Fig 3. Setting the environment variables
Screen Shot 2018-10-12 at 8.19.19 PM.png 106.23 KB

Fig 4. Request Authorization
Screen Shot 2018-10-12 at 8.37.06 PM.png 343.39 KB
Fig 5. Testing Access with the Get Items endpoint

Last updated Jun 20th, 2019