Configuring the Postman REST API Client

When Postman is configured with ZDX API, it allows for more readily available ZDX API use cases. Zscaler supports the macOS, Windows, and Linux versions of the Postman REST API app. To learn more about the app and its features, see the Postman documentation.

If you already have Postman installed and configured, you can download the latest version of the ZDX API by using the API Postman collection files from any article within the Reference Guide.

Ensure that you have the prerequisites set properly within Postman for your ZDX API. To learn more, see Getting Started.

Installing and Configuring Postman for macOS, Windows, or Linux

To install and configure Postman:

For example purposes, the following instructions reference the Windows 64-bit version of the app using the ZDX API collection.

  1. Go to the Postman website and download the app for your OS (i.e., macOS, Windows, or Linux).
  2. Install the app.
  3. After installation, open the app. Log in to your account, or create a new one.
  4. Download the latest version of the ZDX API Postman collection file from the Reference Guide.
  5. From the main window, click Import. You can also go to File > Import from the top menu.

  1. In the Import window that appears, make sure the File is selected, then drag and drop the .postman_collection file into the window. You can also click Upload Files.

After the file is imported, the ZDX API folder is created and displayed within the Collections tab.

Authenticating a Session in Postman

After installing and configuring the Postman app, try to authenticate a session.

For example purposes, the following instructions reference the Windows 64-bit version of the app using the ZDX API collection.

  1. Log in to the ZDX Admin Portal using your API admin credentials. To learn more, see Getting Started.
    1. Go to Administration > Authentication > API Key Management.
    2. Copy your API Key ID and Key Secret, or download a JSON file of the API Key for reference. To learn more, see Managing API Keys.
  2. In the Postman app:
    1. Set up your Global Variables:
      1. Go to Environment Quick Looks > Globals > Edit.
      2. Create your global variables, api_key and api_secret. If you already have the global variables, api_key and api_secret, proceed to the next step.
      3. Set your global variables, api_key and api_secret, with your key_id and key_secret values from Step 1.
      4. Optionally, you can use the following pre-request script.
var currTimestamp = Math.round(Date.now()/1000)
pm.globals.set("key_secret")
pm.globals.set("timestamp", currTimestamp)

You can download the latest ZDX API Postman collection file from any article within the Reference Guide.

  1. Click Save.
  1. Authenticate your API Key for a bearer token:
    1. Go to Collections > ZDX API > oauth > POST/oauth/token.
    2. Under Headers, deselect all the headers except Postman-Token.
    3. Click Send.

Upon successful authentication, you receive a Status 200 OK message and a bearer token is created.

Making an API Call in Postman

Try making an API call using Postman. In the following example, a list of ZDX Scores for all active apps and the most impacted region using /apps is retrieved:

For example purposes, the following instructions reference the Windows 64-bit version of the app using the ZDX API collection.

  1. Make sure that you can authenticate successfully.
  2. In the ZDX API collection, go to Apps > GET /apps.
  3. Click Send.

Upon successful authentication, you receive a Status 200 OK message and a list of active apps and the most impacted region.

By default, the session terminates after 3,600 seconds or 60 minutes, and then reauthentication is required.