Create Client Credentials: Postman

This tutorial guides you through the steps to get a client_id and client_secret using Postman, a popular tool for testing REST API requests.


Your client_id and client_secret are used in getting an access_token, which provides the authorization to make a call to a particular Brightcove API. You can see an example of how the access_token is retrieved in the Quick Start: OAuth.

If you haven't yet looked at the OAuth Overview, it would be a good idea to look at it before proceeding.

Note: there is also a UI for getting the client_id and client_secret:


  • A valid Video Cloud account
  • A valid Perform account
  • Postman running as a Chrome extension or as a packaged app


Getting the client_id and client_secret is just a POST call to the OAuth service, but you will need to have your account id and also your BC_TOKEN, which you can find in a temporary cookie when you are logged into Studio.


Get your BC_TOKEN and account number

You will need to login to Studio to get your BC_TOKEN.

  1. Login to Studio as you normally do.
  2. You need your account number, which you can get by going to your account profile in Studio:
    Account Information
    Account Information
  3. With any page in Studio open, open the developer tools for the browser, go to the Console, and paste in the following code:
    var cookiesArray = document.cookie.split(";"), cookiesObj = {}, i, tmpArray = [];
    for (i = 0; i < cookiesArray.length; i++) {
        tmpArray = cookiesArray[i].split("=");
        if (tmpArray[0].indexOf('BC_TOKEN') > -1) {
            cookiesObj.BC_TOKEN = tmpArray[1];
    window.prompt("BC_TOKEN:", cookiesObj.BC_TOKEN);

    and press return.

  4. You should see a prompt appear that contains your BC_TOKEN:
  5. If you have your BC_TOKEN, go on to the Get client credentials section; if for some reason you did not get your BC_TOKEN using the previous steps, just go to the Console, type document.cookie, and press return.
  6. All cookies for the page will be returned in a semi-colon-separated list. Find the BC_TOKEN cookie in the list, and copy the value:
    BC_TOKEN in Chrome Developer Tools
    BC_TOKEN in Chrome Developer Tools

Get client_credentials

Now you are ready to make the call to the OAuth service to retrieve client credentials. You will specify a client application name that you are requesting credentials for, the name is arbitrary and intended to help you keep track of the application with which the credentials will be used. You also have to specify the scope of the operations you want access to, and here you will use video-cloud/player/all perform/player/all (for the Player Management API). See API Operations for Client Credentials Requests for a list of all operations currently supported.

  1. Launch Postman, and set the request type to POST.
  2. Enter the following as the request URL:
  3. Create the header by performing the following instructions:
    1. Click on the request Headers option.
    2. For the key, begin typing Authorization and at any time you choose select from the automatically provided options.
    3. For the value enter, the string BC_TOKEN, followed by a space, then your actual token value.
    Create the header
    Create the header
  4. Select the type of request body to use by clicking the Body option, then the radio button for x-www-form-urlencoded.
    Select type of request body
    Select type of request body
  5. For the actual Body content, you will now enter FOUR key/value pair entries as shown in the screenshot. They are:
    1. key: type / value: credential
    2. key: maximum_scope / value: [ { "identity": { "type": "video-cloud-account", "account-id": YOUR_ACCOUNT_VALUE }, "operations": [ "video-cloud/player/all" ] } ]
    3. key: name / value: A name of your choice
    4. key: description / value: A description of your choice
    Define body key/value pairs
    Define body key/value pairs
  6. Click Send, and you should see a response that looks like this:
    "redirect_url": null,
    "maximum_scope": [
            "identity": {
                "type": "video-cloud-account",
                "account-id": 57838016001
            "operations": [
    "name_html": "test credentials",
    "issued_to": "",
    "trusted": null,
    "expires_at": null,
    "issued_at": "2017-08-06T20:30:17Z",
    "name": "test credentials",
    "description_html": "test for OAuth guide",
    "revoked": null,
    "type": "credential",
    "client_secret": "VD0GwgzE35uZzRzksT3dT0H_u_xZh-7oOqsiuqw4-r9qjefl;qkejfLY-PssYa1XQWF-zRn_JtNDPQUHNv-eQEwvETIw",
    "description": "test for OAuth guide",
    "client_id": "0e8939de-a2b1-44ae-9d96-f6f09ba73e8b",
    "issued_user": 53255203001
  7. Copy and save the client_id and client_secret, because you will need them anytime you need to get an access_token to make a call to the API.