Testing Capable API calls with Postman

One convenient way to make test calls to the Capable Health API is using a free tool such as Postman. You can download a copy of Capable’s API specification file and import it into Postman as a Collection. Please note that as new endpoints become available in Capable, you’ll need to manually add them to your imported Collection, or download a new copy of the API spec file and import it again.

By default, the Collection is set to hit the Capable Health sandbox API: api.sandbox.capablehealth.com. If you ever need to use Postman with your production environment, you can change the defaultHost variable to use the production URL instead: api.capablehealth.com.


Authenticating with the API

Before calling any Capable endpoints in Postman, you’ll first need to authenticate. For general testing purposes, the easiest way to authenticate is with a machine-to-machine (M2M) token. You can also retrieve a Patient token if you’d like to test calls scoped to Patient resources and access policies.

To get set up, first click on the Capable Health API Collection and find the Authorization tab.


Set the fields to the values shown in the screenshots below:

  • Type: “OAuth 2.0”
  • Add auth data to: “Request Headers”
  • Header Prefix: “Bearer”

The next steps depend on whether you want an M2M or a Patient token.

M2M token setup

  • Grant Type: “Client Credentials”
  • Set “Access Token URL”, “Client ID” and “Client Secret” to the respective values found on the “Credentials” page on your Capable Health admin portal (see screenshot below)
  • Scope: Leave blank
  • Client Authentication: “Send client credentials in body”
1064 3096

Patient token setup

  • Set “Grant Type” to “Implicit”
  • In the “Callback URL” section, click the checkbox that reads “Authorize using browser”
  • Set “Access Token URL” to the value found on the “Credentials” page on your Capable Health admin portal (see screenshot below). ⚠️ However, you must make one change: At the end of the URL, replace /oauth2/token with /authorize
  • Set “Client ID” to the “Postman” app client ID found on the “Credentials” page on your Capable Health admin portal
  • Set “Scope” to “openid”
  • Leave “State” blank
  • Set “Client Authentication” to “Send client credentials in body”
1096 3096

Retrieve the token

Click “Get New Access Token”. If authentication is successful, you should see a modal that says “Authentication complete”. Click “Proceed”, then click “Use Token”.

1325 1610

You’ll now be authorized to make requests to the Capable Health API with your M2M token.