This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Call Manhattan Active® API

Authenticate and obtain an access token to call Manhattan Active® API.

Manhattan Active® API follows the REST architectural style. Our API has predictable resource-oriented URLs, accepts and returns JSON, and uses standard HTTP response codes, authentication, and verbs.

What’s next

1 - Authenticate to Manhattan Active® API

Authenticate and obtain an OAuth access token.

Before you begin

Before authenticating to an API, it is necessary to have an authorized user (OAuth resource owner) and an OAuth client.

Authentication information

Manhattan Active® API supports the following OAuth 2.0 authorization grants (OAuth flows):

  • Authorization Code Grant (web server flow)
  • Resource Owner Password Credentials Grant (password flow)

Please contact your organization’s Manhattan Active® Platform administrator for the following OAuth settings:

API URLManhattan Active API URLhttps://<unique_id>
UsernameThe resource owner
PasswordThe resource owner passwordh3ll0
Client IdAPI client idomnicomponent.1.0.0
Client SecretAPI client passwordw0r1d
Token URLURL for access token endpointhttps://<unique_id>
Authorization URLAuthorization Code URL (web server flow)https://<unique_id>

Authenticate from your code

For access to Manhattan Active® API from your software, please see Call from your code

Authenticate using Postman

For access to Manhattan Active® API from Postman, please see Call using Postman

What’s next

To learn more about calling an individual Manhattan Active® API, please see the REST API documentation in our product sites:

2 - Call Manhattan Active® API from your code

Get started using Manhattan Active® API from within your code

This how-to guide will walk you through a very simple Python command line utility (CLI). The utility will obtain an access token for Manhattan Active® API using the OAuth 2.0 Resource Owner Password Credentials Grant. That token will then be used to call the following to get information for the authenticated user:

GET /api/organization/user/allDetails/userId/

Before you begin

Before beginning, please assemble the authentication information.

Obtain an access token

The OAuth 2.0 Resource Owner Password Credentials Grant (direct access) may be used to obtain an API access token. The token endpoint may be called as follows:

def access_token(client_id, client_secret, token_url, username, password):
    """Return access token for Manhattan Active® API using the resource owner password credentials grant

    Conforms to

    Must authenticate to token endpoint with client credentials:

      client_id (str): client identifier
      client_secret (str): client password
      token_url (str): endpoint to obtain access token
      username (str): the resource owner username
      password (str): the resource owner password

      string: access token

       HTTPError:  http error

    # Access Token Request:
    response =, data={
        "grant_type": "password",
        "username": username, "password": password},
        auth=(client_id, client_secret))
    return response.json()["access_token"]

Call an API

To call the API, obtain an access token above and place it in the Authorization header as a Bearer token:

url = api + "/organization/api/organization/user/allDetails/userId/" + username

response = requests.request(
    "GET", url, headers={'Authorization': 'Bearer ' + token}, data={})

print(json.dumps(response.json(), indent=2))

Run the code

Download the source code

Download the python source code.

Install requests module

python3 -m pip install requests==2.27.1 

Set environment variables

Environment variables may be used to store common information:


For example:

export ACTIVE_CLIENT_ID=omnicomponent.1.0.0


Run the script to obtain information for the authenticated user.

# See help for getting user info
python3 -h

# Sample call (assumes ACTIVE_PASSWORD and ACTIVE_CLIENT_SECRET environment variables set)
python3 \
 -c omnicomponent.1.0.0 \
 -t https://<environment> \
 -u \
 -a https://<environment>


If you receive a 400 Client Error: for url:, then your username and password are invalid for the authorization server.

3 - Call Manhattan Active® API using Postman

Get started with Manhattan Active® API using Postman

This guide will walk you through the steps for invoke an example REST API exposed by Manhattan Active®. The steps below will also assist you in establishing the authorization using OAuth v2.0 for invoking the API.

Before You Begin

  • Download and install Postman or an equivalent tool of your choice. If you already have Postman installed, update it to v9.0.9 or newer.
  • You will need the following information from the administrator who manages the implementation of Manhattan Active® applications for you:
    1. Application URL such as https://<unique_id> or https://<unique_id> or https://<unique_id> We will use for this document.
    2. Authorization Server URL such as https://<unique_id> or https://<unique_id> or https://<unique_id> We will use for this document.
    3. Values of client_id and client_secret parameters as configured by your administrator. A default client_id for Postman is automatically created with value postman.1.0.0. The administrator can look up the value of the respective client_secret. We will use aQsuVkh24SAp8MYr as the value of client_secret for this document.
    4. A valid username and password for you to authenticate yourself. We will use and p455w0rd respectively as the username and password for this document.
  • As a sample REST API, we will use the endpoint that returns the details of your user. You may replace it with any other REST API that you have access to.


The step-by-step instructions below include the steps to obtain the authorization token for invoking the target REST API, followed by the invocation of the API.

Obtaining the Authorization Token

1. Open Postman and click on “New”

My Workspace Menu

2. In the pop-up dialog, select “HTTP Request”

New HTTP Request

3. Click on the “Authorization” tab in the request section under “Untitled Request”

Authorization Tab

4. Click on the “Type” drop-down and select “OAuth v2.0”.

Select OAuth 2.0

5. In the right-hand section, scroll down to the sub-section titled “Configure New Token”, and enter the values as shown below:

  1. Token Name: my-first-auth-token
  2. Grant Type: Authorization Code
  3. Callback URL:
  4. Auth URL:
  5. Access Token URL:
  6. Client ID: postman.1.0.0
  7. Client Secret: aQsuVkh24SAp8MYr
  8. Scope: leave empty
  9. State: leave empty
  10. Client Authentication: Send as Basic Auth header

Configure New Token

Click the “Get New Access Token” button to fetch the token.

6. Sign in with your username and password in the pop-up dialog. The pop-up may look different from the screenshot shown below depending on the Manhattan Active® application you are using.

Sign In

7. Upon a successful login, Postman will display the access token in the UI, and give you an option to use it.

Token Results

8. In the “Current Token” section of your REST API request, select my-first-auth-token from the list to make use of the token you obtained.

Select Available Token

Invoking the REST API call

1. To invoke the API to get the details of your username, set the URL to the value shown below:

Set the HTTP method to GET. The inputs will look like this:

GET HTTP Request

Verify that the “Access Token” is set to my-first-auth-token in the “Current Token” section.

Click on the “Send” Button.

2. The API response in JSON format will be displayed in the section on the bottom

GET HTTP Response

You can inspect the response content and headers by switching the response tabs.

Pro Tip

With the access token, you can also invoke the API using curl as a command line option instead of Postman:

curl -L -X GET  -H 'Authorization: Bearer eyJhbGciOiJSUzI1Ni...' ''

Learn More

4 - Manhattan Active® API Reference

Learn more about an individual Manhattan Active® API