This article describes an access method that is deprecated. Please refer to the article about Secure Access to XML/REST APIs with Luminate for an up-to-date method.

Luminate Security offers a Software-as-a-Service application access platform that allows users to connect to any kind of application hosted on any datacenter platform without the need to have a direct network connection. For basic explanation about Luminate and how it works, please refer to this article.

Access to XML and REST API Servers via Luminate requires the users to undergo authentication with their Web Browsers (interactive session, that may include additional authentication factors, per organizational policy) and then transferring the temporary session identity (stored securely within the Browser) to external tools used for accessing the APIs.



Up until November 2017, the most convenient way to achieve the above was using the Postman Interceptor tool, that has offered a 100% transparent experience for users of Postman Chrome Web App. The users needed to enable the Interceptor inside their browser and inside the Postman Chrome Web App and the session would be transferred securely. Postman Chrome Web App is available here.

As the Postman Chrome Web App was deprecated and there is still no solution from Postman team to support this in the Native Apps (February 2018), despite the promise to rectify this situation, we are offering the below procedures for the users of the native applications.

The following procedure describes the easiest way to access XML / REST API Server with Luminate using a Native Postman Application for Windows or Mac OS X.

Step I - (Optional) - Install an EditThisCookie Chrome Plugin (or an equivalent)

An EditThisCookie extension for Google Chrome allows capturing session cookies in an easy and user-friendly way. It is possible to achieve the same without this extension, using a Web Developer Console, but it is much more complicated, and, therefore, this method is recommended. If you are using a FireFox browser, a Cookie Manager plugin can be used to achieved the same result.


Step II - Configure your XML / REST API Servers for access with Luminate

XML / REST API Servers need to be configured as Web Applications in the Luminate Administration Portal. Please refer to the Getting Started article for an explanation on how to do that.


Step III - Access your XML / REST API Servers from your browser

Open your browser and navigate to  https://<your_server_name>.<your_company_name>, wherere

<your_server_name> is the external name of the XML/REST API server in Luminate configuration,

<your_company_name> is the "tenant" your company uses in Luminate.


Authenticate to the server, as defined by your organizational policy, make sure that the first response loads in the browser window.


Step IV - Copy the Luminate session identifier (stored securely in the browser)

Click on the EditThisCookie icon in the chrome toolbar and copy the unique Luminate session identifier:


(The same thing can be achieved without the extension)


Step V - Configure Postman (or other external tool) to use the Luminate session identifier

In a Postman Native App window, click on Cookies:


Type the domain name - external URL of your XML / REST Server:


Click "Add Cookie":


Type the cookie name and the value, as copied from the Web Browser session. 

Please note that the domain for the cookie should be: .<your_company_name>